On September 30, the National Automated Clearing House Association (NACHA) is instituting a new rule applying to third-party senders (TPS). The Third-Party Sender Roles and Responsibilities Rule addresses third-party senders that are direct customers of other TPSs and provides requirements for when a TPS must conduct a risk assessment.
About NACHA Rules
NACHA Operating Rules are meant to ensure the effective movement of every ACH payment through the network. NACHA also provides governance over sensitive customer information, including how it’s stored, who can access it, and how it can be shared.
Everyone who uses the ACH network, from consumers to businesses to financial institutions, must comply with the NACHA Operating Rules. The rules are updated annually, so it’s important to monitor the changes.
The New Third Party Sender Rule
This new NACHA rule generally covers nested third-party senders and third-party sender risk assessments. However, there are specifics to this new rule regarding the details in origination agreements between different types of institutions within the ACH network.
This rule defines a nested third-party sender as “a third-party sender that has an agreement with another third-party sender to act on behalf” of a company that initiates an ACH debit or credit. In this case, the nested TPS does not have its own direct agreement with the company initiating the transaction or the Originating Depository Financial Institution (ODFI), instead it is “nested” to the original third-party sender.
Let’s imagine using a third-party sender under this new rule. Franc Grocer uses Modern Billpay to pay invoices, but Modern Billpay has a nested TPS called Modern WayToPay. When Franc Grocer pays an invoice, this process takes a number of days as the grocer’s money moves through accounts for different TPSs.
Previously, agreements were required between an original TPS, like Modern Billpay, and the ODFI. Now there needs to be an origination agreement between a TPS and all of their nested TPSs, too. In the example above, Modern Billpay needs an origination agreement with their ODFI and with Modern WayToPay.
Another result of this rule change is that all ODFI Origination Agreements with third-party senders need to specify whether a TPS can have nested TPSs or not. Plus, ODFIs are required to identify third-party senders that allow nested TPS relationships and, if requested, share this information with NACHA.
Risk Assessment Specifics
When it comes to risk assessments, a third-party sender can no longer rely on a risk assessment completed by another TPS. All third-party senders, nested or not, must complete a risk assessment of their ACH activities. This change was made because each TPS operates independently, so one risk assessment cannot accurately identify all of the potential risks, challenges, or necessary risk management controls for any other given TPS.
Looking back at our example, if Modern WayToPay is a nested TPS of Modern Billpay, they can no longer rely on the risk assessment completed by Modern Billpay. Modern WayToPay and Modern Billpay are responsible for their own risk assessments.
These added risk assessments for TPSs are in addition to the annual NACHA Rules Compliance Audit, which existing NACHA rules still require.
After September 30th, organizations have six-months or until March 31, 2023 to complete risk assessments.
With these changes, using a third-party sender can further slow down your transaction processing time. Modern Treasury is a third-party service provider, which means we connect directly with your bank accounts to automate the movement of your money. If you’re curious about how Modern Treasury can help your business quickly move money, get in touch with us here.
For more details on this new NACHA rule, see https://www.nacha.org/rules/third-party-sender-roles-and-responsibilities-0.