2017 NACHA Third-Party Sender Initiatives - macmember.org Presentation - NACHA Third... · Number...
Transcript of 2017 NACHA Third-Party Sender Initiatives - macmember.org Presentation - NACHA Third... · Number...
© 2017 NACHA — The Electronic Payments Association. All rights reserved.
No part of this material may be used without the prior written permission of NACHA. This material is not
intended to provide any warranties or legal advice and is intended for educational purposes only.
2017 NACHA Third-Party Sender
Initiatives
Jordan Bennett
Senior Director, Network Risk
NACHA
© 2017 NACHA — The Electronic Payments Association. All rights reserved.
No part of this material may be used without the prior written permission of NACHA. This material is not
intended to provide any warranties or legal advice and is intended for educational purposes only.
2
MAC is an organization of Bankcard professionals involved in the risk
management side of Card Processing. We have members from Banks, ISOs,
Card Associations and others related to the risk management side of the
industry. MAC’s mission is to strengthen the payment ecosystem through
ongoing education, communication and cooperation among acquirers, card
brands and enforcement agencies.
To learn more about MAC or to become a member of MAC
please visit the website below.
https://www.macmember.org/
© 2017 NACHA — The Electronic Payments Association. All rights reserved.
No part of this material may be used without the prior written permission of NACHA. This material is not
intended to provide any warranties or legal advice and is intended for educational purposes only.
3
NACHA’s Risk Management Strategy
• Past and concurrent Third-Party
initiatives include:
– NACHA Certified
– Third-Party Sender Registration Rule
– Risk Management Portal
– Third-Party Sender Identification Tool and
online resources
– Third-Party Sender Operations Bulletin
© 2017 NACHA — The Electronic Payments Association. All rights reserved.
No part of this material may be used without the prior written permission of NACHA. This material is not
intended to provide any warranties or legal advice and is intended for educational purposes only.
NACHA Certified:
NACHA’s Certification Program
for Third-Party Senders
© 2017 NACHA — The Electronic Payments Association. All rights reserved.
No part of this material may be used without the prior written permission of NACHA. This material is not
intended to provide any warranties or legal advice and is intended for educational purposes only.
5
• NACHA Certified is a voluntary accreditation
program for Third-Party Senders in the ACH
Network
• The program includes a set of commonly
understood requirements for conformance to sound
business practices and standards
• NACHA Certified helps Third-Party Senders set
themselves apart from their peers while improving
the quality of the Network
What is NACHA Certified?
© 2017 NACHA — The Electronic Payments Association. All rights reserved.
No part of this material may be used without the prior written permission of NACHA. This material is not
intended to provide any warranties or legal advice and is intended for educational purposes only.
6
Why Did NACHA launch NACHA Certified?
• NACHA recognizes that Third-Party Senders fill an important and
vital role in the ACH Network! NACHA Certified provides value to
industry participants and the network by improving self-governance
• Growth of third-party participation in the network to support new
innovative payment methods – many new market entrants act as
Third-Party Senders and may not be familiar with compliance, risk
management, and regulatory responsibilities
• Improve transparency for well-governed industry partners looking to
do business together via public list of Third-Party Senders
© 2017 NACHA — The Electronic Payments Association. All rights reserved.
No part of this material may be used without the prior written permission of NACHA. This material is not
intended to provide any warranties or legal advice and is intended for educational purposes only.
7
What are the Benefits to the ODFI?
• Serves as a starting point for ODFI’s own due diligence, as well as a
source of validation for the ODFI’s ongoing oversight for existing
Third-Party Sender relationships
• Provides assurance that the Third-Party Sender has an
understanding of NACHA Operating Rules compliance
requirements, and has demonstrated sound practices related to
ACH transaction processing
• Publicly available certification requirements set the standard that all
Third-Party Senders should meet and improves awareness of
governance expectations
• A public list of certified Third-Party Senders may smooth the way for
more efficient and effective interactions with ODFI partners
© 2017 NACHA — The Electronic Payments Association. All rights reserved.
No part of this material may be used without the prior written permission of NACHA. This material is not
intended to provide any warranties or legal advice and is intended for educational purposes only.
8
What are the Benefits for Third-Party Senders?
• A public list of certified Third-Party Senders paves the way to a more
positive interaction with ODFI partners
• All NACHA Certified Third-Party Senders may display the NACHA
Certified seal and will have their names and company information
displayed on the NACHA Certified website
• Third-Party Senders are able to set themselves apart from peers by
meeting certification program standards
• Provides well-governed Third-Party Senders a mechanism to
demonstrate sound corporate governance, risk management, and
compliance with Rules, Laws and Regulations
• Provides Originators a level of assurance that their Third-Party Sender
partner meets the NACHA Certified program standards
© 2017 NACHA — The Electronic Payments Association. All rights reserved.
