2017 NACHA Third-Party Sender Initiatives - macmember.org Presentation - NACHA Third... · Number...

© 2017 NACHA — The Electronic Payments Association. All rights reserved.

No part of this material may be used without the prior written permission of NACHA. This material is not

intended to provide any warranties or legal advice and is intended for educational purposes only.

2017 NACHA Third-Party Sender

Initiatives

Jordan Bennett

Senior Director, Network Risk

NACHA




2

MAC is an organization of Bankcard professionals involved in the risk

management side of Card Processing. We have members from Banks, ISOs,

Card Associations and others related to the risk management side of the

industry. MAC’s mission is to strengthen the payment ecosystem through

ongoing education, communication and cooperation among acquirers, card

brands and enforcement agencies.

To learn more about MAC or to become a member of MAC

please visit the website below.

https://www.macmember.org/

https://www.macmember.org/




3

NACHA’s Risk Management Strategy

• Past and concurrent Third-Party

initiatives include:

– NACHA Certified

– Third-Party Sender Registration Rule

– Risk Management Portal

– Third-Party Sender Identification Tool and

online resources

– Third-Party Sender Operations Bulletin




NACHA Certified:

NACHA’s Certification Program

for Third-Party Senders




5

• NACHA Certified is a voluntary accreditation

program for Third-Party Senders in the ACH

Network

• The program includes a set of commonly

understood requirements for conformance to sound

business practices and standards

• NACHA Certified helps Third-Party Senders set

themselves apart from their peers while improving

the quality of the Network

What is NACHA Certified?




6

Why Did NACHA launch NACHA Certified?

• NACHA recognizes that Third-Party Senders fill an important and

vital role in the ACH Network! NACHA Certified provides value to

industry participants and the network by improving self-governance

• Growth of third-party participation in the network to support new

innovative payment methods – many new market entrants act as

Third-Party Senders and may not be familiar with compliance, risk

management, and regulatory responsibilities

• Improve transparency for well-governed industry partners looking to

do business together via public list of Third-Party Senders




7

What are the Benefits to the ODFI?

• Serves as a starting point for ODFI’s own due diligence, as well as a

source of validation for the ODFI’s ongoing oversight for existing

Third-Party Sender relationships

• Provides assurance that the Third-Party Sender has an

understanding of NACHA Operating Rules compliance

requirements, and has demonstrated sound practices related to

ACH transaction processing

• Publicly available certification requirements set the standard that all

Third-Party Senders should meet and improves awareness of

governance expectations

• A public list of certified Third-Party Senders may smooth the way for

more efficient and effective interactions with ODFI partners




8

What are the Benefits for Third-Party Senders?

• A public list of certified Third-Party Senders paves the way to a more

positive interaction with ODFI partners

• All NACHA Certified Third-Party Senders may display the NACHA

Certified seal and will have their names and company information

displayed on the NACHA Certified website

• Third-Party Senders are able to set themselves apart from peers by

meeting certification program standards

• Provides well-governed Third-Party Senders a mechanism to

demonstrate sound corporate governance, risk management, and

compliance with Rules, Laws and Regulations

• Provides Originators a level of assurance that their Third-Party Sender

partner meets the NACHA Certified program standards

http://www.nachacertified.org/




9

Certification Program Pillars

All Third-Party Senders that apply for certification agree to

submit to a review of the following by NACHA:

• NACHA Operating Rules Compliance Audit

• Background checks on applicant organization and key principals

• Audited annual and quarterly financial statements

• Compliance and Risk Management:

– Internal Risk Assessment

– Return Monitoring Program

– Statement attesting to adoption of policies, procedures and internal

controls that satisfy the Program Criteria, as well as obligations under

federal and state laws and regulations

– Upon NACHA’s request, the applicant will make available all policies,

procedures, internal controls and other documentation relating to the

Applicant’s Compliance and Risk Program




10

• Who is eligible?

– All Third-Party Senders that have been in business for at least two years

are eligible to become NACHA Certified

• What must be provided?

– Applicants must provide the following documentation:

• Independent NACHA Operating Rules Audit

• ACH Risk Assessment

• Attestation to Meeting Specified Compliance and Risk Program Elements

• Agreement to Criminal Background Check for all principals and key officers

• Audited Financial Statements

• What is the pricing?

– The pricing was designed to incent adoption by Third-Party Senders and

to cover program costs

• The fee for application to apply to become NACHA Certified is $5,000 for the

two year certification period

• The fee to maintain the certification in intervening years is $750

Some Details




Risk Management Portal:

NACHA’s new home for all of our risk

management databases




12

NACHA’s Risk Management databases are moving to the

new Risk Management Portal .

• Required by the NACHA Rules

– Third-Party Sender Registration (New)

– Direct Access Registration (Re-attest)

• Voluntary

– Emergency Financial Institution Contact Database

– Terminated Originator Database

• Retiring Originator Watch List (OWL)

NACHA’s Risk Management Portal

https://riskmanagmentportal.nacha.org/




13

• NACHA discontinued OWL on September 29, 2017 in

conjunction with launch of Risk Management Portal

• Enhancements in new Risk Management Portal creates

improved efficiencies in NACHA’s risk management tools

– OWL no longer provides incremental value in light of

these alternative enhancements

OWL – Discontinuation




14

• Each organization should register only once.

– NACHA uses information from the Accuity, the Routing

Number (RTN) registrar, to link RTNs owned by the

financial institution.

– Registering third-parties are linked by their US TIN.

