The ach and risk management
Download
1 / 27

The ACH and Risk Management - PowerPoint PPT Presentation


  • 290 Views
  • Updated On :

The ACH and Risk Management Agenda The ACH Network ACH Network Participants Legal Framework of the ACH Network Risk Background Types of ACH Risk Avoiding ACH Risk Nature of ACH Transactions and Commiserate Risk Additional Risk factors Auditing Guidelines How The ACH Network Began

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'The ACH and Risk Management' - albert


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Agenda l.jpg
Agenda

  • The ACH Network

  • ACH Network Participants

  • Legal Framework of the ACH Network

  • Risk Background

  • Types of ACH Risk

  • Avoiding ACH Risk

  • Nature of ACH Transactions and Commiserate Risk

  • Additional Risk factors

  • Auditing Guidelines


How the ach network began l.jpg
How The ACH Network Began

  • Early 1970s - SCOPE (Special Committee on Paperless Entries)

  • 1st ACH Association began in California in 1972

  • NACHA was formed in 1974 to coordinate the ACH movement nationwide

  • FRB became the ACH Operator, providing facilities, equipment and staff to handle the ACH transactions

  • One private sector ACH Operator: Electronic Payments Network (EPN)


Slide4 l.jpg

ACH Trends

ACH Risk

18,000 FI’s using ACH

145 million consumers

2005 volume up to

13.9 billion transactions

Commercial use of ACH Network up by 16% in 2005 (2 billion more than 2005)

Over 4.5 million Corporations


Slide5 l.jpg

NACHA’s Mission is to promote the development of electronic solutions that improve the payments system for the benefit of its members and their customers.


Ach system participants l.jpg
ACH System Participants electronic solutions that improve the payments system for the benefit of its members and their customers.

Authorization

Receiver

Originator

ACH Operator

RDFI

ODFI


Risk background l.jpg
Risk Background electronic solutions that improve the payments system for the benefit of its members and their customers.

  • $31 trillion in commercial transactions was processed by the ACH Network in 2005.

  • This future growth coupled with the increase in the total value of ACH payments provides incentive for DFIs to increase their awareness of ACH Risk.

  • Concern about payment system risk among various banking groups and regulators is increasing.


Risk background8 l.jpg
Risk Background electronic solutions that improve the payments system for the benefit of its members and their customers.

  • Operational and fraud risks related to cash management services are widely understood.

  • Credit risk, however, is becoming more prevalent.

  • To date, ACH related losses have been minimal.

  • Continued risk management for ACH transactions will ensure that the losses remain low.


Types of ach risk l.jpg
Types of ACH Risk electronic solutions that improve the payments system for the benefit of its members and their customers.

  • Credit Risk

  • Operational Risk

  • Fraud Risk


Slide10 l.jpg

Credit Risk – ODFI Exposure electronic solutions that improve the payments system for the benefit of its members and their customers.

Credit Origination

DAY 3

DAY 1

DAY 2

Originator Deposits $3mm Direct Deposit Payroll file with the ODFI.

The ODFI deposits the file to the ACH Operator by Noon.

RDFI makes funds available at opening of business

Receivers withdrawal funds from accounts.

At 1:30pm, the Originator files for Chapter 11 protection.

ODFI experiences a potential $3mm loss.

ODFI’s Exposure


Credit risk odfi exposure debit origination l.jpg
Credit Risk – ODFI Exposure electronic solutions that improve the payments system for the benefit of its members and their customers.Debit Origination

DAY 1 DAY 2 DAY 3 DAY 4

ACH debit file

is sent from

Company A to

Bank A

Bank A

processes the

file and

delivers the

transactions to

the ACH

Operator

Bank A credits

Company A’s

account for the

total amount of

the ACH debit

file

ACH debit is

received by

Bank B

Bank B

returns ACH

debit

Bank A

receives ACH

debit return

Bank A

charges back

the ACH debit

return to

Company A

ODFI EXPOSURE


Credit risk case study l.jpg

Chapter 1 electronic solutions that improve the payments system for the benefit of its members and their customers.

