the ach and risk management l.
Skip this Video
Loading SlideShow in 5 Seconds..
The ACH and Risk Management PowerPoint Presentation
Download Presentation
The ACH and Risk Management

Loading in 2 Seconds...

play fullscreen
1 / 27

The ACH and Risk Management - PowerPoint PPT Presentation

  • Uploaded on

The ACH and Risk Management Agenda The ACH Network ACH Network Participants Legal Framework of the ACH Network Risk Background Types of ACH Risk Avoiding ACH Risk Nature of ACH Transactions and Commiserate Risk Additional Risk factors Auditing Guidelines How The ACH Network Began

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

The ACH and Risk Management

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
  • The ACH Network
  • ACH Network Participants
  • Legal Framework of the ACH Network
  • Risk Background
  • Types of ACH Risk
  • Avoiding ACH Risk
  • Nature of ACH Transactions and Commiserate Risk
  • Additional Risk factors
  • Auditing Guidelines
how the ach network began
How The ACH Network Began
  • Early 1970s - SCOPE (Special Committee on Paperless Entries)
  • 1st ACH Association began in California in 1972
  • NACHA was formed in 1974 to coordinate the ACH movement nationwide
  • FRB became the ACH Operator, providing facilities, equipment and staff to handle the ACH transactions
  • One private sector ACH Operator: Electronic Payments Network (EPN)

ACH Trends

ACH Risk

18,000 FI’s using ACH

145 million consumers

2005 volume up to

13.9 billion transactions

Commercial use of ACH Network up by 16% in 2005 (2 billion more than 2005)

Over 4.5 million Corporations


NACHA’s Mission is to promote the development of electronic solutions that improve the payments system for the benefit of its members and their customers.

ach system participants
ACH System Participants




ACH Operator



risk background
Risk Background
  • $31 trillion in commercial transactions was processed by the ACH Network in 2005.
  • This future growth coupled with the increase in the total value of ACH payments provides incentive for DFIs to increase their awareness of ACH Risk.
  • Concern about payment system risk among various banking groups and regulators is increasing.
risk background8
Risk Background
  • Operational and fraud risks related to cash management services are widely understood.
  • Credit risk, however, is becoming more prevalent.
  • To date, ACH related losses have been minimal.
  • Continued risk management for ACH transactions will ensure that the losses remain low.
types of ach risk
Types of ACH Risk
  • Credit Risk
  • Operational Risk
  • Fraud Risk

Credit Risk – ODFI Exposure

Credit Origination




Originator Deposits $3mm Direct Deposit Payroll file with the ODFI.

The ODFI deposits the file to the ACH Operator by Noon.

RDFI makes funds available at opening of business

Receivers withdrawal funds from accounts.

At 1:30pm, the Originator files for Chapter 11 protection.

ODFI experiences a potential $3mm loss.

ODFI’s Exposure

credit risk odfi exposure debit origination
Credit Risk – ODFI ExposureDebit Origination


ACH debit file

is sent from

Company A to

Bank A

Bank A

processes the

file and

delivers the

transactions to

the ACH


Bank A credits

Company A’s

account for the

total amount of

the ACH debit


ACH debit is

received by

Bank B

Bank B

returns ACH


Bank A

receives ACH

debit return

Bank A

charges back

the ACH debit

return to

Company A


credit risk case study

Chapter 1

Credit Risk Case Study

Untimely Returns

On Sept. 27, an RDFI returned four ACH corporate (CCD) debits totaling $56,524.00. The original settlement date for all of these debits ranged form Sept. 14-19. The RDFI held on to the debits because the Receiver’s account was overdrawn and the RDFI wanted to see if the Receiver would fund the account. On Sept. 25, the originating company in this case filed for bankruptcy. The ODFI, faced with a potential $56,524.00 loss, filed suit against the RDFI, citing the fact that the returns were untimely.

1.) Which party is liable? Why?

2.) Name some preventive measures the RDFI (& ODFI) could have taken.

3.) Would your financial institution have sustained a loss in this case?


operating risk
Operating Risk

Operational risk is defined as the risk that the exchange of ACH transactions will not be completed accurately or on time because of an operational failure at some point in the exchange process.

operating risk14
Operating Risk
  • Examples of Operating Failure
    • Failure or unavailability of computer hardware and/or software
    • Failure of telecommunications equipment of circuits.
    • Power failure
    • Human error
    • Staffing problems
    • Disasters (explosions, fire, flood, or earthquake)
operating risk case study

RDFI Risk: Unsubstantiated “Unauthorized Debit”

For several years, an insurance company originated $45 debits to a consumer’s (Receiver) account for premiums on a $250,000 life insurance policy. One day, a telephone request to return that month’s debit as unauthorized was received at the RDFI from an individual claiming to be the consumer. Based on this telephone request, the debit entry for that month and the following month were returned.

