Compliance Blog

Written by Bernadette Clair, Senior Regulatory Compliance Counsel

NACHA recently issued a new resource entitled Sound Business Practices for Evaluating Customer Risk which is generally designed to help financial institutions assess and monitor the risks associated with ACH originators for which they open or maintain accounts.

The resource is divided into the following broad sections:

Enterprise-Level Policies, Procedures and Assessments

General Policies

Regulatory References

Line of Business-Based Policies

ACH Client Policies, Procedures and Assessments

General Policies

Line of Business-Based Policies

Activity Policies

Regulation-Related Policies

Additional Investigation and Recordkeeping

NACHA indicates that the “sound business practices in this document are not intended to be prescriptive; instead, they provide Originating Depository Financial Institutions (ODFIs) with approaches that may be useful in developing, assessing and tailoring an appropriate and comprehensive due diligence process.”

In addition to providing general practices related to evaluating the credit, operational, regulatory and reputational risk of ACH originators, the document includes practices aimed at evaluating the risk posed by an ACH originator as a result of its line of business.  For an example of the recommended practices, here’s an excerpt from pages 6-7 on the evaluation of specific risks posed by ACH originators based on their line of business.

"ACH Line of Business-Based Policies

• Identify classifications of businesses and transactions that are of specific concern to ACH:

− Identify concerns for business types defined as more likely to pose an elevated level of risk and determine what actions should be taken to address those concerns

− Understand the products or services that the Originator is selling and its target audience

− Ensure that authorizations for such products or services comply with NACHA Operating Rules

− Determine if the Originator is selling online. If so, review authorization verbiage as well as the product satisfaction guarantee

• Assess Standard Entry Class (SEC) Codes to be used (for example, PPD, WEB, or ARC) along with specific types of payments (for example, mortgage payments; online bill payment; recurring bill payment)

• Consider the varying risk of different kinds of payments even within classes, for example, routine bill payments typically pose little risk but some types of online purchases may be riskier than others

• Ensure that the nature of originated transactions fits with the nature of the customer’s business"

The document contains numerous other recommended practices and is a must read for any ODFI.  It may be found in its entirety here.