Third-Party Senders: Roles & Responsibilities of Financial Institution Vendors

The Automated Clearing House (ACH) is one of the most-used services that consumers have never heard of. With billions of transactions in the trillions of dollars, the National Automated Clearing House Association (Nacha) oversees the ACH operations and enforcement. Nacha has made waves with changes to its operating rules over the last few years to allow for more flexibility and convenience. Additionally, Nacha has enhanced usability for consumers and businesses that rely on this service.

Credit Nacha – Link

The continued growth of the ACH network and the consumer desire to pay and be paid faster opens the door for fintechs to meet this demand. There are top control considerations for fintech companies, and if you want to work with financial institutions (FIs), there are compliance requirements you’ll need to meet. In this case, it’s the Nacha Operating Rules and Guidelines.

Over the last few years, FIs have reviewed their ACH relationships to ensure they are classified correctly, registered with Nacha, and have copies of their third-party audits. With Nacha’s focus on third-party senders (TPS) and rule clarifications in 2021 and 2022, chances are if you’re a TPS and you haven’t gotten a call yet, you’ll get one soon.

How do I know if I’m a third-party sender?

If you’ve gotten a call and want to verify if your business is a TPS, you only need to ask yourself two questions:

  1. Is my business originating ACH transactions for the benefit of our customers?
  2. What origination agreements are in place?

If the answer to question 1 is yes and the answer to question 2 is agreements between you and your FI and you and your customer (no agreement between your FI and your customers), then you are a TPS. You can also verify with the TPS Identification Tool released by Nacha.

I’m a third-party sender, what now?

By accessing the network as a TPS, you agree to adhere to the Nacha Operating Rules. If this is news to you, review your FI’s agreement, it’s usually on the first or second page. To safeguard the network, FIs that provide TPS access must identify and register these entities with Nacha to ensure adherence with annual audit and risk assessment requirements.

As a TPS, you will need to complete an annual ACH risk assessment and compliance audit. While many dread the thought of having an audit performed, an ACH compliance audit can provide several benefits to your business. An audit not only ensures you meet your requirements with Nacha, but can also identify control gaps, weaknesses, or problems. An ACH compliance audit also provides your business the opportunity to correct issues before they arise. Reputation risk is critical to manage as concerns can quickly escalate and catch the ears of regulators and customers.

Although the Nacha rules audit will satisfy the requirement, you should also consider reviewing operational elements such as:

  • Policy & procedures
  • Reconciliations of daily activity
  • User permissions
  • Other ACH operations that are specific to your business

Prior to having an audit performed, you’ll want to conduct an ACH risk assessment because it is a Nacha rules requirement. The risk assessment should encompass:

  • Assessing the nature of risk associated with ACH activity
  • Having adequate management, information, and reporting systems to monitor and mitigate risk
  • Performing appropriate know-your-customer due diligence

Want to show off your ACH compliance?

FIs often perform significant vendor due diligence over third parties to ensure they have the controls in place to mitigate risks and meet ACH compliance requirements. One way to show FIs and clients that you take the regulatory requirements seriously and meet Nacha rules is to look into the Nacha certification program.