Presentation on theme: "LEADERSHIP + INNOVATION 2013 OLA Conference |October 16-17 |San Diego Get Educated on the NACHA Rules Marsha Jones, AAP, NCP, Director, TPPPA Lin Fellerman,"— Presentation transcript:
LEADERSHIP + INNOVATION 2013 OLA Conference |October 16-17 |San Diego Get Educated on the NACHA Rules Marsha Jones, AAP, NCP, Director, TPPPA Lin Fellerman, President and CEO, Secure Payment Systems
Agenda ODFI Warranties and Responsibilities Third-Party Senders Originator Responsibilities New Rules in 2013 Data Passing ODFI Return Rate Reporting Incomplete Transactions ACH Security Framework
ODFI General Rule – ARTICLE TWO SECTION 2.1 An ODFI is responsible for all Entries originated through the ODFI, whether by an Originator or through a Third-Party Sender. An ODFI is responsible for its Originators’ and Third-Party Senders’ compliance with the rules.
ODFI Warranties – ARTICLE TWO SECTION 2.4 Entry is properly authorized and has not been revoked Entry complies with all the Rules including proper use of SEC Codes Contains correct information Transmitted on the correct date For the authorized amount Transmitted securely
ODFI Indemnity for Breach of Warranty Indemnifies all RDFIs from and against any and all claims, demands, losses, liabilities, and expenses including attorney fees and costs as the result of directly or indirectly from breach of warranty. Includes any damages that result due to NSF caused by unauthorized entry. Includes damages an RDFI would be liable for under Regulation E as a result of the entry being presented
ODFI and Third-Party Sender Prerequisites to Origination – ARTICLE TWO SECTION 2.2 Perform Due Diligence on each Originator Assess the nature of ACH activity and the risk it represents Reassess at least annually Establish, implement and review exposure limits Establish and implement procedures to monitor origination and return activity Enter into agreements meeting minimum NACHA standard Bound by rules Adhere to laws Right to audit for compliance and terminate or suspend Originator
Authorization Requirements – ARTICLE TWO SECTION 2.3 Consumer CREDIT authorizations do not have to be in writing Consumer DEBIT authorizations must: Readily identifiable as authorization Clear and readily understandable terms including: Amount and timing of debits Satisfies applicable legal requirements If not, not considered authorized (Larimer Letter) Provide means to revoke authorization
Notice of Variable Debits to Consumer Accounts – ARTICLE TWO SUBSECTION 18.104.22.168 Change in Amount Must send written notification of change in amount at least 10 calendar days prior to the date of the scheduled payment No notice required if consumer chooses option in Authorization to receive notice only if amount falls outside of a specific range Change in Date Must send written notification of change in date at least 7 calendar days prior to the date of the next payment Does not include variations to dates due to holidays, Saturday or Sunday
Retention and Provision of Authorizations – ARTICLE TWO SUBSECTION 22.214.171.124 Must retain for two years from the termination or revocation of the authorization ODFI must provide to RDFI within ten banking days of written request Originator must provide in such a time and manner to enable ODFI to comply with their timeframe TPPP considerations NOTE: ODFI or TPPP have right to request at any time to ensure compliance Right to audit compliance with rules in agreements
Third-Party Sender Third Party Payment Processors Company that processes payments for merchants through its bank Bank has no direct relationship with merchants Know as Third-Party Sender under ACH Rules Know more broadly as Third Party Payment Processor No direct relationship with the Receiver of the payment
11 TPPP Flow Merchant (Originator) TPPP Merchant (Originator) Merchant (Originator) Bank (ODFI) Bank has no Agreement with the Merchant (Originator) Agreement Receiver Authorization TPPP has no Authorization with the Receiver
Third-Party Sender Obligations – ARTICLE TWO SECTION 2.15 Must provide ODFI with any information ODFI reasonably deems necessary to identify the Originator within 2 banking days of request. Warrants to ODFI that Originator agrees to follow the ACH rules and indemnifies ODFI for all claims, losses, damages, etc. due to Originators failure to comply. Assumes warranties for any functions they do on behalf of the bank. ODFI is ultimately responsible for TPS Jointly responsible with Originator for retention and delivery of required records, documentation, data or copies of documents.
Originator Responsibilities Use of proper Standard Entry Class (SEC) Code Including IAT Proper authorizations Including retention and delivery Prenotes Must wait 6 banking days prior to live entry Must process Notification of Changes Within 6 banking days or prior to next payment whichever is later
Reinitiation of Returns – ARTICLE TWO SUBSECTION 2.12.4 NSF (R01) and UCF (R09) Only two times Within 180 days Returned Stop Payment (R08) Payment was reauthorized Originator has taken corrective action to correct return New Authorizations (R07) (R10) etc. Correction of Routing/Account Information (R03)(R04)
New Rules Data Passing Rule – March 15, 2013 Prohibits sharing of customer information for the purposes of initiation debit entries not covered by the original authorization ODFI Return Rate Reporting – March 15, 2013 Reduces the timeframe for reducing the return rate below the threshold from 60 days to 30 days Failure to do so will result in rules enforcement proceedings Incomplete Transactions Consumers can be re-credited for payments they did not receive credit for using (R10)
New Rules – Supplement #2-2012 ACH Security Framework – September 20, 2013 Protects Consumer Non-Public information including banking data Requires TPPPs and Originators to perform assessments on security of data Whole cycle – Initiation, Processing, Storage through destruction Any form – paper, digital, recordings, voice, etc. Establish and implement policies, procedures and systems to address security
Rules Enforcement – APPENDIX TEN Class 1: (1 st = $1,000, 2 nd = $2,500, 3 rd = $5,000) Recurrence of previous violation within one-year Class 2: ($100,000 per month until resolved) Non-response or not intending to comply with Rules Violation Notice, Failure to comply with Return Rate Reporting Failure of ODFI or TPPP to provide proof of audit NACHA considers violation causes excessive harm to network Fourth or subsequent recurrence of same violation Class 3: ($500,000 per month until resolved) Class 2 continues 3 consecutive months Enforcement Panel can require suspension of the Originator
Questions? Marsha Jones, AAP, NCP Director Third Party Payments Processor Association (TPPPA) email@example.com
Your consent to our cookies if you continue to use this website.