Take On Payments


Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.

October 3, 2016

Looming Questions with the Rollout of NACHA's Mandated Same-Day ACH Rules Change

On September 23, phase 1 of NACHA's three-phase rules change took effect, mandating two same-day ACH clearing/settlement windows for credits only. The subsequent two phases add debit payments in 2017 followed in 2018 by receiving banks being obligated to make credit payments available to receivers by 5 p.m. on the settlement day.

Prior to this change, using legacy ACH, one had to wait one business day for payments to clear and settle. A payment cap of $25,000 along with a mandatory interbank fee of 5.2 cents are other noteworthy differences for same-day ACH items as compared to legacy ACH. For some, these are unwelcome limits and fees, and time will tell the extent to which they stifle (or not) the service's growth. As the Federal Reserve's Financial Services website notes, a further limitation is that the federal government will neither originate nor accept same-day payments at this time, although plans are under way for their eventual participation.

I and others in the forum have commented on various aspects of this long-awaited enhancement here, here, and here. Now is probably a good time to proffer some questions for future consideration in helping to measure the success of this new venture.

  • Will projections in the first 12 months of service match NACHA's expectations of same-day garnering one percent of total ACH payment volume? Furthermore, will volume trending point to NACHA achieving its projection of 1.4 billion same-day payments by 2027? Early numbers may be somewhat misleading if payment originators inadvertently send payments for same-day settlement that were intended to be settled the following business day.
  • Whatever volume is achieved, will the primary payment use cases identified by NACHA be the actual drivers of same-day volume?
    • Payroll for hourly workers, late and emergency payrolls
    • Business to-business invoice payments with remittance information between trading partners that are under the $25,000 cap
    • Expedited consumer bill payments using both ACH credits and debits for just-in-time and late payments
    • Account-to-account transfers among accounts owned by the same consumer
  • Given the 18-month full implementation, how will same-day ACH hold up against existing faster payment schemes that leverage such things as debit card networks that offer much faster payments or even new faster payment schemes that are not reliant on existing payment rails?
  • How much, if any, will payment fraud increase with the availability of faster ACH?
  • How will service usage be impeded, if at all, by originating banks passing along the cost of the interbank fee to their payment originators?
  • Will the somewhat complicated eligibility requirements of no support for federal government payments, deferred debit, service and delayed funds availability slow adoption?

Despite these questions, there is reason to be optimistic. This is a major step forward for same-day ACH. What are your views on how these questions will eventually resolve themselves?

Photo of Steven Cordray  By Steven Cordray, payments risk expert in the Retail Payments Risk  Forum at the Atlanta Fed

October 3, 2016 in ACH | Permalink


Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

August 22, 2016

As with Nuclear Disarmament, So with ACH: Trust, but Verify

During his remarks at the signing of a nuclear disarmament treaty with the U.S.S.R. in 1987, President Ronald Reagan drew upon the old Russian maxim, "Doveryai, no proveryai," or "Trust, but verify." As with disarmament, businesses and others that originate automated clearing house (ACH) payments should be offered some way to verify an account, something more than hope and a prayer that the payment recipient's routing/transit number and account number are correct and that the recipient is an owner of the account.

The lack of efficient account validation options is a common complaint against the ACH. Surveys that NACHA conducted in 2012 and 2015 attest that account validation, as judged by a majority of respondents, is ACH's chief improvement need. Failing to perform account validation creates different levels of risk, depending on the payment application, whether a credit is pushed or debit is pulled and whether it is a recurring or one-time payment.

On July 19, NACHA's Payments Innovation Alliance and Board Advisory Group released two papers reviewing and critiquing existing methods for verifying bank accounts by financial institutions and businesses. The papers also suggest that a remedy to the account validation problem may be in the offing.

In both papers, NACHA defined account validation as follows:

A service wherein a business or financial institution can validate the accuracy of the account information received from a consumer or business, and the ability of that account to receive electronic payments.

