ACH audit and third parties

I am getting ready to start my annual ACH audit. We recently began offering remote deposit capture. Our customers (originators) are sending files to a vendor we have contacted with to do the processing. Does that make them a third party service provider or a third party sender. They forward all files to the Federal Reserve. If they are a provider do I have to actually get verification that they are doing the required annual ACH audit or is the fact that our agreement binds them to all aspects of the NACHA rules sufficient?

The ACH Rule book which I don't have a copy of right now, defines third party sender. I think it was basically whoever sends the ACH file to the Fed. Perhaps someone with a rule book handy could give a better (and correct) definition?

According to the ACH Rules book a third party sender is defined as a person that is not an originator that has authorized an ODFI or another third-party sender to transmit, for the account of the third-party sender or another third-party sender, (i) a credit entry to the account of a receiver with an RDFI, or, if the receiver is also the RDFI, to such receiver, in order to effect a payment from the originator to the receiver, or (ii) a debit entry to the receiver's transaction account or general ledger account with an RDFI, or if the receiver is also the RDFI, to such receiver, in order to effect a payment from the receiver to the originator.

I have the rule book handy.

OG 120 - A 3rd party service provider is an entity other than an originator, ODFI, or RDFI that performs any functions on behalf of the Originator, the ODFI, or the RDFI with respect to the processing of ACH entries, including, but not limited to, the creation of ACH files. (I believe this is what you have in place now with RDC)

OB 120-121 - A 3rd party sender is a 3rd party service provider that is NOT an originator and that has authorized an ODFI or another 3rd party sender to transmit, for the account of the 3rd party sendoer or another 3rd party sender, 1-a credit entry to the account of areceiver with an RDFI in order to effect a payment from the originator to the receiver, or 2-a debit entry to the receiver's transaction account or gl account with an RDFI in order to effect a payment from the receiver to the originator.

Look on pages OG 127-129 it lists the audit requirements. Under the NACHA Operating Rules, both the ODFI and the RDFI warrant the completion of an audit by the 3rd party service provider.

IMO...I would imagine if the company does this for othersm, they probably already know an audit is required and would be prepared to give you the report. You might want to obtain a copy of the audit report if you run into problems with the entries they are processing. Maybe you just want to sample a few entries to ensure they are following the rules and leave it at that. Proof of the audit will probably not be requested unless there are some significant issues.

Thanks. Has anyone ever had someone from NACHA ask for their audit? Our IT examiners have asked for it but thats all that I can recall.

No, I have been doing one off and on since 99 and have only had examiners or external auditors ask for it.