Risk Management Portal

Through Nacha’s Risk Management Portal that includes the ACH Contact Registry, Third-Party Sender Registration (including identification of Nested Third-Party Senders), Direct Access Debit Participation Registration, and the Terminated Originator Database, ACH Network participants can help enhance Network quality and security, fueling innovation and the continued growth of the Network.

Portal Login (Note: This is not the same as your log in for nacha.org.) 

Nacha Portal Support Line: 703-349-4556, or Email Support: rmportal@nacha.org  

Databases in the Portal

The ACH Contact Registry - is for financial institutions to be able to more easily connect with other financial institutions about ACH operations, exceptions and risk management. All ODFIs and RDFIs are required to register contact information for ACH Operations and ACH Risk/Fraud. Optional contact categories are also available. Click here for more information.

Third-Party Sender Registration - all ODFIs are required to either register their Third-Party Sender (TPS) relationships or acknowledge that they do not have any TPS relationships. Once registered, just provide updates following any change to the information you’ve provided (including termination). 

If you are unsure whether or not your third-party customers are also Third-Party Senders, use the Third-Party Sender Identification Tool, or contact your local Payments Association, or Nacha. Remember to provide your financial institution’s routing number in all communications, since this helps to identify you and your information in the database.

ODFIs have an obligation to fulfill regarding 'Nested Third-Party Senders' as of Sept. 30, 2022. 

The Rules define Nested Third-Party Senders as any Third-Party Sender that has an origination agreement with another Third-Party Sender to act on behalf of an Originator and does not have a direct agreement with the Originating Depository Financial Institution (ODFI). ODFIs will be required to identify all Third-Party Senders which permit Nested Third-Party Sender origination relationships. Complete details on the Rule, as well as a one-page PDF summary, are available on the Third-Party Sender Rule Page on Nacha.org.

ODFIs will identify these Nested Third-Party Senders in Nacha's Risk Management Portal. Nacha has created a video to walk ODFIs through the process, and you may watch it here.

Direct Access Status Registration - all ODFIs are required to either register their Direct Access Debit Participant Status by providing specific information about each Direct Access Debit Participant or acknowledge that it has no Direct Access Debit Participants. Once registered, just provide updates following any change to the information you've provided (including termination). 

If you’re unsure whether your ODFI maintains Direct Access Debit Participant relationships, see our definitions and example scenarios, contact your local Payments Association (link is external), or Nacha. Remember to provide your financial institution’s routing number in all communications, since this helps us to identify you in our database.

Nacha offers the Terminated Originator Database (TOD) service in order for ODFIs and Third Parties to perform part of their due diligence for KYC (“Know Your Customer”) by being able to add information on, investigate new and periodically verify Originators and Third-Party Senders.

Inclusion in the TOD, after being terminated for cause, does not mean an Originator or Third-Party Sender is prohibited from working with another ODFI. However, it allows educated business decisions about new Originators or Third-Party Senders.

Nacha encourages ODFIs and Third Parties to use the NACHA TOD service in the following ways:

  • To add information on terminated Originators and Third-Party Senders.
  • To investigate new Originators and Third-Party Senders before onboarding.
  • To periodically verify your current Originators and Third-Party Senders, ensuring they haven’t been recently terminated by another ODFI.

Nacha is committed to taking appropriate steps to secure the data collected and stored in the Risk Management Portal. The Portal is a hosted solution built with security and business continuity in mind, including physical security, encryption, user authorization and authentication processes, and auditing to verify satisfaction of privacy and security requirements. Authorized users must use the secure Risk Management Portal to access the ACH Contact Registry, Third-Party Sender Registration, Direct Access Registration, and/or the Terminated Originator Database. Data is encrypted while it is in transit to Nacha and remains encrypted while it is at rest in the solution. Moreover, compliance of the underlying cloud platform with key industry standards is certified by the cloud service provider.