CUs learn about ACH audits, risk assessment
Oct. 3, 2013 – Yesterday’s NAFCU webcast prepared credit unions for their annual automated clearinghouse audits and provided a simplified overview of the latest operating rule changes at NACHA – The Electronic Payments Association.
Dennis Simmons, president and CEO of SWACHA – The Electronic Payments Resource, led the webcast, “Preparing for Your Annual ACH Audit and Risk Assessments,” and walked credit union participants through the general requirements of an ACH audit. He said key problems uncovered during audit findings at credit unions include:
- risk assessments not completed or updated as required;
- stop-payment forms not updated;
- written statement of unauthorized debit forms not completed accurately or showing incorrect return reason codes;
- origination agreements that don’t reflect 2010 rule amendments;
- exposure limits either not set, not realistic or not reviewed regularly; and
- return ratios not computed or reported to the credit union board.
“Have something in writing that you can hand to the auditor that says this is what we’re doing,” Simmons said. He said credit unions need to be able demonstrate their compliance during an audit.
When discussing risk assessment, Simmons says it is up to the credit union’s board of directors to set the institution’s risk policy. He said board and management oversight should leverage:
- appropriate risk tolerances;
- effective reporting;
- employee training;
- prudent vendor management practices; and
- existing risk management processes.
The objective of risk assessment, Simmons said, is to determine inherent risks and risk factors within electronic transaction activities and to identify key control practices to limit those risks.
On-Demand webcasts are available for 12 months after the live broadcast and are included in the registration fee. NAFCU Certified Compliance Officers who submit an affidavit of attendance for this webcast to firstname.lastname@example.org will receive 1.5 continuing education units.