Third-Party Payment Processor: Non-bank or third-party payment processors (processors) are bank customers that provide payment-processing services to merchants and other business entities. Traditionally, processors contracted primarily with retailers that had physical locations in order to process the retailers' transactions. (Definition by FFIEC - Federal Financial Institutions Examination Council)
Third-Party Service Providers: A Third-Party Service Provider is an organization other than an Originator, ODFI, or RDFI that performs a function of ACH processing on behalf of the Originator, the ODFI, or the RDFI.
Third-Party Senders: A Third-Party Sender sends ACH payment on behalf of its client, originating the ACH transaction through its own financial institution (bank or credit union) as opposed to the financial institution of the client. A Third-Party Sender is a type of Third-Party Service Provider that acts as an intermediary in transmitting entries between an originator and an ODFI, including through Direct Access, and acts on behalf of an originator or another Third-Party Sender. A Third-Party Sender must have an origination agreement with the ODFI of the entry and with its Originators and/or Nested Third-Party Senders.
- Third-Party Sender Identification Tool
The Third-Party Sender Identification Tool was developed to help financial institutions and their ACH customers understand their roles when an intermediary is involved in some aspect of ACH payment processing. A payment intermediary can fill a variety of roles, depending on the nature of its arrangements with specific customers. ODFIs in particular are required to know the nature of their customers’ use of the ACH Network, whether as Originators, Third-Party Senders, or other types of intermediaries.
Nested Third-Party Senders: Third-Party Sender that has an agreement with another Third-Party Sender to act on behalf of an Originator, and does not have a direct agreement with the ODFI.
Sending Point: An ACH Sending Point is a version of Third-Party Service Provider (A Third-Party Service Provider is an organization other than an Originator, ODFI, or RDFI that performs a function of ACH processing on behalf of the Originator, the ODFI, or the RDFI.) In this case the Sending Point would be explained as a function or the act of sending files to the ACH Operator on behalf of an ODFI. (Example would be a correspondent bank, a Bankers Bank, a Corporate Credit Union, or core provider.)
Receiving Point: An ACH Receiving Point is a version of Third-Party Service Provider (A Third-Party Service Provider is an organization other than an Originator, ODFI, or RDFI that performs a function of ACH processing on behalf of the Originator, the ODFI, or the RDFI.) In this case the Receiving Point would be explained as a function or the act of receiving transactions on behalf of the RDFI. (Example would be a correspondent bank, a Bankers Bank or a Corporate Credit Union, or core provider.)
Businesses acting as third-parties to a Financial Institution who help Financial Institution’s process their ACH transactions. (Example: Fintechs who offer services to Financial Institution’s.)
Services such as:
- Post entries not processed through the Financial Institution's core provider
- Managing accounts such as prepaid cards
- Processing exceptions such as returns
- Providing customer service for end users for purpose of filling out a WSUD (Written Statement of Unauthorize Debit)
- Handling ACH stop payments
RequirementsThird-Party Audit Requirement: The Nacha Operating Rules require Third-Party Senders and Third-Party Service Providers, who performs ACH services on behalf of a financial institution, to conduct an annual audit of its ACH operations and related processes. Allow UMACHA compliance experts to evaluate your existing risk management program and audit based on requirements of the Nacha Operating Rules and Guidelines. UMACHA is a licensed Direct Member of Nacha and our team of consultants are ACH experts.
Third Party Risk Assessment Requirement: The Nacha Operating Rules require Third-Party Senders to perform a risk assessment of their ACH activities and implement a risk management program, because acting as a Third-Party Sender, they assume many responsibilities of the ODFI. The UMACHA ACH Risk Assessment is a thorough assessment of ACH activities and your overall risk management program. The written report evaluates inherent risk and provides recommendations and risk ratings of your residual risk.
UMACHA Offers several Third-Party Sender and Third-Party Service Provider services:
- Pre-Audit and Risk Assessment checklists
- Client questionnaire
- Review of sound business practices and internal controls
- Review of agreements
- Exit interview
- Written report including findings and/or recommendations
- Certification form
- Access to auditor for questions
For our Affiliate members, we offer the following Compliance Services either on-site or remotely:
- Third Party Sender ACH Audit
- Third-Party Sender ACH Risk Assessment
- Third-Party Service Provider ACH Audit (includes Sending/Receiving Points)
- Third-Party Service Provider ACH Risk Assessment (includes Sending/Receiving Point)
UMACHA offers several additional services including education options and publications to support the Third-Party Sender and Third-Party Service Provider:
- Third-Party Sender ACH Audit Guide
- Third-Party Sender ACH Risk Assessment Guide
- Bundle of Third-Party Sender ACH Audit Guide and Third-Party ACH Risk Assessment Guide
- Conducting a Third-Party Sender Risk Assessment
- 2022 ACH Rules Update: Third-Party Sender Roles and Responsibilities
- 2023 ACH Rules Update (2023): Third-Party Sender Rules Enforcement
See also the UMACHA Knowledge Center for additional resources regarding ACH compliance and audit. Including sample documents, free webinars and other resources available within the website or through your profile login and the members section of the website: