ACH and Third Party Payment Processors Definition of Third-Party - - PowerPoint PPT Presentation

ach and third party payment processors definition of
SMART_READER_LITE
LIVE PREVIEW

ACH and Third Party Payment Processors Definition of Third-Party - - PowerPoint PPT Presentation

Jul 08, 2023 99 likes •372 views

ACH and Third Party Payment Processors Definition of Third-Party Relationship Entity with which financial institution has entered into a business relationship Facilitate customer access to bank services or products Perform functions

slide-1
SLIDE 1

ACH and Third Party Payment Processors

slide-2
SLIDE 2

FEDERAL DEPOSIT INSURANCE CORPORATION FEDERAL DEPOSIT INSURANCE CORPORATION 2

Definition of Third-Party Relationship

  • Entity with which financial institution has

entered into a business relationship

 Facilitate customer access to bank services or products  Perform functions on the bank’s behalf

  • Bank or non-bank, affiliated or non-

affiliated, regulated or non-regulated, domestic or foreign

slide-3
SLIDE 3

FEDERAL DEPOSIT INSURANCE CORPORATION FEDERAL DEPOSIT INSURANCE CORPORATION 3

Definition of Third-Party Payment Processor

  • What is a Third-Party

Payment Processor

  • r “Processor”?

 Depositor that uses its banking relationship to process payments for its merchant clients

  • Benefits:

 Fee income  Large deposit balances  Capital injections

  • Concerns:

 Merchant clients several entities removed  Nested or aggregator relationships  Merchant client activities

slide-4
SLIDE 4

FEDERAL DEPOSIT INSURANCE CORPORATION FEDERAL DEPOSIT INSURANCE CORPORATION 4

Financial Institution Responsibility

  • Board and management oversight tailored

depending on the relationship

  • The Board and management are

responsible for managing activities conducted through third parties as if the activity were conducted directly by the institution

 Indemnity agreement not enough

slide-5
SLIDE 5

FEDERAL DEPOSIT INSURANCE CORPORATION FEDERAL DEPOSIT INSURANCE CORPORATION 5

Risk Management Framew ork

  • Four Key Elements

 Risk Assessment  Due Diligence  Contract Structuring and Review  Oversight

slide-6
SLIDE 6

FEDERAL DEPOSIT INSURANCE CORPORATION FEDERAL DEPOSIT INSURANCE CORPORATION 6

2012 FDIC Revised Guidance

  • n Payment Processor

Relationships

slide-7
SLIDE 7

FEDERAL DEPOSIT INSURANCE CORPORATION FEDERAL DEPOSIT INSURANCE CORPORATION 7

FDIC Financial Institution Letter FIL-3-2012

  • January 31, 2012

 FDIC releases Revised Guidance on Payment Processor Relationships  Replaces & updates 2008 Guidance on Payment Processor Relationships (FIL- 127-2008)

slide-8
SLIDE 8

FEDERAL DEPOSIT INSURANCE CORPORATION FEDERAL DEPOSIT INSURANCE CORPORATION 8

Specific Risks of Processors

  • Credit Risks

 Charge-backs from unauthorized transactions  Regulation CC warranty  Operational Risk

  • Compliance Risks
  • Reputational Risks

 Financial institution tied to merchant clients

  • Legal Risk

 Class action lawsuits

slide-9
SLIDE 9

FEDERAL DEPOSIT INSURANCE CORPORATION FEDERAL DEPOSIT INSURANCE CORPORATION 9

Processor Red Flags

  • Targeting problem financial institutions in

need of capital/earnings

  • Smaller financial institutions with limited

resources for proper monitoring

  • Processors with relationships at multiple

financial institutions at the same time

  • Consumer complaints
  • High Unauthorized Return Rates (URRs)
  • r returns/charge-backs
slide-10
SLIDE 10

FEDERAL DEPOSIT INSURANCE CORPORATION FEDERAL DEPOSIT INSURANCE CORPORATION 10

Financial Institution Protections

  • Due diligence (initially & ongoing) – Know

Your Customer(‘s Customer)

  • Policies & procedures for monitoring

(URRs/Returns, complaints, etc.)

  • Be aware of potential Compliance Risks
slide-11
SLIDE 11

FEDERAL DEPOSIT INSURANCE CORPORATION FEDERAL DEPOSIT INSURANCE CORPORATION 11

Types of Payments

  • Types of Payments

 Remotely Created Checks (RCCs)  Automated Clearinghouse Items (ACHs)

slide-12
SLIDE 12

FEDERAL DEPOSIT INSURANCE CORPORATION FEDERAL DEPOSIT INSURANCE CORPORATION 12

Remotely Created Checks

  • What are RCCs?

 Regular paper check that the Merchant creates  No consumer signature  Consumer provides account number & bank routing number, and merchant prints check  Merchant submits for regular check processing

slide-13
SLIDE 13

FEDERAL DEPOSIT INSURANCE CORPORATION FEDERAL DEPOSIT INSURANCE CORPORATION

Remotely Created Check (example)

13

slide-14
SLIDE 14

FEDERAL DEPOSIT INSURANCE CORPORATION FEDERAL DEPOSIT INSURANCE CORPORATION 14

Risks of RCCs

  • Consumer complaints regarding unauthorized

withdrawals from account

  • High volume – difficult to monitor
  • High URRs and returns/charge-backs
  • Unregulated environment
slide-15
SLIDE 15

FEDERAL DEPOSIT INSURANCE CORPORATION FEDERAL DEPOSIT INSURANCE CORPORATION 15

Basic ACH Terms

  • Parties – Originator, ODFI, ACH Operator, RDFI, Receiver.
  • SEC Type – 23 Standard Entry Class Codes, such as WEB, TEL,

IAT, POP, RCK.

