How to become a Third Party Sender
Step 1: Obtain a relationship with an ODFI.
Step 2: Ensure you have appropriate Policies and Procedures in place to maintain compliance.
Step 3: The right solution is paramount to your success. With Profituity, you’ll be able to originate NACHA-compliant ACH Debits and Credits effortlessly, and watch your business thrive.
That’s it! You’ll find that the bulk of the lift actually occurs in Steps 1 and 2.
Guide to Establishing a Relationship with an ODFI
Research Potential ODFIs: Start by identifying ODFIs that are active in the ACH network and have experience working with Third Party Senders.
Make Initial Contact: Reach out to potential ODFIs to express interest in establishing a relationship.
Prepare a Solid Business Case: Present your business plan, detailing your target market, volume projections, risk management strategies, and why you're venturing into ACH. You should clearly define the scope and volume of ACH transactions you anticipate.
Demonstrate Compliance and Knowledge: ODFIs will want assurance that you're familiar with NACHA rules and have strong compliance mechanisms in place. Showcase your Policies and Procedures and your commitment to adhering to all regulations.
Negotiate Terms and Agreements: Once there's mutual interest, delve into the specifics of the relationship. This includes fees, responsibilities, transaction limits, settlement timings, and other essential details.
Undergo Due Diligence: The ODFI will likely conduct a thorough review of your business. This can include financial audits, background checks on key personnel, and assessments of your systems and processes.
Implement Integration and Testing: Once approved, work closely with the ODFI to integrate your systems. This will involve setting up secure communication channels, API integrations, and other technical requirements. You’ll also want to conduct testing to ensure transactions are processes correctly.
Obligations of Third-Party Senders
Be sure you know and understand your obligations as a Third-Party Sender. Acting as the bridge between the ODFI and the transaction originator, your role is critical. Ensuring the ACH system's efficiency, security, and integrity is your prime responsibility.
- Third-Party Senders should have a comprehensive ACH Management Policy as well as other policies that support the ACH activities of their business. These policies should be reviewed and approved by management annually.
- Third-Party Senders must establish, implement, and update security policies, procedures, and systems related to the initiation, processing, storage and destruction of Entries containing Protected Information. These policies should be reviewed and approved by management annually.
- Third-Party Senders must have established Risk Management policies and procedures. These policies should cover off on, at a minimum, the analysis, approval and onboarding of new Originators and the periodic reviews of existing Originators, exposure limit overages, Return/NOC activity and other unusual or suspicious activity and reporting procedures. These policies and procedures should be reviewed and approved by management annually.
- Third-Party Senders must establish, implement and update, as appropriate, policies, procedures and systems with respect to the initiation, processing and storage of Entries that are designed to: (a) protect the confidentiality and integrity of Protected Information until its destruction, (b) protect against anticipated threats or hazards to the security or integrity of Protected Information until its destruction; and (c) protect against unauthorized use of Protected Information that could result in substantial harm to a natural person.
- Third-Party Senders should have a business contingency plan in the event of hardware or software failure, unreadable Files, duplications or Erroneous Entries being processed. Testing should be conducted at least annually.
- Third-Party Senders should have detailed written procedures for receiving Files from Originators and Nested Third-Party Senders, for the delivery of ACH Files to the Financial Institution, receipt of Rejects, Returns and NOC functions. These policies should be reviewed and approved by management annually.
- Third-Party Senders are required to conduct an annual ACH Audit. Audit documentation must be maintained for a period of six years. Outstanding audit issues should be addressed in a timely manner. Audit findings and management responses should be documented and reviewed by management.
- Third-Party Senders are required to conduct a Risk Assessment of both receiving and originating ACH Functions. Risk assessments should be conducted at a minimum annually.
- Third-Party Senders must have an Agreement with each Originator. The Agreement should cover off on the items addressed in Section VII - Appendices, Appendix C, Issues to be addressed in agreements in the NACHA Operating Guidelines.
- Third-Party Senders should develop and implement a formal training program for new and existing Originators to keep them informed, on an on-going basis, of amendments and revisions to the NACHA Operating Rules & Guidelines. This should also include a comprehensive review of Originators’ and Nested Third-Party Senders’ warranties and liabilities regarding their participation in the ACH Network.
- Third-Party Senders should provide guidance for Originators that includes sample authorizations and information that addresses authorization requirements, record retention and revocation of authorization.
- Third-Party Senders must establish exposure/transaction limits for each Originator. These limits should be monitored daily by Operations staff. Third-Party Senders must periodically review established limits and have procedures in place for monitoring origination and Return Entries over multiple Settlement Dates.
- Third-Party Senders must monitor all types of Returned Entries by Originator and Nested Third-Party Sender, and maintain evidence that monitoring is being done. Return levels above the accepted Rules standards should be addressed immediately.
Originating Depository Financial Institution (ODFI): A participating financial institution that receives the payment instructions from an Originator and forwards the Entries to the ACH Operator.
Receiving Depository Financial Institution (RDFI): A participating financial institution that receives entries directly or indirectly from its ACH Operator to the accounts of Receivers.
Third-Party Service Provider: A Third-Party Service Provider is an organization that performs any functions on behalf of the Originator, the ODFI, or the RDFI (not including the Originator, ODFI, or RDFI acting in such capacities) with respect to the processing of ACH entries, including, but not limited to, the creation of ACH files.
Third-Party Sender: A Third-Party Sender is a type of Third-Party Service Provider that acts as an intermediary on behalf of an Originator or another Third-Party Sender in transmitting entries between the Originator and the ODFI (or directly to the ACH Operator on behalf of the ODFI, via Direct Access), when there is not an Origination Agreement directly between the Originator and ODFI.
Originator: A Person that has authorized an ODFI (directly or through a Third-Party Sender) to transmit, for the account of that person, a credit entry, debit entry, or non-monetary entry to the Receiver’s account at the RDFI. The Originator is the party who has the contractual relationship with the Receiver and to or from whom funds are ultimately owed.
Receiver: A Person that has authorized an Originator to initiate a credit Entry, debit Entry, or Non-Monetary Entry to the Receiver’s account at the RDFI.