White Papers

Third-Party Sender Approach and Compliance Tools Available

NACHA passed a rule last year, effective September 29, 2017, requiring ODFI’s to identify and register their Third-Party Sender customers. The registration requirement applies to Third-Party Senders that are the ODFI’s direct customers, as well as those other Third-Party Senders that are direct customers of the first Third-Party Sender, otherwise known as “nested” Third-Party Senders. Knowing that the deadline was March 1, 2018 for registration, will your bank be able to properly identify their Third-Party Senders along with implementing the necessary monitoring tools for maintaining quality transactions within the ACH Network?

ODFIs should consider additional risk monitoring tools outside their CORE System if they decide to process on behalf of Third-Party Senders. Ad-hoc approaches to compliance management, such as relying strictly on your CORE processor for managing your overall payment risk, can expose your financial institution to significant risks. Because of the nature and level of risk inherent to processing another parties’ payments that they do not have a contractual relationship with, banks should have in place a compliance-risk management framework that makes it possible to identify, monitor, and effectively control the overall transaction processing.

Utilizing additional risk and reporting tools to support banks’ payments businesses creates economies-of-scale and delivers a sound risk management program; along with the added expertise to help ODFIs remain competitive and profitable. Although there is no magic crystal ball, we can predict with 99.99% confidence that interest rates will rise and the ability to increase bank’s deposit and fee income by processing on behalf of Third-Senders can be an excellent source of revenue for your financial institution.

It is recommended however to proceed with caution and the ODFI should implement the necessary controls and practices to ensure it is performing adequate due diligence and managing its individual customers and associated risk to the organization such as reputation, financial and cross-channel risk. Since many of the challenges identified in the 2008 economic collapse stemmed from non-bank entities, it makes sense that regulators these days are more concerned with third-party risk.

A successful compliance-risk management program is essential for banks who process for both direct Originators and Third-Party Payment Processors.

1. Perform the up-front due diligence screening, both KYC and KYCC. There is no reason to “throw the baby out with the bath water” so to speak, for this viable segment within our payment community. The Third-Party Senders you choose to process for must adhere to NACHA Rules and have a clear understanding of their obligation for playing an important role in maintaining payment integrity within the Network and for the overall good of the economy.

A. It is important for the ODFI to thoroughly understand their customers’ business practices. Make sure that the payment type they are using is appropriate for how the consumer authorization is performed, i.e. in person (PPD transaction) vs. over the internet/mobile (WEB transaction).

B. Be vigilant in knowing your customers, assessing their risk to your financial institution, and monitoring and controlling their payment activity.

2. It is necessary to identify and report overall return activity, to include return items above established thresholds for both unauthorized and administrative returns. Make sure from a reporting standpoint, you have the ability to further drill down to the sub-merchant underneath the Third-Party Sender; since there may be one bad actor out of thousands of merchants causing the overall return rate to be above the established threshold. It’s been proven, bank regulators and examiners will hold banks responsible for the actions of their customers. The bank is responsible to prove that they are monitoring for any outliers and suspicious patterns identified by velocity or deltas above established processing thresholds mandated by regulators and operational guidelines defined by NACHA.

A. Identify specific use cases within your ACH operations in the event your customer or their direct originator has fallen outside the bank’s guidelines. This information should be communicated back to your customers and also identified within your ACH Agreements.

B. Be able to provide your auditors and board with performance measures and benchmark reporting. Many banks spend an excessive amount of time on compiling and fine tuning reports. In many cases, the reports are error prone and lack drill-down capability.

C. Monitoring and reporting processes are conducted at regular intervals to ensure that the bank is always fully compliant.

D. Look at trending capability for identifying “at-risk” accounts.

E. Eliminate error-prone processes that create redundancies and silos of information.

3. Communication within your organization by the various stakeholders is paramount. An effective board and senior management oversight is key to an overall effective compliance risk management process.

A. Provide bank stakeholders (Officers, ACH Management and Risk Management) with a list of actionable items according to their roles and responsibilities.

Affirmative Technologies, formed in 1998, delivers modern solutions for processing and managing risk for your electronic payments. Their platform is designed to reduce cost and risk while streamlining your ACH operational processes. Unlike other systems in the market, Affirmative Technologies’ platform was designed from the ground up to manage Third Party Service Providers/and their subset, Third-Party Senders. The hierarchical framework provides a comprehensive menu of risk controls and settings that can be turned on and tightened based on the level of risk involved. You can rest assure that Affirmative’s ACHRISKManager™ and its’ latest business intelligence reporting tool, ACHINSIGHT™ provide graphical executive dashboards and flexible reports, with drilldown capability, provides statistics on a variety of parameters such as return volume, actual vs. anticipated, leading to improved decisions. There are automated alerts for events such as exceptions and failures eliminate any surprises after the fact. By utilizing the best-in-class technology combined with a great like-minded team of professionals, you can rest assured that your bank and its most valuable assets are protected.

Affirmative Technologies and ePayAdvisors have partnered together to provide ePayAdvisors’ client’s access to a risk management and processing platform, along with intuitive dashboards and business intelligence reporting tools. These solutions are designed specifically for any financial institution that is processing for Third Party Payment Processors. For more information, contact your ePayAdvisors representative or visit our website at www.affirmativeusa.com.

For additional education to understand whether you are processing for a Third-Party Sender, visit NACHA’s Online TPS Identification Tool can be found at https://www.nacha.org/third-party-sender-identification-tool