Third-Party Sender Roles and Responsibilities

Effective Date

Rule Status

Rule Status
Open for comment

Comments Due by July 1, 2021

Nacha is seeking comment and feedback from industry stakeholders on two related Rules proposals collectively referred to as “Third-Party Sender Roles and Responsibilities”

The overarching purpose of these proposals is to further clarify the roles and responsibilities of Third-Party Senders in the ACH Network by

  1. Addressing the commercially existing practice of Nested Third-Party Sender relationships, and
  2. Making explicit and clarifying the requirement that a TPS conduct a Risk Assessment


To submit comments via SurveyMonkey, Click here.

Details

Details

Please review the Rules Proposal Description from the Resource list for complete details

This Request for Comment includes the following specific proposals to amend the Nacha Operating Rules:

Address the commercially existing practice of Nested Third-Party Sender relationships:
  • Define a Nested Third-Party Sender
  • Establish the “chain of agreements” and responsibilities in a Nested TPS arrangement
  • Update the requirements of an Origination Agreement for a Nested TPS relationship
  • Update existing TPS registration to denote whether a TPS has Nested TPS relationships
Third-Party Sender performance of a Risk Assessment
  • Make explicit that a Third-Party Sender, whether nested or not, must complete a Risk Assessment of its ACH activities

  • Clarify that a Third-Party Sender cannot rely on a Rules Compliance Audit or a Risk Assessment completed by another TPS in the chain; it must conduct its own

Nacha seeks comment on these proposed Rule changes. Responses are requested by July 1, 2021.

Technical

Technical

Please review the Rules Proposal Description and Modifications to the Rules from the Resource list for complete technical details

Nested Third-Party Sender

This proposal would define a Nested Third-Party Sender, and would provide for the “chain of agreements” and responsibilities

A “Nested Third-Party Sender” would be defined as a Third-Party Sender that has an agreement with another Third-Party Sender to act on behalf of an Originator, and does not have a direct agreement with the ODFI

Nested TPSs must be addressed in ACH Origination Agreements

  • An ODFI Origination Agreement with a TPS must address whether the TPS can have Nested TPSs, and if so, “push down” the requirement for an Origination Agreement to exist between a TPS and a Nested TPS
  • An Origination Agreement must exist between a TPS and a Nested TPS to ACH Origination Agreements would be applicable on a going-forward basis from the effective date

Other TPS obligations and warranties would be updated to identify and cover Nested TPS relationships

An ODFI must identify in Nacha’s Risk Management Portal all Third-Party Senders that allow Nested Third-Party Sender customers

  • E.g., “Does TPS “XYZ” have Nested TPS customers?  Check Yes or No.”
  • Upon request, an ODFI must provide Nacha with the Nested TPS relationships for any TPS
TPS Risk Assessments

Risk Assessments are already defined and required in the Nacha Rules for Financial Institutions and, by extension, for Third-Party Senders under their obligations to perform and warrant ODFI obligations

  • However, the Risk Assessment obligation for TPS is not expressly stated

The proposed rule would expressly state that a Third-Party Sender, whether or not it is Nested, is required to conduct a Risk Assessment

  • As with other parties that conduct Risk Assessments, a Third-Party Sender must implement, or have implemented, a risk management program based on their Risk Assessment
  • The obligation to perform a Risk Assessment, as well as the required Rules Compliance audit, cannot be passed onto another party; i.e., each participant must conduct its own

Impact

Impact

Anticipated Benefits

Nested Third-Party Sender

The proposal is intended to provide clarify and remove confusion about roles and responsibilities of parties involved in a Nested Third-Party Sender relationship

  • Defines a Nested Third-Party Sender, and provide clarity on agreements and obligations of defined parties
  • Further encourages a culture of compliance and risk management in ACH, especially regarding TPS relationships
  • Reasonably expands ODFIs’ due diligence to know whether TPS customer have Nested Third-Party Sender relationships

Ultimately, better clarity and knowledge by ACH participants about the roles and responsibilities of parties should help improve ACH quality

TPS Risk Assessments

Risk Assessments are vital to managing risk for any party in the ACH Network; clarifying this requirement will promote active risk management by Third-Party Senders

  • Encourages a culture of risk management and compliance in ACH processing
  • Aligns the ACH Network with the wider payments industry
  • Improves the quality of ACH payments by elevating the prominence of risk assessment among additional ACH Network participants


Anticipated Impacts

Nested Third-Party Sender

To the extent that ODFIs and Third-Party Senders do not already address Nested TPSs, they might need to:

  • Modify Origination Agreements for future use (i.e., going-forward after the effective date)
  • Expand due diligence on TPS customers regarding Nested TPS relationships

ODFIs with Third-Party Sender relationships will need to update their registrations in the Risk Management Portal to denote which TPSs have Nested TPS relationships

  • ODFIs that have TPS-Nested TPS relationships must be able to provide Nacha with such information, upon request
TPS Risk Assessments

Third-Party Senders that have not previously conducted an ACH risk assessment would have to do so

Third-Party Senders that have relied on other TPSs’ Risk Assessments or Rules Compliance Audits would need to conduct their own

FAQs Section

FAQs Section
Coming soon