Following are the various methods that NACHA identifies—and that I've complemented with my own research—that are used today to validate accounts:

  • Manual validation—A consumer's check verifies the account and identification verifies the consumer's identity. Alternatively, the originator can call the recipient's bank to confirm account details, assuming the bank is willing to provide the information, though it is risky for the bank to share such information over the phone.
  • ACH validation, via a zero-dollar prenote verification payment—If the account number is incorrect, the recipient's bank responds within three business days, though this timeframe can be shortened by using same-day ACH. As the papers state, this is a "no news is good news" form of verification. NACHA is exploring opportunities to improve the prenote process beginning in late 2016.
  • Challenge deposit validation—Typically, two micro-deposits of random amounts are made to the recipient's account and subsequently verified by the accountholder to the payment originator. Even if the account is successfully verified, the originator may subsequently be unable to debit the account because that account blocks debit payments. To identify debit blocked accounts, some originators debit the bank account equal to the micro-deposits. This method is fraught with a high abandonment rate by the consumer due to the hassle of verifying the deposits. One large online originator says that about 30 percent of consumers selecting the deposit validation method fail to verify the payment amounts. This method can take from five to seven business days—though, as with prenoting, the process can be expedited by using same-day ACH.
  • Instant validation—The customer logs into his or her bank from the company's website to establish ownership of the account. The same online originator said that 25 percent of its customers selected this validation method over deposit validation. Many consumers hesitate to use this method because the use of a third party increases the chance their banking credentials will be compromised.
  • Validation services—Service providers with access to a large number of accounts, offer scoring services that simulate or predict the likelihood an account number is "good." Though improving, these service offerings are limited for non-financial institution originators.

A solution to the problem may be in store through the World Wide Web Consortium and others working to develop a standardized application programming interface, or API, for account validation. This would allow payment originators or their service providers restricted access to bank data to verify accounts using a universal, standardized process while protecting banking credentials. Let's hope that key stakeholders rally around this important initiative and push for a speedy implementation so that we carry through with a new maxim of "Trust, but truly verify."

Photo of Steven Cordray  By Steven Cordray, payments risk expert in the Retail Payments Risk  Forum at the Atlanta Fed

August 22, 2016 in ACH, authentication | Permalink


Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

May 23, 2016

What Would Happen If the Lights Went Out for a Long, Long Time?

In 1859, a massive geomagnetic solar storm known as the Carrington Event caused extensive damage to telegraph systems and other nascent electrical devices worldwide. Telegraph lines sparked and telegraph operators could send and receive messages without the use of electric batteries. The Northern Lights lit up the sky in all of North America. Though not widely reported, on July 23, 2012 a massive cloud of solar material similar in magnitude to the Carrington storm erupted off the sun's surface, radiating out at 7.5 million miles per hour. Fortunately the impact of the solar storm missed Earth by nine days because of the Earth's orbit position.

One report estimates that a Carrington-level storm today could result in power outages affecting as many as 20–40 million Americans for a duration ranging from 16 days to two years at an economic cost of up to 2.5 trillion dollars. A research paper in Space Weather estimated the odds of a Carrington-level storm at about 12 percent over the next 10 years. Early warning of such a storm is possible since satellites can detect impending storms and have the potential to provide a minimum one-day warning before it hits Earth.

So what would happen if the lights went out in much of the United States because of such a cataclysmic event? One could anticipate serious disruption of electronic payments such as ACH, cards, and wire transfers in the affected areas and beyond. What would one do to facilitate commerce in such an emergency? Well, cash and, to a lesser degree, checks could come to the fore. Use of checks would be problematic given the electronification of checks, high risk of fraud, and overdrawn accounts if banking systems are not up and running. Cash would have fewer problems if it were on hand to distribute to the affected population. Perhaps cash accompanied by ration books could be used to mitigate hoarding.

For a low-probability extreme-impact event that results in cash becoming the only way, among existing payment instruments, for commerce to take place, what contingency plans are in place to ensure that consumers and businesses can obtain cash? Since the contingency systems we have in place to handle a future Hurricane Katrina or Hurricane Sandy are likely not sufficient for an extreme event of nationwide scale, some of the issues that need to be resolved include:

  • How does one ensure that sufficient cash is on hand during an emergency?
  • How is cash going to be distributed and accounted for along the supply chain with ATMs and bank offices and their core systems inoperable due to no electricity?