No part of this material may be used without the prior written permission of NACHA. This material is not
intended to provide any warranties or legal advice and is intended for educational purposes only.
9
Certification Program Pillars
All Third-Party Senders that apply for certification agree to
submit to a review of the following by NACHA:
• NACHA Operating Rules Compliance Audit
• Background checks on applicant organization and key principals
• Audited annual and quarterly financial statements
• Compliance and Risk Management:
– Internal Risk Assessment
– Return Monitoring Program
– Statement attesting to adoption of policies, procedures and internal
controls that satisfy the Program Criteria, as well as obligations under
federal and state laws and regulations
– Upon NACHA’s request, the applicant will make available all policies,
procedures, internal controls and other documentation relating to the
Applicant’s Compliance and Risk Program
© 2017 NACHA — The Electronic Payments Association. All rights reserved.
No part of this material may be used without the prior written permission of NACHA. This material is not
intended to provide any warranties or legal advice and is intended for educational purposes only.
10
• Who is eligible?
– All Third-Party Senders that have been in business for at least two years
are eligible to become NACHA Certified
• What must be provided?
– Applicants must provide the following documentation:
• Independent NACHA Operating Rules Audit
• ACH Risk Assessment
• Attestation to Meeting Specified Compliance and Risk Program Elements
• Agreement to Criminal Background Check for all principals and key officers
• Audited Financial Statements
• What is the pricing?
– The pricing was designed to incent adoption by Third-Party Senders and
to cover program costs
• The fee for application to apply to become NACHA Certified is $5,000 for the
two year certification period
• The fee to maintain the certification in intervening years is $750
Some Details
© 2017 NACHA — The Electronic Payments Association. All rights reserved.
No part of this material may be used without the prior written permission of NACHA. This material is not
intended to provide any warranties or legal advice and is intended for educational purposes only.
Risk Management Portal:
NACHA’s new home for all of our risk
management databases
© 2017 NACHA — The Electronic Payments Association. All rights reserved.
No part of this material may be used without the prior written permission of NACHA. This material is not
intended to provide any warranties or legal advice and is intended for educational purposes only.
12
NACHA’s Risk Management databases are moving to the
new Risk Management Portal .
• Required by the NACHA Rules
– Third-Party Sender Registration (New)
– Direct Access Registration (Re-attest)
• Voluntary
– Emergency Financial Institution Contact Database
– Terminated Originator Database
• Retiring Originator Watch List (OWL)
NACHA’s Risk Management Portal
© 2017 NACHA — The Electronic Payments Association. All rights reserved.
No part of this material may be used without the prior written permission of NACHA. This material is not
intended to provide any warranties or legal advice and is intended for educational purposes only.
13
• NACHA discontinued OWL on September 29, 2017 in
conjunction with launch of Risk Management Portal
• Enhancements in new Risk Management Portal creates
improved efficiencies in NACHA’s risk management tools
– OWL no longer provides incremental value in light of
these alternative enhancements
OWL – Discontinuation
© 2017 NACHA — The Electronic Payments Association. All rights reserved.
No part of this material may be used without the prior written permission of NACHA. This material is not
intended to provide any warranties or legal advice and is intended for educational purposes only.
14
• Each organization should register only once.
– NACHA uses information from the Accuity, the Routing
Number (RTN) registrar, to link RTNs owned by the
financial institution.
– Registering third-parties are linked by their US TIN.
• Each organization will select one employee to act as
administrator and register for access to the Risk
Management Portal.
– The administrator has the ability to add up to four
additional users.
– Administrators and users have access to view and edit.
NACHA’s Risk Management Portal
© 2017 NACHA — The Electronic Payments Association. All rights reserved.
No part of this material may be used without the prior written permission of NACHA. This material is not
intended to provide any warranties or legal advice and is intended for educational purposes only.
15
Financial Institution Registration
© 2017 NACHA — The Electronic Payments Association. All rights reserved.
No part of this material may be used without the prior written permission of NACHA. This material is not
intended to provide any warranties or legal advice and is intended for educational purposes only.
16
Financial Institution Registration
© 2017 NACHA — The Electronic Payments Association. All rights reserved.
No part of this material may be used without the prior written permission of NACHA. This material is not
intended to provide any warranties or legal advice and is intended for educational purposes only.
17
Financial Institution Registration
© 2017 NACHA — The Electronic Payments Association. All rights reserved.
No part of this material may be used without the prior written permission of NACHA. This material is not
intended to provide any warranties or legal advice and is intended for educational purposes only.
18
• NACHA must accept
each registration – most
will be instant, but some
may take up to 3
business days
• The admin and users will
receive an email with a
welcome notice and
temporary password.
