Risk & Compliance
-
A Participating DFI must annually conduct, or have conducted, an audit of its compliance with these Rules.
A Third-Party Service Provider or a Third-Party Sender that has agreed with a Participating DFI to process Entries must annually conduct, or have conducted, an audit of its compliance with these Rules.
An annual audit must be conducted under these Rule Compliance Audit Requirements no later than December 31st of each year.
Click here to order a copy of the 2024 Nacha Operating Rules and Guidelines
-
This requirement to conduct an audit relates solely to compliance with these Rules and is not limited to compliance with any specific rule or group of rules. This audit obligation does not address other audit considerations with regard to a Third-Party’s ACH policies, procedures, or regulatory compliance.
For a Third-Party Service Provider, these audit requirements apply only to the functions of ACH processing that it performs on behalf of a Participating DFI or a Third-Party Sender. For a Third-Party Sender, these audit requirements apply to its performance of any obligations of an ODFI under these Rules. References within these Rules to an audit of an ODFI’s or RDFI’s performance therefore also apply to a Third-Party Service Provider or Third-Party Sender acting in the capacities described above.
-
An ACH audit of compliance with the Rules must be performed under the direction of the audit committee, audit manager, senior level officer, or independent (external) examiner or auditor of the Participating DFI, Third-Party Service Provider, or Third-Party Sender.
o Third-Party Service Provider/ Third-Party Sender ACH Audit Learn More
ACH Risk Assessment
A Third-Party Sender must conduct an assessment of the risk of its ACH activities and implement a risk management program on the basis of such an assessment.
o Third-Party Service Provider/ Third-Party Sender ACH Risk Assessment Learn More
PaymentsFirst, a Payments Association and the sponsor of this website, provides members and non-members ACH Audit and Risk Services that include annual ACH Audit and ACH Risk Assessments. PaymentsFirst also provides customized consulting services for Third-Party Service Providers, Third-Party Senders, ACH Originators, and Financial Institutions. You can contact us by phone or email, or just click the link below and request a proposal. We will contact you to discuss your organization’s ACH risk and compliance service needs.