Risk Management Portal Frequently Asked Questions

Q: What databases are available in the Risk Management Portal?

A: The following databases are all accessible through the Risk Management Portal:

  • The Third-Party Sender Registration Database
  • The Direct Access Registration Database
  • The Terminated Originator Database (TOD)
  • The Emergency Financial Institution Contact Database

‚ÄčA description of each database can be found here.

Q: Who is eligible to use the Risk Management Portal?

A: Originating Depository Financial Institutions (ODFIs) must use the Risk Management Portal to register Third-Party Sender customers and Direct Access Debit participants or to acknowledge the absence of those relationships. ODFIs and Receiving Depository Financial Institutions (RDFIs) may access and contribute to the Emergency Financial Institution Contact Database and Terminated Originator Database. Additionally, Third-Party Service Providers and Third-Party Senders may use the Portal to access and contribute to the Terminated Originator Database. A description of each database can be found here.

Q: What security is in place to protect access and data on the Risk Management Portal?

A: NACHA is committed to taking appropriate steps to secure the data collected and stored in the Risk Management Portal (Database). The Database is a hosted solution built with security and business continuity in mind, including physical security, encryption, user authorization and authentication processes, and auditing to verify satisfaction of privacy and security requirements. Authorized users must use a secure portal to access the Database, and data is encrypted while it is in transit to NACHA and remains encrypted while it is at rest in the solution.  Moreover, compliance of the underlying cloud platform with key industry standards is certified by the cloud service provider.

Q: Do I need to register multiple times to access each database?

A: No. Each financial institution must register only once in the Risk Management Portal.  All databases are available from a single login within the Risk Management Portal.
 
Q: My financial institution has multiple Routing and Transit Numbers (RTNs). Which one do we register? Do we need to register every single RTN?

A: Each financial institution will select their primary RTN at registration and this number will remain associated with the financial institution for all applications within the Risk Management Portal. NACHA is using a list of RTNs from Accuity, the official ABA registrar, to track all RTNs associated with each financial institution. Both the Third-Party Sender and Direct Access registration rules require associating specific RTNs to individual customers or relationships.  Assigning the additional RTNs used by Third-Party Sender customers and Direct Access Debit participants for these registrations can be completed within the Third-Party Sender and Direct Access databases.
  
Q: My Third-Party Sender customer originates for many originators and a different Company ID is used for each. Which Company ID do I use?

A: Only register the TPS Company ID of the Third-Party Sender and not the company names and IDs of every Originator. The NACHA Operating Rules do not require the Company ID for every Originator associated with the Third-Party Sender.

Q: How many individuals from my organization may access the Risk Management Portal?

A: The Portal allows for one administrator from each organization and up to four additional users. The administrator will create an account within the Risk Management Portal and assign users access.

Q: My ODFI has already registered as not having a Direct Access relationship. Do we need to register again?

A: Yes. Each ODFI must reregister their Direct Access status. Each ODFI will attest to its Third-Party Sender customer status and Direct Access customer status during the initial registration. The status of each registration can be changed at any time within the Risk Management Portal. Once registered, you can print proof of registration for your Risk/ACH audit.

Q: How will NACHA use the information about registered Third-Party Sender customers and Direct Access participants?

A: Registration information will not be disclosed to outside parties. NACHA will publish aggregate statistical information from the registry as we learn more about Third-Parties and their relationship to the ACH Network.