Addressing these questions and others involves a monumental effort, and I don't have a ready answer. Fortunately, cash solves the problem for small-scale, low-value payments during a long-term power outage. That is, during the immediate, in-person exchange, it is an instrument that doesn't require electricity, communication networks, or computers.

This and other major calamities have always made me concerned about the push in some quarters for a full transition to electronic payments at the expense of payments less reliant on electricity and our communication networks. As an engineer by training, it is in my nature to wonder what can go awry if failsafe systems aren't in place when the unexpected happens.

With the possibility of a catastrophic event in our lifetime, would you rather have cash in hand or a card/mobile app? As for me, I'm going to the bank to cash out my accounts and then on to the hardware store to buy a gas-powered electric generator. Just kidding, though I think serious consideration and appreciation is needed for the contingency aspects of cash when things invariably go awry.

Photo of Steven Cordray  By Steven Cordray, payments risk expert in the Retail  Payments Risk  Forum at the Atlanta Fed

May 23, 2016 in ACH, cards, checks, payments | Permalink


Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

April 11, 2016

Combat Gear for Tax Season

Recently, a local newspaper reported on two ex-bankers who were sentenced for their roles in a two-year-long fraud scheme. These ex-bankers created fraudulent bank accounts, then generated more than 2,000 false tax returns totaling more than $2.8 million in fraudulent refunds. The IRS has plenty more stories of tax fraud to tell.

Currently, "file taxes" is number one on my to-do list, and maybe yours. Do you shiver considering the possibility a tax return in your name has already been filed by someone else? Criminals, organized or not, know they can earn a living by filing fake returns. Even a legitimate taxpayer who owes taxes can be a victim of identity theft tax (IDT) refund fraud, as defined by the Internal Revenue Service's (IRS) Security Summit. (Note: The Electronic Tax Administration Advisory Committee, which reports to Congress, calls IDT refund fraud stolen identity refund fraud, or SIRF).

Formed on March 19, 2015, the Security Summit joins the IRS, state departments of revenue, and members of the tax refund ecosystem to discuss ways to combat IDT refund fraud. The Summit currently has seven working groups, including one focused on refund authentication and fraud detection. We have blogged before on the importance of data analytics in detecting fraudulent filings; this working group is attempting to strengthen these data tools. The working group also laid out best practices for software providers in enhancing identity requirements and strengthening validation procedures. At the end of last year, Congress provided a big assist in these efforts by passing the Protecting Americans from Tax Hikes, or PATH, Act of 2015, which closes one of the biggest loopholes in the tax refund process by requiring employers to electronically file W-2 forms and 1099 forms with the IRS by January 31 of each year instead of March 31. This new requirement, which becomes effective in 2017, will allow federal and state taxing authorities to match returns with actual W-2s for the first time.

The Security Summit also has a Financial Services Working Group, which explores ways to prevent criminals from using stolen identification credentials to establish financial services products such as checking accounts and prepaid cards that would allow the criminal to access the proceeds of fraudulent returns. After all, fraud may not be realized until after processing the tax return. Refunds are distributed either by check or direct deposit via ACH, which can be sent to a prepaid account (card) or traditional bank account. The IRS can't determine which account type an ACH refund is destined for since routing number and account number aren't standardized by account type, nor is there a database of routing numbers to identify prepaid accounts. Some have suggested that knowing when it is a prepaid account could be helpful in risk rating the return before sending the refund. The Financial Services Working Group has developed a standard state ACH file-naming convention so that state tax refunds can be identified by the industry in order to apply enhanced fraud filtering. Suspicious state tax refund deposits can be detected based on amounts, name matching, account type, length of relationship, and volume of deposits or withdrawals. The new format standard will strengthen fraud control systems in that all tax refund deposits will be able to be further scrutinized.

