Effective Due Diligence & Onboarding · Effective Due Diligence & Onboarding Melissa Giddens, CTP, ... • Best Practice: ... but originated PPDs

ACH Origination:Effective Due Diligence & Onboarding

Melissa Giddens, CTP, AAP, NCP

© 2014 Western Payments Alliance. All rights reserved. No reproduction/distribution without prior written consent.

Agenda

» KYC: Know Your Customer» CYA: Cover Your Assets» Best Practices in Policies» Risk» Due Diligence» Credit / Prefunding» Onboarding (Sales / Workflow)» Client Support» Operational Considerations» Case Studies

2


Know the Business

3


Review ACH Policies» Define who you will bank?» Determine Risk Tolerance Levels for:

• Low Risk Originators• High Risk Originators• Prohibited Originators

» What types of SEC Codes will you allow?• PPD• CCD• WEB• TEL• Check Conversion

4


Low Risk

» Payroll for most businesses• Not payroll companies

» B2B Payments• Manufacturing• Engineering

» Direct Payments• Property Management (HOA/Apartments)• Insurance• Most lending (Auto, Mortgage, Credit Card)

o Not Payday Lenders

5


High Risk

» Examples:• Credit Repair• Mail Order (telemarketing)• Payday Lending• Foreign Businesses (import / export)• Pawn Brokers• Precious Metal Dealers• Third Party Senders

6


Prohibited

» Examples:*• Digital Content• Online Tobacco / Liquor Sales• Tax Shelters• Potentially Illegal Businesses

o Online Gamingo Marijuana Sales

• Any person or business under investigation• Any business where FI lacks expertise

o Understand the business and how it works!

7

*Examples used are for some FIs. Your FI may have a different risk tolerance.


Originator Due DiligenceLet’s do some Research

8


Originator Watch List (OWL)

» Identifies Originators and Third-Party Senders that meet certain risk criteria, but does not introduce or imply any prohibition.

» ODFIs are encouraged to consider this information as a part of their broader underwriting and risk management process.

» https://www.nacha.org/originator-watch-list

9


Terminated Originator Database (TOD)

» Hosted by FIS» Voluntary reporting» NACHA Policy Statement» The Board of Directors encourages ODFIs to use a Terminated

Originator Database in the following ways:• ODFIs that have terminated an Originator or Third-Party Sender for cause

should populate the database with information from their experiences.• ODFIs should access the database prior to onboarding new Originators and

Third-Party Senders to learn about other ODFIs’ experiences with this company.• ODFIs should periodically check the database for their current Originators and

Third-Party Senders as these entities might be originating through multiple ODFIs and termination by other ODFI may be indicative of issues worthy of further review.

» https://www.nacha.org/Terminated_Originator_Database

10


The Basics

» General Customer Information• How long in business?• Could the business be impacted by the economy?• Other economic factors which could affect the company?Examples:

11

Business Line RiskAgriculture DroughtPrecious Metals FluctuationInvestment Firms Market Crash / Buyers Remorse


Business Reports

» In addition to regular credit reports . . . » Better Business Bureau

• Negative reports / complaints?• http://www.bbb.org/

» Dun & Bradstreet• Paying bills on time?• http://www.dnb.com/

» Social Media – The New Tattle-Tale! • Angie’s List • Facebook • Yelp

12


Reviewing Marketing Collateral

» Check the website• Does it advertise the products they claim to be selling?• Is there misleading advertising?• Are there ads for other businesses on the site?

13

At BB Industries, we sell medical supplies.

www.bbindustries.comGRILLS! GRILLS! GRILLS

Easy Financing! Bad Credit Ok!What they tell you What you find out


Review Previous Statements

» Analysis statement available?• Total Origination• Total Returns

o Returns by type (if available)• Do Balances support Cash Flow?• Times NSF• Times / Duration Overdrawn• Are volumes consistent with type of business?

14


Authorization Process

» Obtain copy of most current authorization» Request a sampling of existing authorizations» Determine how these are obtained

• PPD – Need signatures• WEB – Review website process• TEL – Do they have recordings?

» How are they storing authorizations?• What is the retention period?

o Must be 2 years following last settlemento 7 years for RCK

15


Behind Closed Doors

» Onsite Inspection• Are terminals in a secure area?• Is sensitive data locked-up?• Do they conduct employee background checks?• Any AAPs?

o Who is the ACH expert?• Are data-breach procedures in place?

16


Originator Self Management

» ACH Software Platforms & Processes• What software is being used?• Ability to monitor returns• Internal Risk Program• Annual Self Audits• Originating through another FI?

17


Credit vs. Prefunding

18


Credit Underwriting

» Based on ability to pay» Generally an unsecured line of credit» Established exposure limits over multiple settlement

dates» Risk of credit deterioration

• Regular monitoring required• Business Reports

» Some originators may not qualify» Funding / Settlement takes place on Settlement Date of

entries

19


Credit Underwriting Policies

» Establish a policy for determining the total exposure limit:• Ex. Credit exposure is 110% of maximum file needs. • Ex. Debit exposure is 150% of maximum file needs.

o Weekly payroll origination: $100,000 maximum file X 110% = $110,000 total exposure

» Determine how to handle over-the-limit submissions• Who can approve and up to what amount?

» Ensure your credit team understands ACH risk • Include ACH language in your credit policy

20


Credit Underwriting Policies

» What financials will you require for approval?• 3 years of audited financial statements• Personal guarantee• How will you handle start-ups?

