Risk Retreat Sessions
2026
Tuesday, August 4
1:00 PM – 1:10 PM – Welcome to Nacha’s Risk Retreat
Speaker: Stephanie Prebish, AAP, AFPP, APRP, CTP
Senior Managing Director, Association Services
Nacha
1:15 PM – 2:15 PM – Creating a Culture of Compliance
Risk management cannot operate in a silo or rest with a single team. The organizations that navigate challenges most effectively are those that create a culture where employees at every level understand how their decisions contribute to managing risk. In this interactive session, attendees will discuss practical strategies for making risk relevant to people with different priorities, perspectives, and levels of risk awareness. From frontline staff to senior leadership, participants will discuss ways to communicate risk more effectively, build accountability, and foster a culture where managing risk becomes a shared responsibility across the organization.
2:20 PM – 4:55 PM – The Risk Lifecycle: From Incident to Examination
What happens after an incident occurs? In this interactive workshop, participants will step into multiple roles throughout the lifecycle of a payments risk event: decision-maker, risk manager, and examiner. Through realistic scenarios and collaborative exercises, attendees will identify risks, develop response strategies, and ultimately assess whether those decisions would stand up to regulatory scrutiny.
Part 1: Learning from the Headlines
Using recent payments-related events as a starting point, attendees will discuss emerging risks, identify key stakeholders and priorities, and explore practical lessons that can strengthen preparedness before an incident occurs.
Part 2: Building the Response
Participants will identify the risks that concern them most and evaluate whether existing policies, controls, and technologies adequately address those threats. Teams will identify gaps, develop remediation strategies, and consider how they would communicate decisions to leadership, boards, and regulators.
Part 3: Becoming the Examiner
Finally, participants will review another team's response from the regulator's perspective, assessing whether it was sufficient, identifying areas of concern, and developing examination findings and recommendations.
Attendees will leave with practical strategies for translating current events into action, strengthening their organization's fraud and risk management practices, and preparing to confidently explain and defend those decisions to leadership and regulators alike.
Wednesday, August 5
8:30 AM – 9:30 AM – Fraud Monitoring Readiness Workshop: Identifying Gaps
With the new Nacha fraud monitoring requirements now in effect, organizations must be able to demonstrate that their fraud monitoring approach is reasonably designed to identify potentially fraudulent ACH activity. In this lab, participants will walk through a practical, repeatable exercise they can use at their own organization to assess whether their current fraud monitoring processes, tools, and controls are meeting the intent of the Nacha rules. Working through realistic scenarios, attendees will evaluate how fraud risks are identified today, where monitoring may fall short, and how gaps can be documented, prioritized, and addressed. The focus is not on specific technologies, but on building a defensible, risk-based assessment process that supports compliance, operational effectiveness, and examiner expectations.
9:35 AM - 10:35 AM – Follow the Money: BSA Decisions with Imperfect Information
BSA and AML decisions are rarely made with complete clarity. More often, professionals must act based on limited data, time constraints, and competing risk considerations. In this workshop, participants will review transaction activity and customer information that is intentionally incomplete or ambiguous. Working in small groups, attendees will determine whether to monitor, escalate, file, or close, and will defend their decisions based on risk, regulatory expectations, and institutional policies. The session emphasizes judgment, documentation, and consistency rather than “right” answers. Participants will gain practical experience navigating gray areas and leave better prepared to make and support defensible BSA decisions in real-world situations.
10:40 AM - 11:55 AM – The Payments Court: Faster Payments Unit
In the world of instant transactions, payment disruptions are inevitable. The dedicated professionals who resolve them are part of an elite squad known as the Faster Payments Unit. These are their processes.
In this interactive session, you’ll step into the courtroom. We’ll present a real-world payments lawsuit, with half the class representing the plaintiff and half the defendant. You’ll argue your side in a mock trial, debating key issues around faster payments liability, processes, and outcomes. By the end, you’ll have sharpened your understanding of both sides of the legal coin in faster payments disputes.
12:00 PM - 12:45 PM – Lunch
12:50 PM - 1:50 PM – Designing Controls for What You Don’t Control
Third-party relationships and fintech partners play a critical role in today’s payments ecosystem, but risk does not stop at organizational boundaries. In this session, participants will examine how to design, assess, and document controls when key processes, data, or decisions sit with external partners. Attendees will work through practical scenarios involving third-party participants, vendors and fintech relationships to identify where oversight is effective, where gaps commonly exist, and what controls actually mitigate risk when direct control is limited. The session focuses on governance, monitoring, and accountability, helping participants strengthen how third-party risk is managed and defended.
1:55 PM - 2:55 PM – Managing Risk During Change
Periods of change introduce some of the highest risk in payments operations. In this workshop, participants will work through realistic change scenarios such as system conversions, new product launches, acquisitions, or process redesigns, and assess how risk management and controls should adapt during transition periods. Attendees will identify where standard monitoring may break down, what compensating controls are appropriate, and how to maintain oversight while operations evolve. The session emphasizes proactive planning and practical decision-making to help participants manage risk effectively when normal processes are in flux.
2:55 PM – 3:00 PM – Closing Remarks