The Security Summit has a total of seven working groups, and they have their work cut out for them. While I shiver to think I could be a victim to identity theft, I support the progressive efforts to stop this crime, especially in the pre-filing and pre-refund stages so the criminals can't see a reward for their efforts.

Photo of Jessica Trundley By Jessica J. Trundley, AAP, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

April 11, 2016 in ACH, consumer fraud, fraud, identity theft | Permalink


Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

April 4, 2016

Same-Day ACH: A Call to Action

As my colleague recently blogged, there were standing-room only crowds during four sessions related to same-day ACH at an annual conference sponsored by EastPay and the Atlanta Fed. I moderated two of the sessions, which focused on operational and product opportunities available to financial institutions (FIs) in supporting faster payments.

My suspicion is that attendance was so heavy because many FIs still have a lot to do to get ready for faster payments. I was already aware of the lack of readiness among some of the processors that these FIs rely on so heavily. During one session, only a few hands were raised among 60 attendees when they were asked if they had been contacted by their processor about preparing for the September 2016 rollout. Of course, engagement is best when it's a two-way street. On the other side of things I have heard that processor training sessions devoted to supporting same-day ACH have been poorly attended. Additionally, FI session attendees indicated that no efforts were under way to educate corporate account holders about the looming service changes to ACH.

If my suspicions are right, the current state of things is troubling; the window of time left to prepare for Phase 1 is shrinking. September is less than six short months away.

Not being ready has some potentially serious, but avoidable, consequences for FIs and their account holders. Here are a few of the risks:

  • The two same-day submittal windows, which narrows the time between payment submittal and settlement, added to Phase 1 offer potentially greater risk of funds being sent out fraudulently as a result of corporate account takeovers unless FIs put proper controls in place to mitigate this risk. The potential for harm may be somewhat diminished given the individual transaction cap of $25,000.
  • Since the identification method for same-day payments relies on the requested settlement date using the Effective Entry Date field, some FIs could end up being surprised to learn their credits have settled sooner than they intended. Originators that have not been careful in selecting the settlement date will experience this "surprise."
  • If corporate originators inadvertently send same-day payments, such a mistake could prove costly. This is because the 5.2 cent same-day interbank fee, paid by the originating bank to the receiving bank, will likely be passed along to the originator. A corporate originator mistakenly sending same-day credit payments to 10,000 employees could incur an additional $520 fee plus any other upcharge associated with sending same-day payments.
  • Taxpayers may expect that just-in-time payments or late payments to avoid additional penalties can be made using same-day ACH to the IRS. As my colleague noted in the post I mentioned above, such payments will not be supported in Phase 1. Therefore, it is critical that FIs educate their account holders about this limitation.
  • Unless controls are put in place by their processors, FIs may have difficulty stopping same-day service to corporate account holders they judge to be too risky for sending same-day payments, or when agreements have not been put in place allowing corporate participation.
  • Since next-day ACH is the earliest settlement generally available today, some processors preclude using today's date as a settlement date. Unless this restriction is removed, originators would not be able to send same-day payments when Phase 1 service becomes available.

The risks outlined above are just some of the reasons FIs and their processors will want to be sure they are prepared for the September 23 deadline. Failure to do so could damage account holder relationships. NACHA, the regional payments associations, and the ACH operators offer a wealth of information on same-day ACH that all parties need to avail themselves of.

By Steven Cordray, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

April 4, 2016 in ACH | Permalink


Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

March 14, 2016

Same-Day ACH: An NFAQ

The NFAQ—meaning "non-frequently asked question"—will come just a bit further down in this post. First, I need to say the Forum's prediction that same-day ACH would not be a huge hit this year may have been misunderstood. The prediction wasn't meant to say that the service wouldn't gain steam over time; it was more a comment about the type of lift the initiative could experience at the start. But if usage of same-day ACH even somewhat mirrors the level of enthusiasm and participation that attendees lavished on sessions that revolved around the topic at Information Interchange, an annual regional payments association conference sponsored by EastPay and the Atlanta Fed, same-day ACH could become a big hit.