Credit Risk Case Study

Untimely Returns

On Sept. 27, an RDFI returned four ACH corporate (CCD) debits totaling $56,524.00. The original settlement date for all of these debits ranged form Sept. 14-19. The RDFI held on to the debits because the Receiver’s account was overdrawn and the RDFI wanted to see if the Receiver would fund the account. On Sept. 25, the originating company in this case filed for bankruptcy. The ODFI, faced with a potential $56,524.00 loss, filed suit against the RDFI, citing the fact that the returns were untimely.

1.) Which party is liable? Why?

2.) Name some preventive measures the RDFI (& ODFI) could have taken.

3.) Would your financial institution have sustained a loss in this case?

49


Operating risk l.jpg
Operating Risk electronic solutions that improve the payments system for the benefit of its members and their customers.

Operational risk is defined as the risk that the exchange of ACH transactions will not be completed accurately or on time because of an operational failure at some point in the exchange process.


Operating risk14 l.jpg
Operating Risk electronic solutions that improve the payments system for the benefit of its members and their customers.

  • Examples of Operating Failure

    • Failure or unavailability of computer hardware and/or software

    • Failure of telecommunications equipment of circuits.

    • Power failure

    • Human error

    • Staffing problems

    • Disasters (explosions, fire, flood, or earthquake)


Operating risk case study l.jpg

RDFI Risk: Unsubstantiated “Unauthorized Debit” electronic solutions that improve the payments system for the benefit of its members and their customers.

For several years, an insurance company originated $45 debits to a consumer’s (Receiver) account for premiums on a $250,000 life insurance policy. One day, a telephone request to return that month’s debit as unauthorized was received at the RDFI from an individual claiming to be the consumer. Based on this telephone request, the debit entry for that month and the following month were returned.

After receiving two returned debits for R10 (Consumer Advises Not Authorized), the insurance company canceled the consumer’s life insurance policy. Subsequently, the consumer died and the insurance company refused to pay the life insurance claim from the beneficiary since the policy had been canceled due to the returned debits received form the RDFI. The insurance company subsequently learned that the RDFI had failed to obtain an affidavit from the Receiver.

Restitution was sought by the beneficiary which resulted in legal action against the insurance company and the RDFI.

1.) What party (or parties) are liable? Why?

2.) What preventive measures and Rules compliance should have taken place?

3.) Would your financial institution have sustained a loss in this case?

Operating Risk Case Study

65


Fraud risk l.jpg
Fraud Risk electronic solutions that improve the payments system for the benefit of its members and their customers.

Fraud risk is the risk that ACH data will be compromised through the introduction of false transactions, the alteration of valid transactions, or the alteration of static data that controls the routing or settlement of valid ACH transactions.


Fraud risk case study l.jpg

ODFI Risk: Employee Fraud electronic solutions that improve the payments system for the benefit of its members and their customers.

A programmer at an ODFI scans a file before forwarding its to the ACH Operator, and locates a large ($1 million) credit transaction destined for an RDFI, where the programmer has a checking account under a false name. The programmer alters the file by placing his account number in the $1 million transaction.

The next morning, the programmer drives to his bank and wires $1 million to his account in Zurich. Later that morning, the intended Receiver realizes that the expected transaction was not posted.

The Originator requests reimbursement for $1 million form the ODFI for the payment that was misappropriated by the programmer.

1.) Who is liable in this case and why?

2.) What types of preventive measures should have been taken by the ODFI and RDFI?

3.) Would your financial institution have sustained a loss in this case?

Fraud Risk Case Study

79


Nature of ach transactions l.jpg
Nature of ACH Transactions electronic solutions that improve the payments system for the benefit of its members and their customers.

  • Consumer Transactions

    • 60 day right of recredit

    • Require an authorization

      • Written

      • Similarly authenticated

      • Notice = Authorization

      • Oral authorization

    • Include certain Standard Entry Class Codes

      • PBR, PPD and CIE

      • The eCheck applications


Nature of ach transactions19 l.jpg
Nature of ACH Transactions electronic solutions that improve the payments system for the benefit of its members and their customers.

