Presentation is loading. Please wait.

Presentation is loading. Please wait.

LEADERSHIP + INNOVATION 2013 OLA Conference |October 16-17 |San Diego Get Educated on the NACHA Rules Marsha Jones, AAP, NCP, Director, TPPPA Lin Fellerman,

Published byDestini Lawder Modified over 10 years ago

Similar presentations

Presentation on theme: "LEADERSHIP + INNOVATION 2013 OLA Conference |October 16-17 |San Diego Get Educated on the NACHA Rules Marsha Jones, AAP, NCP, Director, TPPPA Lin Fellerman,"— Presentation transcript:

1 LEADERSHIP + INNOVATION 2013 OLA Conference |October 16-17 |San Diego Get Educated on the NACHA Rules Marsha Jones, AAP, NCP, Director, TPPPA Lin Fellerman, President and CEO, Secure Payment Systems

2 Agenda ODFI Warranties and Responsibilities Third-Party Senders Originator Responsibilities New Rules in 2013 Data Passing ODFI Return Rate Reporting Incomplete Transactions ACH Security Framework

3 ODFI General Rule – ARTICLE TWO SECTION 2.1 An ODFI is responsible for all Entries originated through the ODFI, whether by an Originator or through a Third-Party Sender. An ODFI is responsible for its Originators’ and Third-Party Senders’ compliance with the rules.

4 ODFI Warranties – ARTICLE TWO SECTION 2.4 Entry is properly authorized and has not been revoked Entry complies with all the Rules including proper use of SEC Codes Contains correct information Transmitted on the correct date For the authorized amount Transmitted securely

5 ODFI Indemnity for Breach of Warranty Indemnifies all RDFIs from and against any and all claims, demands, losses, liabilities, and expenses including attorney fees and costs as the result of directly or indirectly from breach of warranty. Includes any damages that result due to NSF caused by unauthorized entry. Includes damages an RDFI would be liable for under Regulation E as a result of the entry being presented

6 ODFI and Third-Party Sender Prerequisites to Origination – ARTICLE TWO SECTION 2.2 Perform Due Diligence on each Originator Assess the nature of ACH activity and the risk it represents Reassess at least annually Establish, implement and review exposure limits Establish and implement procedures to monitor origination and return activity Enter into agreements meeting minimum NACHA standard Bound by rules Adhere to laws Right to audit for compliance and terminate or suspend Originator

7 Authorization Requirements – ARTICLE TWO SECTION 2.3 Consumer CREDIT authorizations do not have to be in writing Consumer DEBIT authorizations must: Readily identifiable as authorization Clear and readily understandable terms including: Amount and timing of debits Satisfies applicable legal requirements If not, not considered authorized (Larimer Letter) Provide means to revoke authorization

8 Notice of Variable Debits to Consumer Accounts – ARTICLE TWO SUBSECTION 2.3.2.6 Change in Amount Must send written notification of change in amount at least 10 calendar days prior to the date of the scheduled payment No notice required if consumer chooses option in Authorization to receive notice only if amount falls outside of a specific range Change in Date Must send written notification of change in date at least 7 calendar days prior to the date of the next payment Does not include variations to dates due to holidays, Saturday or Sunday

9 Retention and Provision of Authorizations – ARTICLE TWO SUBSECTION 2.3.2.5 Must retain for two years from the termination or revocation of the authorization ODFI must provide to RDFI within ten banking days of written request Originator must provide in such a time and manner to enable ODFI to comply with their timeframe TPPP considerations NOTE: ODFI or TPPP have right to request at any time to ensure compliance Right to audit compliance with rules in agreements

10 Third-Party Sender Third Party Payment Processors Company that processes payments for merchants through its bank Bank has no direct relationship with merchants Know as Third-Party Sender under ACH Rules Know more broadly as Third Party Payment Processor No direct relationship with the Receiver of the payment

11 11 TPPP Flow Merchant (Originator) TPPP Merchant (Originator) Merchant (Originator) Bank (ODFI) Bank has no Agreement with the Merchant (Originator) Agreement Receiver Authorization TPPP has no Authorization with the Receiver

12 Third-Party Sender Obligations – ARTICLE TWO SECTION 2.15 Must provide ODFI with any information ODFI reasonably deems necessary to identify the Originator within 2 banking days of request. Warrants to ODFI that Originator agrees to follow the ACH rules and indemnifies ODFI for all claims, losses, damages, etc. due to Originators failure to comply. Assumes warranties for any functions they do on behalf of the bank. ODFI is ultimately responsible for TPS Jointly responsible with Originator for retention and delivery of required records, documentation, data or copies of documents.

