The ACH network electronically exchanges funds and related information among individuals, businesses, financial institutions, and government entities. Payment instructions originated through the ACH network are either to credit or to debit a deposit account. The ACH operator provides a central distribution and settlement point for transmitting funds electronically between an ODFI and a RDFI.
| Role | Description and Responsibilities |
|---|---|
| Originator |
|
| ODFI |
|
|
ACH operator (In the U.S., there are two ACH Operators that receive batches of ACH entries from the ODFI (central clearing facilities): The Federal Reserve and The Clearing House.) |
|
| RDFI |
|
| Receiver |
|
| TPPP / TSP |
|
NACHA manages the development, administration, and governance of the ACH network. The NACHA Operating Rules guide risk management and apply to all participants in the network. NACHA enforces a national system of fines which provides structure for evaluating possible violations of the NACHA Operating Rules.
ACH data always flows from originator to receiver as follows:
- Originator initiates a debit or credit payment order to the ODFI
- ODFI transmits the payment information to the ACH operator
- ACH operator receives data from the ODFI and sorts the entries by routing number
- ACH operator transmits the entries to the RDFI
- RDFI receives, processes, and posts the ACH data to the receiver account on settlement day
Unlike the wire transfer and check systems, the ACH is both a credit and a debit payment system. ACH credit transactions transfer or distribute funds from the originator to the receiver, resulting in a deposit to the receiver’s account. Conversely, ACH debit transactions transfer or collect funds from the receiver to the originator resulting in a withdrawal from a receiver’s account.
Please see the EPS Review topic for a detailed discussion of EPS review procedures.
ODFI Risk Management
From a risk management perspective, the ODFI is the gatekeeper of the ACH network. It is the ODFI that enables an Originator to present debit Entries into the ACH network. Most importantly, the ODFI is responsible for the valid authorization of every ACH debit it processes. NACHA Rules require the ODFI to enter into an Origination Agreement with each Originator for which it processes ACH transactions. This includes any Third-Party Sender which acts as an intermediary between the Originator (the client of the Third-Party Sender) and the ODFI (the credit union of which the Third-Party Sender is a member).
Credit unions that engage in ACH transactions with high-risk originators or Third-Party Senders face increased reputation, credit, transaction, and compliance risks. High-risk originators include entities that are engaged in potentially illegal activities or that have an unusually high volume of unauthorized returns. High-risk originators often initiate transactions through Third-Party Senders because they have difficulty establishing a relationship directly with a financial institution. Because of the ODFI’s obligations and these increased risk factors, it should exercise appropriate risk-based due diligence when on-boarding new Originators and Third-Party Senders. The ODFI should also perform appropriate account monitoring to determine whether excessive returns or other suspicious patterns of activity warrant further review, enhanced due diligence, and more aggressive risk mitigation.
International ACH Transactions
The ACH network facilitates batch payments processing domestically within the U.S. An IAT is a credit or debit payment instruction exchanged electronically across national borders. Inbound IAT transactions are payment transactions that enter the U.S., and are then processed through the domestic ACH network. Outbound IAT transactions are originated domestically and are received by financial institutions in other countries. This occurs through a variety of methods such as through SWIFT, proprietary networks, or the domestic ACH system of the receiving country.
NACHA Operating Rules require the use of a standard IAT format for international batch payment transactions where the ACH network within the U.S. is involved in some part of the payment process. The IAT format helps the RDFI comply with the Currency and Foreign Transactions Reporting Act of 1970 (commonly referred to as the BSA), and with the U.S. Department of the Treasury OFAC. The IAT format helps the RDFI comply with the BSA and OFAC by carrying specific data elements required by the BSA “Travel Rule,” and containing OFAC screening indicators to aid in effective screening for unlawful transactions.
