NACHA’s Risk Management Portal is the single resource to access all of our risk databases. Through the Portal, industry participants can access the Third-Party Sender Registration Database, the Direct Access Registration Database, the Terminated Originator Database, and the Emergency Financial Institution Contact Database. Use of these databases, combined with other sound risk mitigation practices, can help industry participants effectively manage risk.
NACHA is committed to taking appropriate steps to secure the data collected and stored in the Risk Management Portal. The Portal is a hosted solution built with security and business continuity in mind, including physical security, encryption, user authorization and authentication processes, and auditing to verify satisfaction of privacy and security requirements. Authorized users must use the secure Risk Management Portal to access the Third-Party Sender Registration Database, the Direct Access Registration Database, the Terminated Originator Database, and the Emergency Financial Institution Contact Database. Data is encrypted while it is in transit to NACHA and remains encrypted while it is at rest in the solution. Moreover, compliance of the underlying cloud platform with key industry standards is certified by the cloud service provider.
Please see below to access the individual databases within the Risk Management Portal.
For a detailed Risk Management Portal Instruction Manual, please click here.
For a list of Frequently Asked Questions & Answers, please click here.
Third-Party Sender Registration Database
The Third-Party Sender Registration Rule requires all ODFIs to either register their Third-Party Sender (TPS) relationships or state that they do not have any. ODFIs are required to complete their registrations through the secure Third-Party Sender Registration Database located within the Risk Management Portal. ODFIs can register through either an individual TPS upload or bulk TPS upload process. The individual upload process allows for quick registration, editing and deactivating of individual TPS relationships, while the bulk upload (available in XML, Excel, and CSV) allows for registering, editing, deactivating, and maintaining groups of TPS relationships.
NACHA provides templates that ODFIs can use to build their own internal systems to the database specifications. The templates include a Word document outlining the specific fields for the Third-Party Sender Registration database and a description of those fields, along with a sample XML, Excel, and CSV file with the database fields included.
Unsure if you have Third-Party Senders as customers? You can learn more at www.nacha.org/thirdpartysenders, or by contacting your local Regional Payments Association or NACHA. Remember to provide your financial institution’s routing number in all communications, since this helps to identify you and your information in the database.
Direct Access Registration Database
Every ODFI is required to register its Direct Access status with NACHA by either acknowledging that it has no Direct Access Debit Participants or providing specific information about each Direct Access Debit Participant relationship. ODFIs will be required to complete their registrations through the secure Direct Access Registration Database located within the Risk Management Portal.
Terminated Originator Database
ODFIs and Third Parties can participate in NACHA's Terminated Originator Database (TOD) service, which can be accessed through the Risk Management Portal. The service can be used in the following ways:
- To add information on terminated Originators and Third-Party Senders.
- To investigate new Originators and Third-Party Senders before onboarding.
- To periodically verify your current Originators and Third-Party Senders, ensuring they have not been recently terminated by another ODFI.
Emergency Financial Institution Contact Database
NACHA's Emergency Financial Institution Contact Database provides a vehicle for communication during a crisis. This database is designed to include contact information for multiple key FI personnel. Typically FIs contribute operations and processing contacts; however, FIs should consider adding internal IT, security, or risk personnel as contacts. A variety of contacts greatly increases the value of the Emergency Financial Institution Contact Database.