After receiving two returned debits for R10 (Consumer Advises Not Authorized), the insurance company canceled the consumer’s life insurance policy. Subsequently, the consumer died and the insurance company refused to pay the life insurance claim from the beneficiary since the policy had been canceled due to the returned debits received form the RDFI. The insurance company subsequently learned that the RDFI had failed to obtain an affidavit from the Receiver.

Restitution was sought by the beneficiary which resulted in legal action against the insurance company and the RDFI.

1.) What party (or parties) are liable? Why?

2.) What preventive measures and Rules compliance should have taken place?

3.) Would your financial institution have sustained a loss in this case?

Operating Risk Case Study


fraud risk
Fraud Risk

Fraud risk is the risk that ACH data will be compromised through the introduction of false transactions, the alteration of valid transactions, or the alteration of static data that controls the routing or settlement of valid ACH transactions.

fraud risk case study

ODFI Risk: Employee Fraud

A programmer at an ODFI scans a file before forwarding its to the ACH Operator, and locates a large ($1 million) credit transaction destined for an RDFI, where the programmer has a checking account under a false name. The programmer alters the file by placing his account number in the $1 million transaction.

The next morning, the programmer drives to his bank and wires $1 million to his account in Zurich. Later that morning, the intended Receiver realizes that the expected transaction was not posted.

The Originator requests reimbursement for $1 million form the ODFI for the payment that was misappropriated by the programmer.

1.) Who is liable in this case and why?

2.) What types of preventive measures should have been taken by the ODFI and RDFI?

3.) Would your financial institution have sustained a loss in this case?

Fraud Risk Case Study


nature of ach transactions
Nature of ACH Transactions
  • Consumer Transactions
    • 60 day right of recredit
    • Require an authorization
      • Written
      • Similarly authenticated
      • Notice = Authorization
      • Oral authorization
    • Include certain Standard Entry Class Codes
      • PBR, PPD and CIE
      • The eCheck applications
nature of ach transactions19
Nature of ACH Transactions
  • Corporate Transactions
    • 24 hour right of recredit
    • Require an agreement that binds both parties to the NACHA Operating Rules
    • Includes certain Standard Entry Class Codes
      • Corporate Cross-Border Entries (CBR)
      • Corporate Cash Concentration and Disbursement Entries (CCD)
      • Corporate Trade Exchange Entries (CTX)
additional risk factors
Additional Risk Factors
  • Primary ACH Risk – Most common factors affecting the successful processing of an ACH transaction.
  • Transaction Level Risk – Lapses in security that affect the overall integrity of a transaction. Occurs many times in spite of an Originator’s best efforts.
  • Originator Level Risk – Actions within the purview of the Originator’s responsibilities that lead to an ACH transaction being compromised.
additional risk factors21
Additional Risk Factors

Primary Risk

  • Unauthorized transactions
  • Returns/60 Day Right of Recredit
  • Account Numbers
    • ACH Returns due to Invalid Account Numbers
    • Fraudulently-used Valid Account Numbers
    • Closed Accounts
  • Non-Sufficient Funds
additional risk factors22
Additional Risk Factors

Transaction-Level Risk

  • Transport Vulnerabilities – Interception of financial data, usernames or passwords transmitted in an insecure environment.
  • Log-In, Username and Password Cracking – Systematic generation and testing of username and passwords designated to fraudulently authorize a financial transaction.
  • One-Time Theft – Identity Theft.
additional risk factors23
Additional Risk Factors

Originator-Level Risk

  • Employee-Initiated Fraud
    • Employees at Online Originators
    • Employees at Real World Originators
  • Spoofing (& Phishing)
    • Website spoofing
    • Email solicitations
  • Originator Non-Delivery
ach annual self audit
ACH Annual Self-Audit
  • Rule Compliance Audit Requirements
    • General audit requirements
      • Annual audit by December 1
      • Under the direction of audit committee, audit manager, senior level officer, or external examiner
      • Retained for 6 years and provided to NACHA upon request
    • Audit requirements for Participating DFIs
      • Includes all DFIs (RDFIs & ODFIs) & their third-party service providers
    • Audit requirements for ODFIs
      • Includes ODFIs and their third-party service providers
  • 2006 ACH Rules Book
  • ACH Risk Management Handbook – 3rd Edition
  • The ACH Compliance Manual: How to Comply with ACH-Related Rules & Regulations – 4th Edition
  • Risk Management for the New Generation of ACH Payments

Internet, Electronic Check and Telephone

  • Risk Management for Consumer Internet Payments

ACH, Credit Cards, Debit Cards and P2P

  • Understanding Internet-Initiated ACH Debits
  • Third Party Senders, The ACH Network: An Implementation Guide
Tim Mills, Director of Association Services
  • Electronic Payments Network/ The Payments University
  • 230 S. LaSalle, Suite 700
  • Chicago, Illinois 60604
  • 312-913-2597