ACH Standard Entry Class Codes and Uses
The ACH network supports various payment applications, each of which are identified by a unique Standard Entry Class (SEC) code. Some SEC codes are specifically consumer codes, some are corporate codes, and some work on both consumer and corporate accounts. A SEC code is the three-character code within the ACH record that identifies the payment type and formatting requirements for each ACH entry.
An originator is responsible for coding an ACH transaction as either a debit or credit, which affects either a consumer or a corporate account at the RDFI. Each SEC code identifies payment-related information and characteristics. For example, a web-based or mobile-initiated ACH is coded as a “WEB” transaction, and a telephone-initiated transaction is coded as a “TEL” transaction.
Some SEC codes, such as WEB, TEL, and IAT, represent higher-risk activity, and as such, should be addressed in the ACH risk management program. The ACH policy or risk management program should contain a list of board-approved SEC codes.
Sample Consumer SEC Codes
A selection of sample consumer SEC codes appears in the table below.
| SEC Code | Description |
|---|---|
| CIE | Credit transactions where a consumer initiates the transfer of funds to a company for payment, typically through some type of home banking product. |
| MTE | The ACH network supports the clearing of transactions from ATMs. |
| IAT | International ACH transactions that enable financial institution compliance with OFAC requirements. |
| POP/SHR | Transactions consumers most often initiate via a plastic access card, representing point of sale debit applications in either a shared or non-shared environment. POP transactions also include conversion of checks to an ACH debit application at the point of sale. |
| PPD | These transactions include both direct deposits and direct payments. Direct deposit is a credit application that transfers funds into a consumer’s account at the RDFI; these funds represent a variety of products (for example, payroll, interest, pension, etc.) Direct payment (preauthorized bill payment) is a debit application. Companies with billing operations may participate in the ACH network through the electronic transfer (direct debit) of bill payment entries. Through standing or single entry written authorizations, the consumer grants the company authority to initiate periodic charges to their account as bills become due. Examples of recurring bills paid by ACH include insurance premiums, mortgage payments, and installment loan payments. Utility payments represent a non-recurring bill (that is, the amount varies) paid by ACH. |
| TEL | A single entry debit transaction initiated by an originator pursuant to an oral authorization obtained over the telephone to effect a transfer of funds from an account of the receiver. This type of entry applies only to a single entry where no standing authorization exists and originator and receiver have an existing relationship or, absent the existing relationship, the receiver initiates the call. |
| WEB | Debit transactions initiated by an originator pursuant to an authorization from the receiver via the internet or Mobile device to effect a transfer of funds from an account of the receiver. |
Next Day and Same Day ACH Processing
Most ACH payments settle on the next business day. However, there are a number of uses of ACH payments for which businesses and consumers benefit from same-day ACH processing. Some examples of these use cases are:
- Same-day payrolls—Supports businesses’ needs to pay hourly workers, and provides flexibility for late and emergency payrolls and missed deadlines
- Business to-Business payments—Enables faster settlement of invoice payments between trading partners, and including remittance information with the payments
- Expedited bill payments—Uses both ACH credits and debits, enabling consumers to make on-time bill payments on due dates, and provides faster crediting for late payments, and,
- Account-to-account transfers—Provides faster crediting for consumers who move money among various accounts they own
Originators have the option to send same-day ACH transactions to accounts at any RDFI. This makes participation for the receipt of same-day ACH payments mandatory for all RDFIs. Offering same-day services to ACH Originators is optional for ODFIs.
Same-day ACH processing has the potential for increased fraud risk due to same-day credits moving out of member accounts, entering the ACH network, and settling faster. This accelerated timeline presents ODFIs with less time to perform back-end risk management functions.
Some risk-mitigating control is inherent with same-day ACH in as far as IATs and single large dollar transactions over $25,000 are not eligible for same-day processing. However, to further mitigate the potential for increased fraud risk, ODFIs should:
- Emphasize strong authentication and security controls around file delivery, and online banking transfers, and
- Consider optional "tolerance" limits at file, batch, and entry levels for same-day ACH Originators
Last updated September 25, 2017
