1 Q: When is this rule in effect?

A: The Rule became effective September 30, 2022. A six-month grace period, to March 31, 2023, is provided for ODFIs to update TPS registrations to denote whether or not a TPS has Nested TPS.

2 Q: What is required in the Risk Management Portal?

A: An ODFI will identify in Nacha’s Risk Management Portal all Third-Party Senders that allow Nested Third-Party Sender ACH origination.

3 Q: When is this rule in effect?

A: The ACH Contact Rule became effective on July 1, 2020. The deadline for compliance with registration requirements was October 30, 2020.

4 Q: Who do I list from my financial institution to comply?

A: All financial institutions participating in the ACH Network will be required to register contact information with Nacha for personnel or departments responsible for 1) ACH operations and 2) ACH fraud/risk management. There are additional, optional contacts that you should consider providing, such as wire, check, credit card, compliance, legal, etc.

5 Q: What is the value of the ACH Contact Registry?

A: Nacha created the ACH Contact Registry for financial institutions to be able to more easily connect with other financial institutions about ACH operations, exceptions, and risk management. Codifying the requirement to use the ACH Contact Registry in the Nacha Operating Rules ensures contact information by all financial institutions that participate in the ACH Network will be available.

6 Q: Will everyone see everything that is posted in the ACH Contact Registry?

A: After a participating financial institution has provided their contact information, they will be able to search the ACH Contact Registry by routing number or financial institution name and view the contacts that other financial institutions have provided.

7 Q: How do I know if I have a Third-Party Sender?

A: The Third-Party Sender Identification Tool helps financial institutions and their ACH customers understand their roles when an intermediary is involved in some aspect of ACH payment processing by asking a series of questions that can help to identify whether a business is a Third-Party Sender.

The "What is a Third-Party Sender?" video brings high-level awareness regarding the importance and value that Third-Party Senders bring to the payments ecosystem and why properly identifying them helps to ensure a safe and reliable ACH Network for all payment systems stakeholders while also continuing to allow for innovation in payments processing. For educational distribution, Standard and Extended versions (in SD and HD formats) of the video are available for download on our Vimeo channel.

Third-Party Sender Registration provides Rule information and details for ODFIs to register their Third-Party Sender customers.

Additional Third-Party Sender resources and education can be found on the Nacha Store or by contacting your local Payments Association. Financial institutions are encouraged to obtain their own legal counsel regarding their obligations under the Nacha Operating Rules and other applicable legal requirements.

8 Q: My Third-Party Sender customer originates for many Originators and a different Company ID is used for each. Which Company ID do I use?

A: If multiple Company IDs are used for a single Third-Party Sender, only enter the Third-Party Sender once and enter one of the associated Company IDs. (*Note: Do not enter any one Third-Party Sender more than once.)

Only register the TPS Company ID of the Third-Party Sender and not the company names and IDs of every Originator. (*Note: The Nacha Operating Rules do not require the Company ID for every Originator associated with the Third-Party Sender.)

9 Q: How will Nacha use the information about registered Third-Party Senders?

A: Registration information will not be disclosed to outside parties. Nacha may publish aggregate statistical information from the registry as we learn more about Third-Party Senders and their relationship to the ACH Network.

10 Q: How do I identify if one or more of my Third-Party Senders has nested Third-Party Senders?

A: The Third-Party Senders Roles and Responsibilities rule requires the ODFI to identify in Nacha’s Risk Management Portal all Third-Party Senders that have Nested Third-Party Sender relationships. Go to the edit TPS screen and answer Yes or No to the question “This TPS Has Nested TPS(s)?”. You may also answer this question when registering new TPSs or when uploading a bulk list of your TPSs. See ODFI Portal Instructions for more information.

11 Q: How do I know if I have a Direct Access Debit Participant?

A: If you?re not sure whether your ODFI maintains Direct Access Debit Participant relationships with Third-Parties and/or Originators, see our definitions and example scenarios, or your local Payments Association with questions. Remember to provide your financial institution?s routing number in all email communication, since this helps us to identify you in our database.

12 Q: How will Nacha use the information about registered Direct Access Debit Participants?

A: Registration information will not be disclosed to outside parties. Nacha may publish aggregate statistical information from the registry as we learn more about Direct Access Debit Participants and their relationship to the ACH Network.

13 Q: How do I use the Terminated Originator Database?

• To add information on terminated Originators and Third-Party Senders.
• To investigate new Originators and Third-Party Senders before onboarding.
• To periodically verify your current Originators and Third-Party Senders, ensuring they haven?t been recently terminated by another ODFI.
• Inclusion in TOD does not mean an Originator or Third-Party Sender is prohibited to working with another ODFI.

14 Q: Who is eligible to use the Risk Management Portal?

• Originating Depository Financial Institutions (ODFIs) must use the Risk Management Portal to register contacts in the ACH Contact Registry, register Third-Party Sender customers and register Direct Access Debit Participants or to acknowledge the absence of those relationships, and may access and contribute to the Terminated Originator Database.
• Receiving Depository Financial Institutions (RDFIs) must use the Risk Management Portal to register contacts in the ACH Contact Registry and may access and contribute to the Terminated Originator Database.
• Third-Party Service Providers and Third-Party Senders may use the Portal to access and contribute to the Terminated Originator Database.

15 Q: What security is in place to protect access and data on the Risk Management Portal?

A: Nacha is committed to taking appropriate steps to secure the data collected and stored in the Risk Management Portal (Database). The Database is a hosted solution built with security and business continuity in mind, including physical security, encryption, user authorization and authentication processes, and auditing to verify satisfaction of privacy and security requirements. Authorized users must use a secure portal to access the Database, and data is encrypted while it is in transit to Nacha and remains encrypted while it is at rest in the solution. Moreover, compliance of the underlying cloud platform with key industry standards is certified by the cloud service provider.

16 Q: My financial institution has multiple Routing and Transit Numbers (RTNs). Which one do we register? Do we need to register every single RTN?

A: Each financial institution will select their primary RTN at registration and this number will remain associated with the financial institution for all applications within the Risk Management Portal. Nacha is using a list of RTNs from Accuity, the official ABA registrar, to track all RTNs associated with each financial institution. Both the Third-Party Sender and Direct Access registration rules require associating specific RTNs to individual customers or relationships. Assigning the additional RTNs used by Third-Party Sender customers and Direct Access Debit Participants for these registrations can be completed within the Third-Party Sender and Direct Access registration databases.