To the Editor:
Nacha's new Network Enforcement Rule will go a long way in punishing those very few financial institutions that will not take steps to cease activity that is detrimental to the ACH network ["
The fines will only take effect once abuses have been uncovered, in most cases, after a significant amount of damage to consumers and businesses has occurred.
The greatest problem the network faces is transactions originated by third-party merchant processors. Historical return-pattern tracking conducted by the ACH operators and Nacha has clearly indicated that the majority of questionable behavior has originated primarily from third-party merchant processors and the financial institutions that originate transactions for them.
Most financial institutions employ their "know your customer" procedures for direct customers, including third-party merchant processors, but there is little or no discipline around such procedures for the customers of the third-party merchant processor, which can include other third-party merchant processors, independent sales organizations, and merchants.
Many of the merchants that use third-party processors do so because they could not pass the standard "know your customer" procedure if they approached a financial institution directly. These merchants cannot withstand the light of scrutiny.
A number of financial institutions have a policy that they will not do business with third-party merchant processors, because of the risks and the effort that it takes to do proper due diligence. For financial institutions that choose to process ACH debit and demand draft transactions for third-party merchant processors, it's imperative to follow sound "know your customer's customers" procedures and policies.
Financial institutions need to be able to:
- Identify all merchants that the third-party merchant processor will originate transactions for using a set of predetermined information.
- Identify any other third-party merchant processors or independent sales organizations that may be originating transactions through them.
- Screen all merchant information supplied and perform basic due diligence on the merchant.
The originating depository financial institution (ODFI) is the gatekeeper of the ACH network. (Third-party merchant processors should never have direct access to the ACH.) The ODFI warrants that all debit activity is authorized, and it is financially liable for all activity that it brings to the system. These responsibilities include prohibiting illegal activity (e.g. Internet gambling, illegal tobacco sales), making the participants financially whole for fraudulent activity, and ensuring that the poor and elderly are not taken advantage of by unscrupulous telemarketersThe vast majority of originators are legitimate, but it is each originating financial institution's job to ensure that the bad ones never initiate a transaction into the ACH network.
Fines do not prevent ACH network abuse; all they do is provide punishment for the abuse. Nacha needs to pass a rule to ensure that financial institutions follow best practices for conducting proper due diligence on all originators, whether they are direct or indirect (originating through a third-party merchant processor).George F. Thomas
Chief executive officer
Radix Consulting Corp.
Oakdale, N.Y.Editor's note: The author is a former executive vice president of The Clearing House Payments Co., where he managed the payments division.
