For Third-Parties in the ACH network and the financial institutions who may originate entries on their behalf, understanding and completing an ACH audit in accordance with the NACHA Operating Rules can be a challenge. At UMACHA we have the tools and expertise to help ensure you are compliant and to learn how to stay up-to-date on changes that may affect Third-Parties in the network.
For our Affiliate Members, we offer on-site audit services, similar to those that are available to our financial institution members. A UMACHA compliance staff member can come to your location and complete an ACH Audit and/or ACH Risk Assessment for you, providing a comprehensive report of findings and recommendations afterwards for you and your management team. If you or your Third-Party relationship are not already members of UMACHA, visit our membership page to learn more right now!
To help you complete your own *Third-Party Sender audit and/or risk assessment, visit our Compliance Publications page to order our Third-Party Sender ACH Audit Guide and/or Third-Party Sender Risk Assessment Guide. This tool will help you understand what provisions of Chapter 56 apply in the Third-Party Sender environment and how to properly test for compliance, along with guidance on how to mitigate Third-Party Sender Risk.
*Note: This is for Third-Party Senders only, and may not be applicable to Third-Party Service Providers, and Third-Party Payment Processors
THIRD-PARTY COMPLIANCE SERVICES
For our Affiliate members, we offer the following Compliance Services either on-site or remotely:
- Third Party Sender ACH Audit
- Third-Party Sender ACH Risk Assessment
- Third-Party Service Provider ACH Audit (includes Sending/Receiving Points)
- Third-Party Service Provider ACH Risk Assessment (includes Sending/Receiving Point)
Fill out our UMACHA Compliance Services Request Form or call us at 1-800-348-3692 for more information or to request a service.
We have collected commonly asked questions
from our members throughout the registration process to help you along the way.
Q: What databases are available in the Risk Management Portal?
A: The following databases are all accessible through the Risk Management Portal:
• The Third-Party Sender Registration Database
• The Direct Access Registration Database
• The Terminated Originator Database (TOD)
• The Emergency Financial Institution Contact Database
Q: Do I need to register multiple times to access each database?
A: No. Each financial institution must register only once in the Risk Management Portal. All databases are available from a single login within the Risk Management Portal.
Q: My financial institution has multiple Routing and Transit Numbers (RTNs). Which
one do we register? Do we need to register every single RTN?
A: Each financial institution will select their primary RTN at registration and this number will remain associated with the financial institution for all applications within the Risk
Q: My Third-Party Sender customer originates for many originators and a different
Company ID is used for each. Which Company ID do I use?
A: Only register the TPS Company ID of the Third-Party Sender and not the company names and IDs of every Originator. The NACHA Operating Rules do not require the Company ID for every Originator associated with the Third-Party Sender.
Q: How many individuals from my organization may access the Risk Management Portal?
A: The Portal allows for one administrator from each organization and up to four additional users. The administrator will create an account within the Risk Management Portal and assign users access.
Q: My ODFI has already registered as not having a Direct Access relationship. Do we
need to register again?
A: Yes. Each ODFI must reregister their Direct Access status. Each ODFI will attest to its
Third-Party Sender customer status and Direct Access customer status during the initial
registration. The status of each registration can be changed at any time within the Risk
Management Portal. Once registered, you can print proof of registration for your Risk/ACH audit.
Q: How can I find my ODFI’s registration confirmation?
A: A registration confirmation is now available from the ODFI Management page in the portal. This one page printable document provides the date the financial institution
registered, the current Direct Access Registration and Third-Party Sender Registration status, and the current number of registered Third-Party Sender customers and Direct Access relationships.
THIRD PARTY SENDER REGISTRATION
The Third-Party Sender Registration rule will require Originating Depository Financial Institutions (ODFIs) to identify and register their Third-Party Sender customers. The registration process will promote consistent customer due diligence among all ODFIs, and serve as a tool to support NACHA’s continuing efforts to maintain ACH Network quality.
ODFIs will be required to complete their registrations through the Third-Party Sender Registration Database, which can be accessed through NACHA's Risk Management Portal on NACHA’s website.
Registrations can be completed through either an individual TPS upload or bulk TPS upload process. The individual upload process allows for quick registration, editing and deactivating of individual TPS relationships, while the bulk upload (available in XML, Excel, and CSV) allows for registering, editing, deactivating, and maintaining groups of TPS relationships.
The Third-Party Sender Registration Rule requires all ODFIs to either register their Third-Party Sender (TPS) relationships or state that they do not have any. Initial registrations are du