  • Return Codes – R01-R83
  • Credit Risk – 2 banking days from processing to settlement.
  • Debit Risk – 60 day returns from statement date.
  • Direct Access – third party uses the ODFI routing number.
  • Terminated Originator Database – kept by NACHA
slide-16
SLIDE 16

Operator (FRB/other) RDFI RDFI RDFI ODFI Direct Originator TPPPs

TPPP

TPPP

“Nested”

8 Originator TPPP Originator

ACH Origination Process

ODFI – Originating Depository Institution RDFI – Receiving Depository Institution Originator – has a direct relationship with the Bank TPPP – third party payment processor (third-party sender) who has the relationship with Originators (merchant clients) and “nested” TPPP. “Nested” TPPP – a TPPP who processes for others and sends the files to the TPPP.

slide-17
SLIDE 17

FEDERAL DEPOSIT INSURANCE CORPORATION FEDERAL DEPOSIT INSURANCE CORPORATION 17

Audit

  • NACHA Operating Rules and Guidelines published
  • annually. Appendix Eight Audit required by

December 31 each year.  Note that this is an audit on following operating rules by NACHA.  Focused on if the transactions are processed correctly.  The audit needs to be independent by a qualified individual.

slide-18
SLIDE 18

FEDERAL DEPOSIT INSURANCE CORPORATION FEDERAL DEPOSIT INSURANCE CORPORATION 18

Risk Assessment

  • NACHA’s Risk Management and Assessment rule (effective

6/18/10) requires that all Participating DFIs conduct a risk assessment of their ACH activities and implement risk management programs based on the results of such assessments  Requires overall review of the business of doing ACH  Could include:

  • Allowed and prohibited business lines
  • Contracts
  • Policies
  • Third party payment processor arrangements
  • Staffing
  • Limits (underwriting like a loan)
slide-19
SLIDE 19

FEDERAL DEPOSIT INSURANCE CORPORATION FEDERAL DEPOSIT INSURANCE CORPORATION 19

Risk Assessment

Risk Assessment Objectives:

  • Determine risks/threats in ACH activities
  • Determine overall inherent risk
  • Review of the key control practices to limit those

risks

  • Evaluate residual risk (risks vs. controls in place)

and determine if level is acceptable

  • Test controls for effectiveness
slide-20
SLIDE 20

FEDERAL DEPOSIT INSURANCE CORPORATION FEDERAL DEPOSIT INSURANCE CORPORATION 20

What’s Changed

  • Fee Income – revenue source as net interest margins shrink.
  • Federal Reserve Statistics – unauthorized returns (.03%),

returns rates (1.01%), and % forwarded to assets (8%).

  • Volume - ACH Volume Increases 2.4% in 3rd Quarter 2012 with

4.11 billion transactions moving approximately $9.1 trillion.

  • Fraud – PATCO ACH Fraud Ruling Reversed: Appeals Court

calls Bank’s Security ‘Commercially Unreasonable’ only log-in and password credentials. $500,000 drained from deposit accounts.

  • Risk - Third-Party Payment Providers (TPPP) in FIL-3-2012 and

FIL-44-2008. Internet Banking Environment FIL 50-2011.

slide-21
SLIDE 21

FEDERAL DEPOSIT INSURANCE CORPORATION FEDERAL DEPOSIT INSURANCE CORPORATION 21

Themes and Trends

  • No Board-approved policies/procedures
  • Growth beyond financial institution’s

resources/abilities

  • Increase in fee income short-lived due

to charge-backs

  • Underestimate potential reputation risks
slide-22
SLIDE 22

FEDERAL DEPOSIT INSURANCE CORPORATION FEDERAL DEPOSIT INSURANCE CORPORATION 22

Red Flags

  • Transaction Volume Swings –Originators whose business or
  • ccupation does not warrant the volume or nature of ACH

activity

  • Outbound (known) illegal Internet gambling debit(s) for

commercial client(s);

  • Originators whose origination activity suddenly exceeds

projections/credit limits with no reasonable explanation for such.

slide-23
SLIDE 23

FEDERAL DEPOSIT INSURANCE CORPORATION FEDERAL DEPOSIT INSURANCE CORPORATION 23

Red Flags

  • Originators (especially TPPPs) generating a high rate or high

volume of invalid account returns, unauthorized returns, or

  • ther unauthorized transactions;
  • R05 (Corp. Debit posted to consumer acct not authorized) / R07

(Authorization Revoked), R10 (Consumer advises not authorized), R29 (Corp advises not authorized) where return rate exceeds 1% (NACHA guideline).

  • R03 (No Acct.) / R04 (Invalid Acct.) if volumes exceed “normal”
slide-24
SLIDE 24

FEDERAL DEPOSIT INSURANCE CORPORATION FEDERAL DEPOSIT INSURANCE CORPORATION 24

Yellow Flags

  • R01 (NSF) / R09 (Uncollected funds)
  • R02 (Acct. Closed)
  • R08 & R52 (Payment stopped)
slide-25
SLIDE 25

FEDERAL DEPOSIT INSURANCE CORPORATION FEDERAL DEPOSIT INSURANCE CORPORATION 25

Questions?

slide-26
SLIDE 26

FEDERAL DEPOSIT INSURANCE CORPORATION FEDERAL DEPOSIT INSURANCE CORPORATION 26

Thanks!

Pete Martino Field Supervisor FDIC pmartino@fdic.gov