• Login and change your
password.
Initial login
© 2017 NACHA — The Electronic Payments Association. All rights reserved.
No part of this material may be used without the prior written permission of NACHA. This material is not
intended to provide any warranties or legal advice and is intended for educational purposes only.
19
• A One-Time Authentication Code is generated at each login.
• The One-Time Authentication Code is sent via email.
• Type or copy and paste the One-Time Authentication Code.
• Users are logged out of the Risk Management Portal after five minutes of inactivity.
Two-Factor Authentication
© 2017 NACHA — The Electronic Payments Association. All rights reserved.
No part of this material may be used without the prior written permission of NACHA. This material is not
intended to provide any warranties or legal advice and is intended for educational purposes only.
20
• View and edit FI information here.
• Print or export this screen for your records.
Financial Institution Registration Management
© 2017 NACHA — The Electronic Payments Association. All rights reserved.
No part of this material may be used without the prior written permission of NACHA. This material is not
intended to provide any warranties or legal advice and is intended for educational purposes only.
21
• The “Edit” icon (A) will let you edit FI information.
• The “Deactivate” icon (B) will deactivate the FI.
Financial Institution Registration Management
© 2017 NACHA — The Electronic Payments Association. All rights reserved.
No part of this material may be used without the prior written permission of NACHA. This material is not
intended to provide any warranties or legal advice and is intended for educational purposes only.
22
• Add, edit, view, and export TPS customers from the TPS
tab.
• Tab is only enabled for FIs that attest to having TPS
customers.
Third-Party Sender Registration
© 2017 NACHA — The Electronic Payments Association. All rights reserved.
No part of this material may be used without the prior written permission of NACHA. This material is not
intended to provide any warranties or legal advice and is intended for educational purposes only.
23
• Manual Entry
– Enter TPS customer
information into a
standard form.
– Edit any entry (bulk or
manual)
• Bulk Upload
– Upload or edit many
TPS customers at one
time.
– Templates available in
Excel, CSV, and XML.
– Validations are
performed by the portal.
– Files placed into queue
and processed at
midnight on the date of
upload.
Third-Party Sender Registration – two processes
© 2017 NACHA — The Electronic Payments Association. All rights reserved.
No part of this material may be used without the prior written permission of NACHA. This material is not
intended to provide any warranties or legal advice and is intended for educational purposes only.
24
• Select “Manual Entry” from the TPS DB Management
Screen.
• A pop-up will appear. All fields marked with an * need to
be completed.
TPS Registration – Manual Entry
© 2017 NACHA — The Electronic Payments Association. All rights reserved.
No part of this material may be used without the prior written permission of NACHA. This material is not
intended to provide any warranties or legal advice and is intended for educational purposes only.
25
• ODFI Routing Number is
the RTN used by TPS
customer being
registered.
• Only register the TPS
Company ID and TPS
Name of the third-party
sender
TPS Registration - Manual Entry
© 2017 NACHA — The Electronic Payments Association. All rights reserved.
No part of this material may be used without the prior written permission of NACHA. This material is not
intended to provide any warranties or legal advice and is intended for educational purposes only.
26
• Select “Bulk Upload” from the TPS drop down menu or
from the “TPS DB Management” screen.
TPS Registration – Bulk Upload
© 2017 NACHA — The Electronic Payments Association. All rights reserved.
No part of this material may be used without the prior written permission of NACHA. This material is not
intended to provide any warranties or legal advice and is intended for educational purposes only.
27
• Select a template.
• Add TPS customers or Modify current TPS customers.
• Save the file.
TPS Registration – Bulk Upload
© 2017 NACHA — The Electronic Payments Association. All rights reserved.
No part of this material may be used without the prior written permission of NACHA. This material is not
intended to provide any warranties or legal advice and is intended for educational purposes only.
28
• Chose the file and select “upload”.
• The portal will perform schema validation and place the
file into the processing queue.
TPS Registration – Bulk Upload
© 2017 NACHA — The Electronic Payments Association. All rights reserved.
No part of this material may be used without the prior written permission of NACHA. This material is not
intended to provide any warranties or legal advice and is intended for educational purposes only.
29
• Monitor submitted files in the Bulk Upload History.
• Files will remain in “Pending” status until midnight
on the date the file was received.
Bulk Upload History
© 2017 NACHA — The Electronic Payments Association. All rights reserved.
No part of this material may be used without the prior written permission of NACHA. This material is not
intended to provide any warranties or legal advice and is intended for educational purposes only.
30
• Files can be exported in the bulk upload formats or the
TPS table.
– Bulk upload formats can be modified and uploaded using
the bulk upload process.
– The TPS table format includes the date registered, date
modified, and modified by fields that are not part of the
bulk upload formats.
