May 26, 2020

RMAG Sound Business Practices for Risk & Exposure Management: Part 2


Peter Hohenstein

Peter Hohenstein

Senior Director, ACH Network Administration

Part 2 of 4 (Part 1Part 3, Part 4

Earlier this year, the Nacha Risk Management Advisory Group (RMAG) met to expand upon a previous RMAG initiative on the topic of risk and exposure management. This is the second in a series of articles in which RMAG provides sound business practices various risk management topics based on its experience and expertise.

The following are the recommended sound business practices for limits and controls:

  • Review exposure limits on a regularly scheduled basis: While most financial institutions review the exposure limits on an annual basis (depending upon your financial institution’s credit policy or ACH Policy), you may want to review them on a more frequent basis. Refer to your financial institution’s internal policies for additional guidance.
  • Review new clients more frequently: When beginning a relationship with a new client, it may be advisable to review their exposure limits on a more frequent basis. One financial institution indicated that they review new customers on a three month, six month and one-year basis, before going to an annual review cycle.
  • Define criteria for when an additional review is needed: Within the policy structure of your financial institution, criteria should be defined as to when additional reviews are needed. Among the most frequently mentioned criteria were the following:
    • Recent change in the client’s financial condition (as defined by your organization)
    • If an Originator has exceeded their current limit a certain number of times over a defined period of time
    • If the Originator has a significant change in their business or business practices
  • Establish limits for internal Originators to reduce operational and reputational risk: This is an often-overlooked area within many financial institutions since credit risk for the internal department or affiliate company is generally not an issue. However, operational and reputational risks are important for a financial institution to monitor. Establishing an exposure limit at an appropriate level may prevent incorrectly built files that may contain duplicate or incorrect items from being sent out.

Please continue to follow Nacha Member NewsLink for additional articles from the Nacha RMAG on sound business practices in risk and exposure management.

The member-only Risk Management Advisory Group (RMAG) works with industry stakeholders and key Nacha staff to continually assess risks faced by Network participants. The group makes recommendations to Nacha about risk education, tools and resources, risk mitigation policies and potential rule changes. Learn more.