The aforementioned annual payment conference featured four sessions related to same-day ACH. Attendance at each session was standing room only. Topics focused on everything from understanding and preparing for the change to promoting usage and enhancing payment services for customers of all types.

It was really good stuff, I must say, and I managed to squeeze in all but one of the sessions. In the last session, the moderator opened by asking the audience questions to test their knowledge of the rule change and to help panelists focus on what information might be most useful for informing and instructing attendees. The audience didn't miss a single question, which included a trick question about the dollar threshold for "IATs" or international transactions. (IATs aren't eligible, so there is no applicable dollar threshold related to these payment types.)

Perhaps the most important question of the day, which takes me to the NFAQ in the title, didn't get asked in the open sessions. However, a gentleman leaned over and asked me if U.S Treasury transactions were eligible. I didn't think so and told him that, but he pushed back and suddenly we were both unsure. So after a short back and forth with my colleagues, I pointed him to a definitive answer in the same-day FAQs on frbservices.org. It reads as follows:

Q: Will the federal government be participating in Same Day ACH at any phase of implementation?

A: At this time, the federal government will not be participating in phase 1 of the Same Day ACH implementation. Therefore, any entry originated from, or received by, the federal government will not be eligible for same day settlement and will continue to settle on a future date. Information regarding the federal government's participation in later implementation phases will be forthcoming.

I felt compelled to share this "NFAQ" because after asking others about their understanding of the matter, I found general awareness and understanding mixed, but largely incorrect. The distinction between federal government payments and other types of government payments (state government agency payments will be eligible for same-day ACH in phase 1) may be important and may not be as widely known as it should be.

By Julius Weyman, vice president, Retail Payments Risk Forum at the Atlanta Fed

March 14, 2016 in ACH | Permalink


Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

November 2, 2015

Will NACHA's Same-Day ACH Rules Change Be an Exception-Only Service, At Least in the Short Term?

In May 2015, the 40-plus voting members of NACHA contingently approved mandating the acceptance of domestic same-day ACH payments by receiving banks. The voting members approved a three-phase development lasting 18 months. The first phase, starting in September 2016, is limited to credit pushes, followed one year later by debit pulls in the second phase. All payments are subject to a $25,000 maximum. By the final phase in March 2018, receiving banks will be required to make credit payments available to the receiving account holder by 5 p.m. local time to the receiving bank. Funds availability in the earlier phases is by the receiving bank's end-of-processing day. The service offers both a morning and afternoon processing window. A same-day return-only service is offered at the end of the business day. Lastly, originating banks are obligated to pay a 5.2 cent fee for every payment to recover costs to receiving banks.

Last month, the Federal Reserve Board of Governors removed the contingent part of the above approval by allowing the participation of FedACH, which serves as an ACH operator on behalf of the Reserve Banks. Approval followed a review of comments submitted by the public, of which a preponderance of the responses was favorable to FedACH participating in the service.

This was not the first time NACHA tried to mandate same-day ACH. Back in August 2012, a ballot initiative to mandate acceptance failed to receive a supermajority required for passage. Failure was due to a variety of reasons, and it was difficult to discern one overriding reason.

I think that most observers would agree that the earlier rollout of the Fed's proprietary opt-in, same-day service in August 2010 and April 2013 set the groundwork for mandating same-day.

As with any collaborative organization like NACHA, compromises were needed to garner sufficient votes for passage. The compromises included:

  • Same-day payment eligibility rules change due to a multi-phase development cycle requiring one-and-half years to complete from start to finish.
  • Providing certainty to the receiver that funds availability will be expedited on the day of settlement as part of the final phase, rather than earlier, which only requires posting by the receiving bank's end-of-processing day. The bank's end-of-processing day can be as late as the morning of the following business day.
  • Delaying a debit service by one year after the rollout of the phase one credit service will, to the potential surprise of the payment originator, delay settlement of debits one business day later than would occur for credits.
  • Any payment amount over $25,000 will settle one business day later than the payment originator may have expected if the payment originator is not aware of the payment cap.