13 Originator Responsibilities Use of proper Standard Entry Class (SEC) Code Including IAT Proper authorizations Including retention and delivery Prenotes Must wait 6 banking days prior to live entry Must process Notification of Changes Within 6 banking days or prior to next payment whichever is later

14 Reinitiation of Returns – ARTICLE TWO SUBSECTION 2.12.4 NSF (R01) and UCF (R09) Only two times Within 180 days Returned Stop Payment (R08) Payment was reauthorized Originator has taken corrective action to correct return New Authorizations (R07) (R10) etc. Correction of Routing/Account Information (R03)(R04)

15 New Rules Data Passing Rule – March 15, 2013 Prohibits sharing of customer information for the purposes of initiation debit entries not covered by the original authorization ODFI Return Rate Reporting – March 15, 2013 Reduces the timeframe for reducing the return rate below the threshold from 60 days to 30 days Failure to do so will result in rules enforcement proceedings Incomplete Transactions Consumers can be re-credited for payments they did not receive credit for using (R10)

16 New Rules – Supplement #2-2012 ACH Security Framework – September 20, 2013 Protects Consumer Non-Public information including banking data Requires TPPPs and Originators to perform assessments on security of data Whole cycle – Initiation, Processing, Storage through destruction Any form – paper, digital, recordings, voice, etc. Establish and implement policies, procedures and systems to address security

17 Rules Enforcement – APPENDIX TEN Class 1: (1 st = $1,000, 2 nd = $2,500, 3 rd = $5,000) Recurrence of previous violation within one-year Class 2: ($100,000 per month until resolved) Non-response or not intending to comply with Rules Violation Notice, Failure to comply with Return Rate Reporting Failure of ODFI or TPPP to provide proof of audit NACHA considers violation causes excessive harm to network Fourth or subsequent recurrence of same violation Class 3: ($500,000 per month until resolved) Class 2 continues 3 consecutive months Enforcement Panel can require suspension of the Originator

18 Questions? Marsha Jones, AAP, NCP Director Third Party Payments Processor Association (TPPPA) mjones@tpppa.org

Download ppt "LEADERSHIP + INNOVATION 2013 OLA Conference |October 16-17 |San Diego Get Educated on the NACHA Rules Marsha Jones, AAP, NCP, Director, TPPPA Lin Fellerman,"

Similar presentations

A GIA is a contract between a surety company and a contractor (or subcontractor)/principal. A GIA is a standard, typical document in the construction.

A GIA is a contract between a surety company and a contractor (or subcontractor)/principal. A GIA is a standard, typical document in the construction.
©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.

©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
Steps to Compliance: Managing Business Associates PRESENTED BY.

Steps to Compliance: Managing Business Associates PRESENTED BY.
The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.

The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.
WELCOME TO THE INDUSTRIAL COMMISSION SELF-INSURANCE SEMINAR.

WELCOME TO THE INDUSTRIAL COMMISSION SELF-INSURANCE SEMINAR.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.

Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.
1 Exception Processing New Directions UMACHA August 14, 2007 1:00 – 2:30 PM, CT.

1 Exception Processing New Directions UMACHA August 14, :00 – 2:30 PM, CT.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Electronic Funds Transfer Act Presented By: Crystal T. Lloyd.

Electronic Funds Transfer Act Presented By: Crystal T. Lloyd.
1 Credit card operation and the recent CardSystems incident HONG KONG MONETARY AUTHORITY 4 July 2005.

1 Credit card operation and the recent CardSystems incident HONG KONG MONETARY AUTHORITY 4 July 2005.
Check 21 and Image Exchange

Check 21 and Image Exchange
OLA {DRAFT} BEST PRACTICES Revised 6/25/2013. Payments Landscape Update Ever increasing scrutiny and pressure from every agency OCC (J LaRoche, May, 2013)

OLA {DRAFT} BEST PRACTICES Revised 6/25/2013. Payments Landscape Update Ever increasing scrutiny and pressure from every agency OCC (J LaRoche, May, 2013)
Protect Yourself from Your Customer Kristin A. Stedman, AAP Senior Vice President Education Services 1 © 2014 TACHA. All Rights Reserved.

Protect Yourself from Your Customer Kristin A. Stedman, AAP Senior Vice President Education Services 1 © 2014 TACHA. All Rights Reserved.
Research Development for Android Coopman Tom. What is Android?  Smartphone operating system  Google  Popular  ‘Easy to develop’  Open-Source  Linux.

Research Development for Android Coopman Tom. What is Android?  Smartphone operating system  Google  Popular  ‘Easy to develop’  Open-Source  Linux.
Unlawful Internet Gambling Enforcement Act Final Rule Joseph Baressi June 3, 2009.

Unlawful Internet Gambling Enforcement Act Final Rule Joseph Baressi June 3, 2009.
Hong Kong Privacy Code on Human Resource Management

Hong Kong Privacy Code on Human Resource Management
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
Code of Conduct for Mobile Money Providers 6 November 2014 All material © GSMA 2014. The policy advocacy and regulatory work of the GSMA Mobile Money team.

Code of Conduct for Mobile Money Providers 6 November 2014 All material © GSMA The policy advocacy and regulatory work of the GSMA Mobile Money team.

Similar presentations

Ads by Google