NACHA, which is responsible for the development, administration, and overall governance of the Automated Clearing House (ACH) network, can trace its roots back to the early 1970's when check volume began to grow rapidly in the United States. This increased surge in check circulation forced a group of California bankers to form a special committee (SCOPE) for helping better understand, assess, and ultimately, implement a uniform set of standards driven rules and procedures regarding an automated payment platform. What became of this committee is now seen as one of the world's largest, most-well known and secure payments systems currently in use.
Learn more about our signature product, the Global Information Security Compliance Packet (GISCP), the world's most complete security policy packet containing over 2,850 + pages of in-depth information security policies, procedures, forms, checklists, templates, provisioning and hardening documents, and much more.
Learn more today about the GISCP by viewing sample policies, forms, hardening documents, and more.
As for the ACH payments system, it has been a huge success - to say the least - but with this comes numerous rules, regulations, and requirements that must be met for anybody wanting to participate within the ACH network. Specifically, the NACHA board of directors adopted strict measures regarding fraud and risk management as noted in the following policy statement in 2002:
"...the NACHA board resolves and strongly urges that all participants implement adequate control systems to detect and prevent fraud and abusive financial transactions."
Even more far-reaching is that "Each ODFI is responsible for ensuring that it, its Originators, and their respective third party service providers adopt and implement commercially reasonable policies, procedures, and systems...to protect against data breaches." In fact, when you read through the annual NACHA Operating Rules & Guidelines, there's explicit language referencing to strict requirements for documented policies, procedures, and processes for all entities involved within the ACH network. Notable topics include fraud, risk management, data braches and other important subject matter.
ACH Policy and Procedure Documents for Fraud, OFAC, Risk Assessment
Fortunately, the Global Information Security Compliance Packet (GISCP) set of documented operational and information security policies and procedures from Flat Iron Technologies, LLC contains all the essential templates to help with ACH compliance. You'll have access to literally hundreds of policy and procedure documents covering a wide variety of topics relating to operational procedures, business processes, and information security.
And yes, that also means receiving a comprehensive fraud policy and procedure document, along with risk assessment policy material, OFAC compliance documentation, and much more. In fact, the GISCP set of documents from Flat Iron Technologies, LLC will not only help with ACH compliance, but also aid in many other compliance requirements you may have.
NACHA | The Electronic Payments Association
To learn more about the Electronic Payments Association, visit nacha.org. Additionally, obtaining a copy of the annual NACH Operating Rules & Guidelines is a great way to familiarize yourself with ACH network, along with all the requirements that must be in place for participants. Appendix Eight, Rule Compliance Audit Requirements provide details on numerous provisions that all entities (i.e., Participating DFI's, Third Party Service Providers -TPSP, Third Party Senders, and other applicable organizations) must comply with.