Risk & Compliance

Accomplishments and Current Initiatives

Accomplishments
 
  • Network Enforcement Rule – RMAG developed a proposal for the Network Enforcement Rule and sponsored the Product Group in the rule making process. This Rule enhanced the System of Fines (effective December 2007) and created ODFI Reporting Requirements (effective March 2008).
  • Company Name Identification Rule – RMAG developed a proposal to more clearly define the contents of the Company Name Field and participated in the rule making process. This Rule requires that the Company Name Field clearly contain the name of the Originator which is known to and readily recognized by the Receiver (effective June 2008)
  • Rules Audit Enhancement Rule – RMAG provided input into this Rule that incorporates a new section identifying key audit requirements applicable to all Participating DFIs, regardless of their particular roles as ODFIs or RDFIs. The addition of this section makes general audit obligations for all DFIs easier to locate and eliminates the need to include redundant language in separate sections. (effective December 2009)
  • Risk Management and Assessment Rule – RMAG developed a proposal on risk assessment and participated in the rule making process. This Rule codified within the NACHA Operating Rules additional risk management practices that are common in the industry that improves risk management in the ACH Network when utilized by all DFIs. (effective June 2010)
  • Direct Access Registration Rule – RMAG prepared a Board policy statement that was approved by the NACHA Board in July 2008 requiring Direct Access Registration. RMAG developed a proposal to bring the Direct Access Registration into the rule making process and sponsored the Rules Group in that process. (effective June 2010) More information on Direct Access Registration can be found on the NACHA Web site under Risk & Compliance.
  • New ODFI Risk Education Program - The New ODFI Risk Education Program aims to dialogue with new ODFIs to increase their awareness of Network educational opportunities and materials available to support risk management efforts offered by NACHA and the Regional Payments Associations (RPAs).
  • Interim Policy on ACH Data Breach Notification Requirements - NACHA's Interim Policy on ACH Data Breach Notification Requirements identifies the requirements for ODFIs, and provides guidance to RDFIs. The Interim Policy contains two major features: (1) An ODFI is required to notify NACHA of a breach of consumer-level ACH data; and (2) An ODFI is required to make information about such a breach available to affected RDFIs. More information on this Interim Policy can be found on the NACHA Web site under Risk & Compliance.
 
White Papers
 
  • ODFI Best Practices for Originating ACH Transactions - RMAG completed a white paper, ODFI Best Practices for Originating ACH Transactions, based upon the responses to a survey entitled ODFI Best Practices for Originating ACH Transactions in Challenging Economic Times conducted in April 2009.  This white paper includes an analysis of the survey results and relates the ODFIs’ responses to provisions of both the 2009 NACHA Operating Rules (Rules) as well as the Office of the Comptroller of the Currency’s (OCC) Bulletin 2006-39 and Bulletin 2008-12.
     
  • Third-Party Sender Risk - This ACH risk management white paper examines three case studies related to Third-Party Sender Risk. These case studies address ODFI challenges related to: 1) on-boarding a new Third-Party Sender, 2) monitoring the Third-Party Sender relationship on an ongoing basis, and 3) terminating a Third-Party Sender relationship. Also included are ODFI best practices to manage Third-Party Sender risk.
     

  • Remotely-Created Checks and ACH Transactions: Analyzing the Differentiators - This risk management white paper examines the uses of Remotely-Created Checks (RCCs) and the distinctions that enable an informed choice between RCC and ACH transactions. The paper also identifies opportunities to make ACH transactions the payment method of choice in comparison to RCCs.


Current Initiatives
 
  • Terminated Originator Database – RMAG is exploring the concept of a database to help financial institutions in their due diligence processes.
  • ACH Benchmarking – RMAG is looking at the method by which to quantify the cost of risk management to financial institutions by developing benchmarks on loss data; system, resource and monitoring investments; and comparison of risk management costs across payments channels.