NAFCU letters to NACHA on ACH network risks, enforcement topics & improving ACH network quality
WASHINGTON, DC (January 13, 2014) —
Dear Ms. Bondoc:
On behalf of the National Association of Federal Credit Unions (NAFCU), the only trade association that exclusively represents federal credit unions, I write to you regarding NACHA – The Electronic Payments Association’s (NACHA) proposed rule regarding ACH risk management and rules enforcement.
In summary, the proposed rule would reduce the existing return rate threshold for unauthorized debits from 1.0% to 0.5%. In addition, it would establish a 3.0% return rate threshold for account data quality returns and a 15.0% overall debit return rate threshold. The proposed rule would also clarify permissible ACH debit return collection practices, apply certain risk management rules to third-party senders, and expand NACHA’s enforcement authority.
NAFCU generally supports NACHA’s efforts to enhance ACH security and reduce the incidence of fraudulent and erroneous entries. NAFCU believes that receiving depository financial institutions (RDFI) both bear significant costs associated with returned entries and have the least ability to influence the frequency of returns resulting from poor origination practices. Instead, the ACH participants responsible for originating potentially fraudulent or erroneous entries, originating depository financial institutions (ODFI), originators, and third-party senders, have greater ability to address poor origination practices.
NAFCU believes that the proposed rule’s stricter return rate thresholds would be an effective measure to reduce problematic entries and supervise ACH participants. In addition, NAFCU supports NACHA making explicit the current implicit prohibition against reinitiating certain entries. NAFCU also supports the increased clarity the proposed rule would provide through illustrative examples of impermissible reinitiations and adding a specific prohibition against reinitiating transactions originally returned as unauthorized. NAFCU requests, however, that NACHA provide greater explanation of what would lead to a reasonable belief by NACHA than an action constitutes an attempted evasion of the reinitiation limitations.
Although NAFCU believes that the proposed rule correctly looks to third-party senders in addition to ODFIs to take action to improve ACH network quality, NAFCU believes certain provisions related to third-party senders would present an undue burden on ODFIs. Specifically, the proposed rule’s requirement that ODFIs produce, upon request, to NACHA proof that associated third-party senders and third-party service providers have completed their compliance audits would present significant implementation problems. Despite the proposed rule’s parallel requirement that third-party senders provide the proof to ODFIs in order to ensure ODFIs’ compliance with NACHA requests, in reality ODFIs often lack the resources or necessary leverage to ensure third-party sender cooperation. This particular concern is heightened in the case of third-party senders involved in Internet-based commerce. The burden in this case is misplaced – NACHA should directly request evidence of audit compliance from third-party senders. If NACHA decides to include this requirement in its final rule, it should extend the effective date to allow ODFIs sufficient time to implement compliance programs.
While NAFCU supports NACHA taking enforcement action where necessary to protect the security of the ACH network, NAFCU cautions NACHA to do so only in appropriate circumstances. Any new enforcement policy premised on origination of unauthorized entries should recognize that it takes time to adjust and improve origination practices and procedures. Accordingly, NACHA should postpone the effective date for its increased enforcement authority until March 20, 2015. In addition, NACHA should focus its enforcement efforts on cases involving strong evidence of persistent and uncorrected origination problems.
NAFCU appreciates the opportunity to provide our comments. Should you have any questions or concerns, please feel free to contact me at firstname.lastname@example.org or (703) 842-2272.
Regulatory Affairs Counsel