Given these compromises, what do you think financial institutions can do to accelerate broader adoption of same-day?

By Steven Cordray, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

November 2, 2015 in ACH, regulations, regulators | Permalink


Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

April 27, 2015

Not Seeing a Tree for the Forest

For this blog's title, I confess to having pineapple-upside-down-caked the common adage "missing the forest for the trees." The thing is, I want to point to a particularly nice tree in the same day ACH (automated clearinghouse) forest. By torturing the adage I hope to inspire folks to deviate from the basic, same day forest flyover and focus on one tree. It seems to me it has not gotten all the attention due.

Those advocating for same day ACH generally tout the increased functionality or the economic benefits of the latest proposal. Another oft-mentioned benefit of the proposed rule change is that it may provide a bridge from today's payments to those of the future. However, tucked into the lush same day ACH forest is a hard-to-find risk abatement species. Allow me to point out some of its features.

Settlement—By reducing the settlement window, same day ACH reduces credit risk associated with the network ecosystem—both in terms of the length of time counterparties are exposed to settlement risk and, potentially, the total amounts of settlement risk. For sure, financial institutions will have more flexibility to better manage these circumstances.

Operations—Same day ACH provides additional processing windows that result in risk reduction opportunities. Operations managers gain the means to load balance or smooth processing volumes and may also be able to ease the pressure on deadlines. The additional processing windows can be thought of as de facto contingency alternatives and seem likely to yield a corresponding increase in reliability and quality for the ACH.

Returns—Expedited settlement means expedited return handling. same day ACH would provide the opportunity for receiving banks to return same day payments on that same day. Moreover, because return requirements are tied to settlement, any same day payment that needs to be returned to an originating bank will be received one banking day earlier than would have occurred without same day settlement. NACHA points out that exceptions may be identified sooner and returned sooner, which means resolution for more problems may begin sooner. They have described this as "a 'win-win' for all parties." It's hard to argue the point.

If it passes, same day ACH will improve the risk posture of financial institutions, benefiting both ACH payers and payees. As spring continues to unfurl, perhaps some of you will get to stroll through the woods. If you come across a particularly handsome dogwood or perhaps an eastern redbud, be reminded that the same day ACH ballot will pop later this spring. I'm keeping my fingers crossed that the woodsmen don't get to clear cut the forest this time and we don't lose any of the nice trees.

Photo of Julius Weyman By Julius Weyman, vice president, Retail Payments Risk Forum at the Atlanta Fed

April 27, 2015 in ACH, risk management | Permalink


TrackBack URL for this entry:

Listed below are links to blogs that reference Not Seeing a Tree for the Forest:


Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

September 22, 2014

New ACH Return Rate Threshold on the Horizon

In a December 2013 post, we asked the question, Is it the right time for lower ACH return rate thresholds? We can now say that the answer is "Yes." The voting membership of NACHA-The Electronic Payments Association recently approved a NACHA Operating Rule amendment that will reduce the unauthorized debit return rate threshold.

The process of returning payment transactions is a pain point for the receiving financial institutions that incur the costs of exception processing, which includes handling customer service inquiries and the returns. Unauthorized transactions are also a pain point for customers who have experienced such postings to their accounts. For the financial institution originating transactions on behalf of businesses and third-party customers, ongoing and proactive monitoring of return rates can help them quickly identify potential problems and determine if those problems have been addressed.

The NACHA Operating Rule amendment will reduce the threshold for returns of unauthorized debit entries from 1 percent to 0.5 percent, effective September 18, 2015. An originating depository financial institution will be subject to possible reporting and fines if they have an originator or third-party sender whose return rate for unauthorized debits exceeds the current threshold.