  • Corporate Transactions

    • 24 hour right of recredit

    • Require an agreement that binds both parties to the NACHA Operating Rules

    • Includes certain Standard Entry Class Codes

      • Corporate Cross-Border Entries (CBR)

      • Corporate Cash Concentration and Disbursement Entries (CCD)

      • Corporate Trade Exchange Entries (CTX)


Additional risk factors l.jpg
Additional Risk Factors electronic solutions that improve the payments system for the benefit of its members and their customers.

  • Primary ACH Risk – Most common factors affecting the successful processing of an ACH transaction.

  • Transaction Level Risk – Lapses in security that affect the overall integrity of a transaction. Occurs many times in spite of an Originator’s best efforts.

  • Originator Level Risk – Actions within the purview of the Originator’s responsibilities that lead to an ACH transaction being compromised.


Additional risk factors21 l.jpg
Additional Risk Factors electronic solutions that improve the payments system for the benefit of its members and their customers.

Primary Risk

  • Unauthorized transactions

  • Returns/60 Day Right of Recredit

  • Account Numbers

    • ACH Returns due to Invalid Account Numbers

    • Fraudulently-used Valid Account Numbers

    • Closed Accounts

  • Non-Sufficient Funds


Additional risk factors22 l.jpg
Additional Risk Factors electronic solutions that improve the payments system for the benefit of its members and their customers.

Transaction-Level Risk

  • Transport Vulnerabilities – Interception of financial data, usernames or passwords transmitted in an insecure environment.

  • Log-In, Username and Password Cracking – Systematic generation and testing of username and passwords designated to fraudulently authorize a financial transaction.

  • One-Time Theft – Identity Theft.


Additional risk factors23 l.jpg
Additional Risk Factors electronic solutions that improve the payments system for the benefit of its members and their customers.

Originator-Level Risk

  • Employee-Initiated Fraud

    • Employees at Online Originators

    • Employees at Real World Originators

  • Spoofing (& Phishing)

    • Website spoofing

    • Email solicitations

  • Originator Non-Delivery


Ach annual self audit l.jpg
ACH Annual Self-Audit electronic solutions that improve the payments system for the benefit of its members and their customers.

  • Rule Compliance Audit Requirements

    • General audit requirements

      • Annual audit by December 1

      • Under the direction of audit committee, audit manager, senior level officer, or external examiner

      • Retained for 6 years and provided to NACHA upon request

    • Audit requirements for Participating DFIs

      • Includes all DFIs (RDFIs & ODFIs) & their third-party service providers

    • Audit requirements for ODFIs

      • Includes ODFIs and their third-party service providers


Resources l.jpg
Resources electronic solutions that improve the payments system for the benefit of its members and their customers.

  • www.epaynetwork.com

  • www.nacha.org

  • www.fdic.gov/consumers/consumer/guard/index.html

  • www.usps.com/postinspectors/dvdorder.htm

  • www.usps.com/missingmoneyorders/security.htm

  • 2006 ACH Rules Book

  • ACH Risk Management Handbook – 3rd Edition

  • The ACH Compliance Manual: How to Comply with ACH-Related Rules & Regulations – 4th Edition

  • Risk Management for the New Generation of ACH Payments

    Internet, Electronic Check and Telephone

  • Risk Management for Consumer Internet Payments

    ACH, Credit Cards, Debit Cards and P2P

  • Understanding Internet-Initiated ACH Debits

  • Third Party Senders, The ACH Network: An Implementation Guide


Slide26 l.jpg

  • Tim Mills, Director of Association Services electronic solutions that improve the payments system for the benefit of its members and their customers.

  • Electronic Payments Network/ The Payments University

  • 230 S. LaSalle, Suite 700

  • Chicago, Illinois 60604

  • tim.mills@epaynetwork.com

  • 312-913-2597


Questions comments l.jpg
Questions/Comments electronic solutions that improve the payments system for the benefit of its members and their customers.