National Automated Clearing House Association (NACHA) Rules Awareness Information Each UTA Merchant Customer ("UTA Merchant") originating ACH entries through United TranzActions must comply with the NACHA Operating Rules ("Rules") as stated within the ACH agreement between United TranzActions and the UTA Merchant. The National Automated Clearing House Association (NACHA) is the rule making body governing the ACH network and therefore all participants of the ACH network must comply with these Rules. To ensure that United TranzActions communicates effectively, we have provided links below to the specific, UTA Merchant requirements as stated within the Rules. Annually, it is recommended that you obtain a copy of the updated NACHA Operating Rules & Guidelines by visiting http://www.nacha.org. You may also obtain free limited access to the basic NACHA Operating Rules in read-only format by visiting www.nachaoperatingrulesonline.org. As you may be aware, NACHA updates these Rules with changes, additions and deletions on an annual basis. United TranzActions will ensure that, annually, we communicate these changes to ensure that our companies are educated and can make any necessary changes to their daily process as a result of these changes. It is important that you, as UTA Merchant utilizing the ACH network to process debit(s) and credit(s), make appropriate changes to your internal processes as necessary to accommodate any Rules changes that may be applicable to you. For a detailed and complete list of proposed rules and amendments and rule changes, visit https://www.nacha.org/newrules. If you have any questions regarding the application of these Rules, please do not hesitate to contact your United TranzActions' Relationship Manager. Your Responsibilities as an Originator
Customer Authorizations to Debit
Corporate Authorizations
Why are Proof of Authorization forms so important? When an accountholder questions the legitimacy of an ACH debit on their account, before their bank charging the item back to the originating party, the bank will request a Proof of Authorization Form from the ACH originator. What information do you need to include? Proof of Authorization forms can be collected in paper or electronic form and (at minimum) should:
How long do you need to retain POA forms? ACH originators should keep POA forms for two years after the date of the last transaction. It's up to the company whether they retain the form in paper or scanned/electronic format, but regardless, it's helpful to develop a retention system whereby you can easily produce all relevant supporting documentation. "Please click here to see a sample of the ACH Authorization form." Changing Date or Amounts of Debits
Pre-notifications (Pre-notes)
Notice of Change (NOC)
Notification of Change (NOC) Codes (most common)
Returns
Return Entry Codes (most common)
Reversals
OFAC (Office of Foreign Asset Control)
What is an ACH Application (SEC) Code? ACH applications are payment types used by Originators, such as your company, to identify ACH debit and/or credit entries transmitted to a corporate or consumer account at the RDFI. Each ACH application is identified and recognized by a specific Standard Entry Class (SEC) code, which appears in the ACH record format. The SEC code also identifies the specific record layout that will be used to carry the payment and payment-related information Standard Entry Class (SEC) Codes (most common)
What are the Fraud Risks for ACH? ACH Origination fraud is a challenge for Financial Institutions and ACH Originators like your company. In one origination system hacking scheme, perpetrators hack into the originator's (your company) computer system using compromised User IDs and passwords and originate ACH credits to "mule" accounts created for the express purpose of committing fraud. Those accounts are then emptied and abandoned. The true originator's account (your account) is debited for the invalid origination file. The credits are usually irretrievable by the time the fraud is discovered. The originator's credentials may have been compromised by an insider within the organization or stolen through key loggers or Trojan Horse programs on the compromised computer. Due to the risk of this type of fraud, it is essential that all computer equipment used by your company to operate UTA's ACH Origination program is regularly updated and patched for security vulnerabilities (including the use of and updating of firewall, virus protection, anti-malware protection, anti-spam protection.) You may also want to consider having one computer in your office which is not used to browse the internet or read e-mail to be your sole source of access to the UTA ACH Origination program. Limiting access to the computer which is used to house and transmit ACH data may help avoid the accidental downloading of harmful programs/viruses that could potentially compromise your transactions. The appropriate steps should be taken within your company to ensure that all User ID's, Passwords, Authentication Methods and any other applicable security procedures issued to your employees are protected and kept confidential. All staff should be aware of the need for proper user security, password controls and separation of duties. As ACH Origination is a higher risk commercial banking function, we suggest that your company perform your own internal risk assessment and controls evaluation periodically to be sure you are considering all available security options. What happens if a Security Breach occurs? Immediately contact the bank if you suspect an ACH data breach. As an ACH Originator, you are required to immediately report the breach to UTA. |
Additional Laws, Rules, and Regulations for ACH Agreements 1) Required annual UCC4A Disclosure Uniform Commercial Code Article 4A (UCC 4A) Uniform Commercial Code (UCC) is a series of state laws that govern commercial transactions. Article 4A of the UCC governs corporate ACH transactions that are referred to as "corporate wholesale credit entries." RDFIs may identify these transactions by Standard Entry Class Codes CCD or CTX. UCC 4A also addresses the commercially reasonable security procedures that must be in place for an ACH Origination to occur. UCC 4A Disclosure Requirements Funds Availability. The financial institution may make payment provisional on "wholesale credits" until receipt of final settlement from the Federal Reserve Bank. Wholesale credits (i.e., CCD and CTX entries) generally represent larger dollar values and increased risk. If the RDFI chooses to make payment provisional until final settlement, then notification of the provisional nature of the payment must be provided by means of a "Provisional Payment Disclosure." If the financial institution does not receive final settlement for an entry posted to the Receiver's account, then it is entitled to a refund from the Receiver. Provisional Payment Disclosure. "Credit given by [us] to [you] with respect to an Automated Clearing House credit entry is provisional until [we] receive final settlement for such entry through a Federal Reserve Bank. If [we] do not receive such final settlement, [you] are hereby notified and agree that [we] are entitled to a refund of the amount credited to [you] in connection with such entry, and party making payment to [you] via such entry (i.e., the Originator of the entry) shall not be deemed to have paid [you] the amount of such entry." Notice Disclosure Requirement. It is the RDFI's responsibility to notify Receivers of wholesale credits before midnight of its next funds transfer business day following the Settlement Date of the entry. If the financial institution fails to give such notice, it is obligated to compensate the Receiver for any interest losses incurred as a result of the failure. RDFIs are excused from providing next day notice as long as a disclosure is provided to customers/members that notification will not be given. Choice of Law Disclosure We may accept on your behalf payments to your account which have been transmitted through one or more Automated Clearing Houses (ACH) and which are not subject to the Electronic Fund Transfer Act and your rights and obligations with respect to such payments shall be construed in accordance with and governed by the laws of the state of Pennsylvania as provided by the operating rules of the National Automated Clearing House Association, which are applicable to ACH transactions involving your account. 2) Regulation E For Merchant's obligations with respect to consumer alleged errors, click on below link. |