As NACHA states in its information on the new rule, this 0.5 percent threshold is more than 16 times higher than the average network return rate of 0.03 percent for unauthorized debit entries in 2013. This new threshold will continue to emphasize the importance of institutions focusing on high return rates and working with their customers to bring any excessive rates down. The amendment also establishes a review process for when returns for "administrative" or "overall return" reasons exceed certain levels. For administrative returns, this will be 3 percent, and for overall returns, it will be 15 percent. Administrative returns include debits returned for reasons such as closed account, invalid account number structure, or the account number not corresponding to an existing account. Overall returns for ACH debits include unauthorized and administrative reasons, as well as others such as insufficient funds and stop payments.

Unlike the unauthorized return threshold, breaching return rate levels for administrative and overall return reasons will not result in an automatic requirement to reduce the return rate or undergo a rules enforcement proceeding. Instead, exceeding these return rates will lead to a process to determine if the origination practices of a given originator or third-party sender need to be modified to achieve lower exception levels.

The timeframe for implementing this rule allows originating financial institutions to look carefully at their current return monitoring processes and determine whether customers are near these return rates and to put into place practices that would address problem areas. Will this new rule affect your due diligence processes? Does your current monitoring already show that your customers' return rates are lower than the new thresholds?

Photo of Deborah ShawBy Deborah Shaw, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

September 22, 2014 in ACH, debit cards, regulations | Permalink


TrackBack URL for this entry:

Listed below are links to blogs that reference New ACH Return Rate Threshold on the Horizon:


What is the current NACHA guideline "threshold of returns for insufficient funds", the percentage?

Posted by: Bob Lewis | March 11, 2015 at 01:58 PM

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

December 16, 2013

Is It the Right Time for Lower ACH Return Rate Thresholds?

Monitoring return rates for automated clearing house (ACH) transactions is an important element of a bank’s risk mitigation program for its business and third-party clients. Recently, NACHA issued a request for comment (RFC) that addresses proposed changes to return rate thresholds included in the NACHA Operating Rules.

The NACHA Operating Rules currently identify a return rate threshold for unauthorized debit entries of 1 percent. The threshold is intended to reduce unauthorized entries transmitted over the ACH network. The NACHA Operating Rules hold an originating depository financial institution (ODFI) that has an originator or third-party sender with an unauthorized return rate over 1 percent subject to ODFI reporting and possible fines if the rate of returns is not reduced in a timely fashion.

According to the RFC, the unauthorized debit return rate declined due to several risk management efforts—including the 1 percent threshold, established in 2008—from 0.06 percent in 2005 to 0.03 percent in 2012. These reduced numbers demonstrate that the monitoring of return rates by banks and other network participants helps to identify issues and leads to fewer problematic transactions.

This RFC proposes three changes to how the NACHA Operating Rules currently address return rate thresholds.

  • A reduction in the return rate threshold for unauthorized debit entries from 1 percent to 0.5 percent.
  • Establishment of a return rate threshold for data quality debit entries (such as invalid account number) of 3 percent.
  • Implementation of an overall debit return rate threshold of 15 percent.

NACHA had issued an RFC in spring 2011 that proposed changes similar to the first two listed items, but ACH participants did not provide sufficient support then and the changes were not implemented. It seems that the time may now be right. The RFC indicates that the environment for this proposal appears to have changed, with ACH participants expressing interest in looking at new thresholds. And the proposal for an overall debit return threshold stresses the need for banks to focus on their overall return rates in addition to specific return reasons.

Regardless of which thresholds are included in the NACHA Operating Rules, banks should monitor for any increase in returns. They should also understand the underlying cause and remedies that their business or processor customers are implementing. A bank focus on return issues is one element of a robust risk management program that helps to ensure the bank’s origination of high-quality payment transactions.

With this proposal on return rate thresholds, is your institution rethinking its internal policies for return rate monitoring?

Photo of Deborah ShawBy Deborah Shaw, a retail payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

December 16, 2013 in ACH, banks and banking, regulations | Permalink


TrackBack URL for this entry:

Listed below are links to blogs that reference Is It the Right Time for Lower ACH Return Rate Thresholds?:


Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

Google Search

Recent Posts

October 2016

Sun Mon Tue Wed Thu Fri Sat
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31          



Powered by TypePad