» When will the approval expire?• Best Practice: Tie expiration to annual loan renewal

» How will you monitor?• Review origination history at annual loan renewal• Determine if existing limit is still suitable

» What about anomalies?• Annual bonuses

21


Prefunding

» Credit Origination• Verifies available funds prior to transmitting file to ACH

Operator• Funds may be placed on hold or debited• Debit may take place on Presentment Date or on date file

is transmitted to ACH Operator• If debited, customer loses Earnings Credit• Consider transfer to bank-held (settlement) account

o What if funds are held & account is frozen by authorities after file is sent?

22


Onboarding

23

All aboard!


Workflow Process

24

Sales Implementation Training Customer Support

Ongoing Education & Maintenance

Establish your workflow process for onboarding a new originator:


Sales Process

» Who can sell ACH services: • Treasury Sales Officers?• Treasury Assistants?• Branch Managers?

» How will internal team stay up-to-date on ACH rules?» Define a process for validating current origination

needs:• Does treasury sales officer sign off? Relationship

manager?• But… the customer is creditworthy!

25


Case Study: Bank Prospect

» Originator: Retail Furniture Company• Sells furniture to consumers via in-house payment plans• Monthly payments for agreed upon period of time

» Gained authorization over the phone, but originated PPDs• No written or recorded authorization• No notification or confirmation to consumer• Used recurring TEL before it was allowed

» Resolution: Helped company become compliant before agreeing to transition their relationship• ACH Rules Book• Regional Payments Association

26


Implementation

» What agreements will you require the client to sign?• Dedicated ACH Agreement or Treasury Management Master

Agreement• Should client sign-off on exposure limit or keep confidential?

» Determine system users, administrators, etc. • Dual approvals/administrators

o Define how to handle small businesses or one person shops

» Only setup SECs that customer actually uses» Develop check-back (call-back) procedures to ensure

accurate setup• Separation of duties

27


Training

» Who will conduct client system training?• Dedicated treasury support team• In-person training

» Will you encourage prenotes?» Develop procedures for clients opting out of best

practices• Ex. During training, a client wants to opt out of dual

approval. Who can sign off on this?» Review how to view NOCs and Returns

• Explain how to action

28


Customer Support

» Determine phone authentication procedures• Non-Public Personal Information

o Ex. Favorite restaurant or coloro Ex. First movie seen

» Who will client call with issues?• Dedicated support person• Branch Teller

» Customer communications:• System upgrades• New security parameters

29


Education

» Will your FI provide a complimentary copy of the Corporate Rules book?• Purchase a hard copy book• Provide online access or CD• Another means?

» How will you ensure clients are aware of rules changes?• Ongoing training webinars• Lunch & Learns• Messaging through online banking

» Agreement language stating “originator agrees to follow ACH rules” is not good enough.

30


Maintenance

» Perform annual treasury management relationship reviews:• Does client still need existing services?• Do they need additional services (e.g. adding WEB)?• Are they experiencing growth that could impact their

exposure limit?» Has there been company turnover?

• A need for supplemental training?• Is the former CFO still listed as an online administrator?

» ACH Audits• Determine how to ensure compliance on a periodic basis

31


Case Study: Existing Customer – No ACH Origination

» Originator: Safety Equipment Company• Sells safety equipment nationally• Primarily B2B with limited P2P

» Relationship review uncovered 23 employees “begging” company for direct deposit• Thought it was cost prohibitive and too complex• Didn’t think accounting software could support paystubs

without a physical check» Resolution: Implementing ACH Origination (PPD) and ACH

Positive Pay

32


Other Considerations

33


Pricing

» How will you price your ACH offering?• Online Account Access Fees• One-time Setup Fees• ACH Monthly Fee• Per File Submitted Fee• Per Item Originated Fee• NOC or Return Fee• Suspended/Over-the-limit File Fee• Annual Audit Fee• Research Fee

34


Processing

» How will you accept ACH files?• Creating templates through your online system• File Import• File Upload• Secure file transmission

o FTP » Will you have special security parameters in place for

files transmitted outside of your online system?• Ex. Can your FTP option support dual approval?

35


Operational Considerations

» File Monitoring• Transaction amounts/volumes

» Out-of-Band Authentication• Phone/Fax• Cell Phone Callback

» File Scheduling• Ensures timely processing

o No missed payroll• Helps prevent Account Takeover

36


Risk Monitoring

» Unauthorized Returns• NACHA 1% Rule• Deceptive Practices / Inferior Products

» Administrative Returns• Excessive No Account / Closed Account

o Could be phishing for account number• Disproportionate NSF/UCF

o Could be kiting

37


Fraud Prevention

» Develop a call back procedure for verifying over-the-limit or atypical files• Don’t assume that the client originated the file

» Require waivers for clients opting out of best practices• Require dual approval• Require out-of-band authentication• Don’t let clients opt out of both

» Consider offering fraud prevention services:• ACH Debit Block• Filters• ACH Positive Pay

38


Case Study: Existing Originator

» Originator: Local Manufacturing Company• Weekly payroll for 150 employees (PPD)• Bi-monthly vendor payments (CCD+)

» Submitted out-of-sequence file over their typical limits» Relationship Manager received notification

• “It’s a valued customer with a long-standing relationship. Approve the file.”

• Turned out to be fraud and the bank took a $300,000 loss» Resolution: Implemented call-back procedures to verify

over-the-limit files and setup file scheduling

39


Questions?

40

Documents

Effective Due Diligence & Onboarding · Effective Due Diligence & Onboarding Melissa Giddens, CTP, ... • Best Practice: ... but originated PPDs