Hopefully you will never have to handle any part of a Nacha Rules violation. But should you need to, you want to know how to manage all the steps in this essential process as an overall part of your organization’s compliance efforts.
At PMC 2020 in November, Sean provided a summary of information compiled from the Nacha Rules department, Nacha’s Risk Management Advisory Group, and emerging issues NEACH has seen over the past few months. These include key System of Fines activities, pandemic impacts, and Originator onboarding.
He broke down the problems, explained why they’re problems, and brought up some simple steps to avoid running into the same issues. Following is a summary of that presentation and the key “lessons learned” it invoked.
Working with the System of Fines
Because the ACH Network is industry regulated, it’s up to all of us to ensure participants adhere to the Nacha Operating Rules. If you believe someone has violated one of the Nacha Rules, even something like not correcting an NOC or continuously sending erroneous transactions, you have the right to submit a report. It triggers a process Nacha uses; there’s an easy, online form to get started.
Nacha takes a look at those submissions and determines the best course of action to follow. They determine if the necessary documentation has been provided, and if a violation actually occurred. And they also determine the type of violation:
- The first such violation
- A Class 1 violation, which involves a recurrence of a previous violation
- A Class 2 violation, involving four or more previous violations
- A Class 3 violation, which is a continuance of a Class 2 violation which has occurred over a period of several months
Appendix 9 of the Rule book outlines this, and NEACH also offers an on-demand course. Your operations, compliance or internal audit group may find it useful.
What becomes a fineable offense? Sean also covered some standard fine-worthy topics to emphasize the types of infractions that may rise to Nacha’s attention. As a reminder, all fines go directly to Nacha, and the following offer a glimpse of key scenarios to monitor.
- Improper reversals: Reversals become a real challenge when not handled correctly—but they should also be rare. You might want to consider carving out a section of your origination agreement that encompasses what you do around reversals.
- Entries to invalid accounts: This shows up as someone pinging repeatedly trying to hit valid accounts and can indicate fraud. Sean shared that large Originators need to be conscientious of the information as it comes in, but FIs can help in screening for anomalies. For example, unemployment fraud: A single account might be getting five or six transactions from unemployment. This should raise a red flag.
- Unauthorized entries: This is challenging in the ACH Network, but Nacha instituted thresholds to stay on top of these issues. You can help by knowing your customer and having a great understanding of who you are approving for ACH services.
- Failure to respond to NOCs: This is always the top Rule violation. However, it can be avoided by training your Originators and Third-Party Senders to act on changes. ODFIs can support their customers by creating ongoing monitoring or testing to confirm changes are being made.
Pandemic Impact on Rules Requirements
Of course, in his remarks, Sean detailed the impact of COVID-19 on all of these efforts. The pandemic brought with it a number of issues around contingency planning and risk.
For example, working at home may limit access to information, especially at the beginning. That access includes Rulebooks. If yours is still at your office, make sure you’ve registered for an online version, so you have a reference on hand. Also consider new approaches to information and data security. For example, you might not have the same ability to—or even want to—print out transaction information or details at home, but if you do, you have to ensure it is properly destroyed in accordance with the Rules.
This whole year has challenged risk management: In fact, all of 2020 has been a risk event. That’s why updating your risk assessment is important. If you haven’t done it recently, you want to reassess how things have shifted since the onslaught of COVID-19. You might not be doing certain procedures because of the pandemic or have implemented new work-arounds that need reviewed under the guise of risk.
To that point, you also want to stress-test all your procedures, from onboarding to taking on new ACH customers, cash management, relationship management, branch management, operations—and more. In fact, stress-testing all kinds of your procedures should be part of your annual work.
A Host of New Originators
A silver lining of COVID-19: The pandemic pushed companies toward ACH and away from checks. In the first few months of the year, 50 to 70 new Originators launched on the Network, for example. For many FIs, the challenge has been moving quickly enough to onboard a new Originator. Exacerbated by the pandemic, standing up new ACH customers can be difficult.
With onboarding as a priority, many members transitioned to an e-signature process to support contractual workflow, creating efficiencies that will continue in a post-pandemic environment. Also, new Originators were introduced most kept the emphasis on the details of the contract—including standard limits—and have all the paperwork backed up and saved. As you move forward, note where you can enhance the full process by automating it in its entirety.
ACH Network Modernization
But automating is just one step in overall modernization. Across the board, there is a ton of paper still in the ACH Network: everything from authorizations to written statements to requests for returns. All this can be hard on you and your customers. Especially in this interactive age, we should examine where we can create efficiencies, and for FIs, partnering with providers and FinTechs may create new opportunities to do just that.
Looking to ways to innovate, there also needs to be change around the identification of the account, although Nacha is on the right path. And what about topics like partial returns or using the Network for data exchange, including copies of authorizations and requests for return? What about enhanced requirements for fraud protection, so that all Originators (not just Web) must have fraud detection systems in place?
While the answers to these questions remain unknown, we know for certain that the way we interact with the ACH Network will continue to evolve. As customers’ and members’ needs shift, so, too, will how FIs support them. The ACH Network will continue to advance along with us.