Key Learnings from our Compliance Panel with Nacha

Introduction

Earlier this month, in conjunction with the National Automated Clearing House Association (Nacha), we co-hosted a panel discussion on ways to help mitigate fraud and risk on the ACH Network.

Moderated by our Product Marketing Manager, Pranav Deshpande, our panel included Amy Morris, Nacha’s Senior Director for ACH Network Rules, George Remennik, Senior Compliance Manager at Settle, and Eric Greenstein, Compliance Product Manager at Modern Treasury.

Background

Before diving into the key learnings from this panel, let’s level set on some background information on the key topics of our discussion.

What is the ACH Network?

Automated Clearing House (ACH) is a network used to move money electronically between banks within the United States. It allows for automated, electronic debiting and crediting of both checking and savings accounts. Almost every financial institution in the US works with the ACH Network.

What is Nacha?

The National Automated Clearing House Association (Nacha) governs the rules and regulations of the ACH network. Nacha’s Operating Rules are meant to ensure the effective movement of every ACH payment through the network. Nacha also provides governance over sensitive customer information, including how it’s stored, who can access it, and how it can be shared.

Everyone who uses the ACH network, from consumers to businesses to financial institutions, must comply with the Nacha Operating Rules. The rules are updated annually, so it’s important to monitor the changes. Some of the recent changes highlighted in our panel discussion included updates to the WEB Debit Requirements and a new rule for Nested Third Party Senders.

How do Settle and Modern Treasury work together?

Settle provides a cash flow management platform for e-commerce companies; they bank with Silicon Valley Bank (SVB) and use Modern Treasury for accounts payable and invoice factoring payments. When Settle wants to initiate a payment on behalf of vendors and customers, they use Modern Treasury’s API or web app to initiate and reconcile payments over ACH, wire transfers and other payment methods.

What is Modern Treasury’s Compliance Product?

We recently launched our compliance product to provide a comprehensive compliance offering fully integrated with payments. When it comes to compliance, we looked at what programs existed in the market and found no option that solves all the problems faced by companies who move money. We saw an opportunity to help customers get to market faster, maintain compliance, and minimize fraud, without the heavy lifting typically required. Our compliance product handles user onboarding, transaction monitoring, and case management all within a company’s payment operations.

Key Learnings

Fraud and Fraudsters are Ever-Changing and Ever-Present

Fraud is a scary reality for companies across all industries and, to make things more challenging, fraudsters are constantly changing their tactics. Some of the most common forms of fraud include using stolen credentials or synthetic identities to gain access to personal or business bank accounts.

Whether it is through phishing scams, social engineering, a data breach, user information stored on public computers, or even dumpster diving there are lots of venues through which fraudsters can gain access to pertinent financial information. Once a fraudster has access to your accounts, they will try things like signing up for credit cards, removing money from accounts, making purchases, paying their bills, and otherwise use your money as their own.

ACH is a debit and credit system and fraud can occur in both directions on the network. Fraud in terms of an ACH debit can look like a person using fictional information to make a purchase or pay a bill with money from someone else’s account. While fraud for an ACH credit looks like the redirection of funds to a fraudster’s bank account.

Account validation is a best practice for mitigating fraud on any type of transaction. At a minimum Nacha requires that both an account number and the account’s ability to accept an ACH transaction have both been validated. Other additional ways to validate the ownership of a bank account to help prevent fraud include validating the activities on the account and reviewing the financial behaviors of the account owner.

All businesses and financial institutions should be concerned about fraud. However, fintech startups and small tech companies can be bigger targets for fraudsters because they generally have less of a focus on compliance than more established companies. Whenever possible, companies should hire an experienced staff that can identify and respond to fraud quickly. Additionally, it is imperative that companies invest in a robust compliance program to minimize potential losses to fraud.

Along with banks and businesses using the ACH network, Nacha is also proactive about identifying and working to prevent fraud. Nacha’s regular updates and changes to the ACH network operating rules help to ensure higher-quality, lower-risk transactions on the network. Ultimately, Nacha has the goal of making changes to the network’s operating rules before an issue becomes too common–and they are constantly monitoring trends in fraud.

A Robust Compliance Program is Essential for Any Business Using the ACH Network

Building a compliance and fraud program is a necessity, not an option, for any company that moves money. Companies building products to move money have avenues for fraud, and are subject to Bank Secrecy Act (BSA) regulations designed to prevent money laundering and terrorism financing.

The performance of compliance and fraud programs impacts a business’ bottom line. Companies can face heavy fines for money laundering and sanctions violations from the Financial Crimes Enforcement Network (FinCEN). Creating an effective compliance program requires an investment of time and resources but is a critical component to launching a business that relies on moving money.

One thing businesses need to consider when it comes to compliance is whether it makes more sense to buy a solution or build one in-house. Companies often have to rely on, integrate, and manage multiple tools from different vendors to put together a compliance program. This can include separate tools for Know Your Customer (KYC), suspicious activity report filing, transaction monitoring, and payments. This requires hours of engineering work and leads to slower time-to-market and brittle systems prone to downtime.

How Modern Treasury Can Help

Modern Treasury can help you set up payments with a robust compliance program from day one. Reach out to us to find out how.

You can watch a recorded version of the webinar here.