Skip to content
BOL Conferences
Learn More - Click Here!

New Reply Thread Options
#1237447 - 08/22/09 04:34 PM ACH Policy, IAT's, ACH audit, Incident Response
Anonymous
Unregistered

Looking for advice and guidance please.

My bank has no ACH policy - we never had one. Examiners and auditors recommended we create one. We do not originate, we only receive ACH's. How do I create a policy and what topics do I need to cover? I would assume I need to cover basics like how we handle ACH returns, ACH stop payments, and disputes. What other major topics and how specific should I make our policy? Management would like to keep it as vague/generic as possible while still satisfying regulators. I have no background or experience with ACH's and don't really know where to start.

Also, my bank has done no preparing yet for the 9/18/9 changes for International ACH Transactions. I don't know what needs to be done other than contacting my software provider (we are outsourced/data center with Jack Henry) to be sure they are rady to format the IATs and schedule a test. I confess I do not fully understand the changes - do we need to manually check OFAC for each ACH? How can we possibly accomplish this? I have just started reading some threads here at BOL and reading on the Federal Reserve IAT website.

We've never conducted an ACH audit, and I believe we are required to audit yearly, right? What does the audit need to do, where can I find guidance on what to audit?

We also had commentary from an auditor that our Incident Response policy should specifically address ACH breach situations. What reg or law would govern what language should be added to our Incident Response policy?

I know this is a lot of questions, but I was just handed this entire situation late yesterday and I'm feeling very overwhelmed. Ideally, my bank needs to address all of this and be ready by 9/18/9, so I'm looking at long hours ahead to try to straighten out this severe lack of planning.

I would greatly appreciate any guidance, templates, policy language examples, website links for more education, or advice anyone can offer me to help me know how to begin my Herculean task. Thanks in advance.

Return to Top Reply Quote Quick Reply Quick Quote
#1237488 - 08/23/09 08:16 PM Re: ACH Policy, IAT's, ACH audit, Incident Response Anonymous
#Just Jay Offline
10K Club
#Just Jay
Joined: Oct 2006
Posts: 14,390
Cheeseheadland
I would direct you and your operations manager to NACHA, or a local group of you have one (Wisconsin has WACHA).

They will be able to provide you with the answers to almost all of these questions, or direct you to the person or vendor who can answer them for you, and possibly offer an affordable audit service for you as well.

They are also able to provide you with sample policies and procedures, and the guaidance you are looking for.
_________________________
I don't repeat gossip, so listen closely...

Return to Top Reply Quote Quick Reply Quick Quote
#1238152 - 08/24/09 10:49 PM Re: ACH Policy, IAT's, ACH audit, Incident Response #Just Jay
Anonymous
Unregistered

Thank you for the information and advice.

Return to Top Reply Quote Quick Reply Quick Quote
#1239892 - 08/26/09 08:46 PM Re: ACH Policy, IAT's, ACH audit, Incident Response Anonymous
Anonymous
Unregistered

I agree with Just Jay. But I would urge you to go to your local Regional Payments Association instead of to NACHA directly. The RPA's are listed on the back of the ACH Rules book and ours has been extremely helpful over the years. You can often pay them to do audits for you and to assist with setting up policies/procedures of various kinds. This will cut back on, but not eliminate, your long hours. Ours is EPCOR out of Kansas City. As Jay says, WACHA is for Wisconsin. And there are others that cover the rest of the country. If you tell me where you are, I can tell you exactly who covers your bank. Even if you're not a dues-paying member, they'll still help for a fee and will also get you into a membership. Take care and good luck.

Return to Top Reply Quote Quick Reply Quick Quote
#1239977 - 08/26/09 10:29 PM Re: ACH Policy, IAT's, ACH audit, Incident Response Anonymous
BetsyS Offline
Gold Star
Joined: Jun 2009
Posts: 471
Just an FYI- There are many vendors that sell bank policies that you can customize for your institution. We purchased ACH Operations and ACH Risk Management from Young Inc and we're happy with it.

There's also a sample ACH policy on BOL:
www.bankersonline.com/tools/ach_policy.doc

Our local ACH group is WesPay, and they have a great Audit workbook and put on audit webinars and seminars. In addition, they offer audit services which are reasonably priced.
Last edited by BetsyS; 08/26/09 10:30 PM.
_________________________
Let's start at the very beginning; A very good place to start...

Return to Top Reply Quote Quick Reply Quick Quote
Quick Reply:
HTML is disabled
UBBCode is enabled




Moderator:  MagicCity, P*Q, Truffle Royale