• Each organization will select one employee to act as

administrator and register for access to the Risk

Management Portal.

– The administrator has the ability to add up to four

additional users.

– Administrators and users have access to view and edit.

NACHA’s Risk Management Portal




15

Financial Institution Registration




16





17





18

• NACHA must accept

each registration – most

will be instant, but some

may take up to 3

business days

• The admin and users will

receive an email with a

welcome notice and

temporary password.

• Login and change your

password.

Initial login




19

• A One-Time Authentication Code is generated at each login.

• The One-Time Authentication Code is sent via email.

• Type or copy and paste the One-Time Authentication Code.

• Users are logged out of the Risk Management Portal after five minutes of inactivity.

Two-Factor Authentication




20

• View and edit FI information here.

• Print or export this screen for your records.

Financial Institution Registration Management




21

• The “Edit” icon (A) will let you edit FI information.

• The “Deactivate” icon (B) will deactivate the FI.

Financial Institution Registration Management




22

• Add, edit, view, and export TPS customers from the TPS

tab.

• Tab is only enabled for FIs that attest to having TPS

customers.

Third-Party Sender Registration




23

• Manual Entry

– Enter TPS customer

information into a

standard form.

– Edit any entry (bulk or

manual)

• Bulk Upload

– Upload or edit many

TPS customers at one

time.

– Templates available in

Excel, CSV, and XML.

– Validations are

performed by the portal.

– Files placed into queue

and processed at

midnight on the date of

upload.

Third-Party Sender Registration – two processes




24

• Select “Manual Entry” from the TPS DB Management

Screen.

• A pop-up will appear. All fields marked with an * need to

be completed.

TPS Registration – Manual Entry




25

• ODFI Routing Number is

the RTN used by TPS

customer being

registered.

• Only register the TPS

Company ID and TPS

Name of the third-party

sender

TPS Registration - Manual Entry




26

• Select “Bulk Upload” from the TPS drop down menu or

from the “TPS DB Management” screen.

TPS Registration – Bulk Upload




27

• Select a template.

• Add TPS customers or Modify current TPS customers.

• Save the file.





28

• Chose the file and select “upload”.

• The portal will perform schema validation and place the

file into the processing queue.





29

• Monitor submitted files in the Bulk Upload History.

• Files will remain in “Pending” status until midnight

on the date the file was received.

Bulk Upload History




30

• Files can be exported in the bulk upload formats or the

TPS table.

– Bulk upload formats can be modified and uploaded using

the bulk upload process.

– The TPS table format includes the date registered, date

modified, and modified by fields that are not part of the

bulk upload formats.

Export TPS Entries




31

• All ODFIs will need to re-attest.

– NACHA has contacted all ODFIs that were registered in

the legacy system as having a Direct Access Debit

relationship.

• Direct Access (DA) menu is only enabled for FIs that

have DA relationships.

• For new relationships, NACHA Staff will contact each FI

that attest as to having direct access debit relationships.

NACHA staff will confirm the direct access relationship

and complete the registration with the financial institution

Direct Access Debit Registration - Required




32

• NACHA ended vender agreement for the TOD service

and now offers without a charge to ODFIs and Third

Parties.

• The TOD allows ODFIs and Third-Party Senders and

Third-Party Service Providers to share information on

terminated originators.

• ODFIs are not prohibited from doing business with

originators listed in the TOD. NACHA recognizes that

some ODFIs may have greater risk tolerance and risk

management practices for managing an originator that

other ODFIs may terminate.

Terminated Originator Database (TOD) - Voluntary




33

• Select “TOD DB Management” from the TOD dropdown

menu

• To add a new TOD contribution, select “Contribute to

TOD”.

TOD – Contribute and Manage Contributions




34

• To contribute a new

terminated originator or

third-party sender, all

fields marked with an *

need to be completed.

TOD - Contribute




35

• Searches can be done on the complete legal name, tax

ID or doing business as name (DBA).

• Only an exact match will return a result. No partial

names or wildcards can be used to search TOD.

TOD - Search




36

• NACHA provides an Emergency FI Contact Database as

a vehicle for communication during a crisis: financial

institutions can collaborate and share information as

needed to mitigate threats’ impact on day-to-day

operations.

• Financial institutions must register to contribute to the

Emergency Financial Institution Contact Database.

Emergency FI Contact Database - Voluntary




37

Emergency FI Contact Database - Contribute




38

• A single contact can be

associated with every

RTN owned by the FI.

• Phone number is a

required field.

• Email is optional.

Emergency FI Contact Database - Contribute




39

• The Emergency FI Contact Database can be searched

by Routing Number or Financial Institution Name

Emergency FI Contact Database - Search




40

NACHA links

• www.nacha.org/riskmanagementportal

• www.nacha.org/thirdpartysenders

• https://web.nacha.org/certified

• https://www.nacha.org/risk/tools

Additional Resources

http://www.nacha.org/riskmanagementportal

http://www.nacha.org/thirdpartysenders

https://web.nacha.org/certified

https://www.nacha.org/risk/tools




41

MAC 2018 Annual Conference

March 13 - 15, 2018

SLS Hotel - Las Vegas, NV

Register online at www.macmember.org

Don’t miss the premier payments industry risk conference.

SAVE THE DATE

http://www.macmember.org/

2017 NACHA Third-Party Sender Initiatives - macmember.org Presentation - NACHA Third... · Number...

Documents

Transcript of 2017 NACHA Third-Party Sender Initiatives - macmember.org Presentation - NACHA Third... · Number...