ACH Operations Bulletin #1-2012: Use of Automated Enrollment Entries to Reroute Government Benefit Payments

Posted September 12, 2012

This ACH Operations Bulletin provides guidance [1] to Participating DFIs that originate Automated Enrollment Entries (ENRs) on behalf of customers seeking to reroute Federal government benefit payments to a prepaid card.

AUTOMATED ENROLLMENT ENTRIES

The Automated Enrollment process allows DFIs to transmit, via the ACH Network, electronic enrollments for future ACH credits and debits that will be originated by Federal Government agencies.   An Automated Enrollment Entry (ENR) is defined in the NACHA Operating Rules (Rules) as “a Non-Monetary Entry initiated by a Participating DFI to an agency of the Federal Government of the United States on behalf, and at the request, of an account holder at the Participating DFI to enroll in a service that will enable Entries to such Person’s account at the
Participating DFI.”[2]

Recently, the U.S. Department of the Treasury, Financial Management Service (FMS) made NACHA aware that Federal Government agencies are experiencing fraud in cases where ENRs are used to reroute government benefits from existing bank accounts to prepaid debit cards. Some prepaid  card issuers allow consumers to  enroll  online via their  web  sites  to  receive government benefits on their prepaid card.   Fraudsters are purchasing a prepaid card, and subsequently using the card issuer’s web site to reroute government benefits from the legitimate receiver’s account to the fraudster’s prepaid card.   The web site enrollments are batched and submitted as ENRs via ACH by the issuer or by another financial institution on its behalf.  It is important that DFIs who originate ENRs understand the rules for these enrollments and the risks involved by warranting these entries.

LIABILITIES AND RESPONSIBILITIES

In transmitting ENR entries, DFIs are subject to the liabilities and responsibilities relating to the initiation of enrollment entries as governed by the provisions of Title 31 of the Code of Federal Regulation (CFR), Part 210.[3]   FMS will hold financial institutions liable for providing incorrect enrollment  information.    Financial  institutions, therefore,  should  carefully review all  Direct Deposit  enrollment  procedures.    Section  210.4(a)  lists  the  requirements  for  authorization including that “the agency or the RDFI that accepts the recipient's authorization shall verify the identity of the recipient.”  FMS applies the foregoing requirement to the financial institution that submits an ENR (i.e., the ODFI of the ENR) because either 1) it will be the RDFI of the resultant credit entries that are initiated in reliance of the RDFI’s authorization, or 2) it is originating the ENR on behalf of the RDFI of the resultant credit entries.

Section 210.8 (b)(2) states that:

“An RDFI that accepts an authorization in violation of §210.4(a) shall be liable to the Federal Government for all credits or debits made in reliance on the authorization. An RDFI  that  transmits  to  an  agency  an  authorization  containing  an  incorrect  account number shall be liable to the Federal Government for any resulting loss, up to the amount of the payment(s) made on the basis of the incorrect number. If an agency determines, after appropriate investigation, that a loss has occurred because an RDFI transmitted an authorization  or  notification  of  change  containing  an  incorrect  account  number,  the agency may instruct the Service [FMS] to direct a Federal Reserve Bank to debit the RDFI’s account for the amount of the payment(s) made on the basis of the incorrect number. The agency shall notify the RDFI of the results of its investigation and provide the RDFI with a reasonable opportunity to respond before initiating such a debit.”

Again, financial institutions should be aware that FMS applies this liability to the financial institution that originates an ENR, regardless of whether that financial institution is also the RDFI of the resultant credit entries or is working on behalf of the RFDI.

ACH Network participants should follow existing rules and regulatory guidance on customer authentication, including the FFIEC supplement to the Authentication in an Internet Banking Environment guidance issued in June 2011.[4]

RETURNS

Section 210.8(d) of Title 31 CFR, Part 210 states:

“If an RDFI becomes aware that an agency has originated an ACH credit entry to an account that is not  owned by the payee whose name appears in the  ACH payment information, the RDFI  shall promptly notify the agency. An RDFI that originates  a Notification of Change (NOC) entry with the correct account and/or Routing and Transit Number information, or returns the original ACH credit entry to the agency with an appropriate return reason code, shall be deemed to have satisfied this requirement.” In a case where the RDFI discovers the fraudulent rerouting of a benefit payment, the appropriate return reason code would be R16, as access to the account is restricted due to specific action taken by the RDFI.   If a Federal Government Agency notifies the  RDFI of the fraudulent rerouting, the appropriate return reason code would be R06 (Returned per ODFI’s request).

DFIs should be aware that if a Federal Government agency receives an ENR believed to be fraudulent, it will return the ENR to the DFI using Return Reason Code R40 (Return of ENR Entry by Federal Government Agency).

* * * *

NACHA CONTACTS

Questions about this ACH Operations Bulletin should be submitted via info@nacha.org.

####

1 This ACH Operations Bulletin is for information purposes, and is not intended to provide legal advice. NACHA’s
recommendations in this ACH Operations Bulletins do not constitute amendments to the NACHA Operating Rules.
2 See 2012 NACHA Operating Rules, Section 8.9 “Automated Enrollment Entry”, Page OR53.
3 See  http://ecfr.gpoaccess.gov/cgi/t/text/text- idx?c=ecfr&sid=c9bcac8bc5b2259a8f6884e7039d90e3&rgn=div5&view=text&node=31:2.1.1.1.8&idno=31
4 See  http://www.ffiec.gov/pdf/Auth-ITS-Final%206-22-11%20(FFIEC%20Formated).pdf

Access: Public