Export TPS Entries
© 2017 NACHA — The Electronic Payments Association. All rights reserved.
No part of this material may be used without the prior written permission of NACHA. This material is not
intended to provide any warranties or legal advice and is intended for educational purposes only.
31
• All ODFIs will need to re-attest.
– NACHA has contacted all ODFIs that were registered in
the legacy system as having a Direct Access Debit
relationship.
• Direct Access (DA) menu is only enabled for FIs that
have DA relationships.
• For new relationships, NACHA Staff will contact each FI
that attest as to having direct access debit relationships.
NACHA staff will confirm the direct access relationship
and complete the registration with the financial institution
Direct Access Debit Registration - Required
© 2017 NACHA — The Electronic Payments Association. All rights reserved.
No part of this material may be used without the prior written permission of NACHA. This material is not
intended to provide any warranties or legal advice and is intended for educational purposes only.
32
• NACHA ended vender agreement for the TOD service
and now offers without a charge to ODFIs and Third
Parties.
• The TOD allows ODFIs and Third-Party Senders and
Third-Party Service Providers to share information on
terminated originators.
• ODFIs are not prohibited from doing business with
originators listed in the TOD. NACHA recognizes that
some ODFIs may have greater risk tolerance and risk
management practices for managing an originator that
other ODFIs may terminate.
Terminated Originator Database (TOD) - Voluntary
© 2017 NACHA — The Electronic Payments Association. All rights reserved.
No part of this material may be used without the prior written permission of NACHA. This material is not
intended to provide any warranties or legal advice and is intended for educational purposes only.
33
• Select “TOD DB Management” from the TOD dropdown
menu
• To add a new TOD contribution, select “Contribute to
TOD”.
TOD – Contribute and Manage Contributions
© 2017 NACHA — The Electronic Payments Association. All rights reserved.
No part of this material may be used without the prior written permission of NACHA. This material is not
intended to provide any warranties or legal advice and is intended for educational purposes only.
34
• To contribute a new
terminated originator or
third-party sender, all
fields marked with an *
need to be completed.
TOD - Contribute
© 2017 NACHA — The Electronic Payments Association. All rights reserved.
No part of this material may be used without the prior written permission of NACHA. This material is not
intended to provide any warranties or legal advice and is intended for educational purposes only.
35
• Searches can be done on the complete legal name, tax
ID or doing business as name (DBA).
• Only an exact match will return a result. No partial
names or wildcards can be used to search TOD.
TOD - Search
© 2017 NACHA — The Electronic Payments Association. All rights reserved.
No part of this material may be used without the prior written permission of NACHA. This material is not
intended to provide any warranties or legal advice and is intended for educational purposes only.
36
• NACHA provides an Emergency FI Contact Database as
a vehicle for communication during a crisis: financial
institutions can collaborate and share information as
needed to mitigate threats’ impact on day-to-day
operations.
• Financial institutions must register to contribute to the
Emergency Financial Institution Contact Database.
Emergency FI Contact Database - Voluntary
© 2017 NACHA — The Electronic Payments Association. All rights reserved.
No part of this material may be used without the prior written permission of NACHA. This material is not
intended to provide any warranties or legal advice and is intended for educational purposes only.
37
Emergency FI Contact Database - Contribute
© 2017 NACHA — The Electronic Payments Association. All rights reserved.
No part of this material may be used without the prior written permission of NACHA. This material is not
intended to provide any warranties or legal advice and is intended for educational purposes only.
38
• A single contact can be
associated with every
RTN owned by the FI.
• Phone number is a
required field.
• Email is optional.
Emergency FI Contact Database - Contribute
© 2017 NACHA — The Electronic Payments Association. All rights reserved.
No part of this material may be used without the prior written permission of NACHA. This material is not
intended to provide any warranties or legal advice and is intended for educational purposes only.
39
• The Emergency FI Contact Database can be searched
by Routing Number or Financial Institution Name
Emergency FI Contact Database - Search
© 2017 NACHA — The Electronic Payments Association. All rights reserved.
No part of this material may be used without the prior written permission of NACHA. This material is not
intended to provide any warranties or legal advice and is intended for educational purposes only.
40
NACHA links
• www.nacha.org/riskmanagementportal
• www.nacha.org/thirdpartysenders
• https://web.nacha.org/certified
• https://www.nacha.org/risk/tools
Additional Resources
© 2017 NACHA — The Electronic Payments Association. All rights reserved.
No part of this material may be used without the prior written permission of NACHA. This material is not
intended to provide any warranties or legal advice and is intended for educational purposes only.
41
MAC 2018 Annual Conference
March 13 - 15, 2018
SLS Hotel - Las Vegas, NV
Register online at www.macmember.org
Don’t miss the premier payments industry risk conference.
SAVE THE DATE