Upcoming ACH Rule Changes
Effective March 21, 2010, the NACHA Operating Rules will be amended to clarify some of the authorization, returns, and stop payment provisions. These changes are designed to enhance the quality of transactions in the ACH Network.
The rule on Authorizations and Returns clarifies the requirements for authorization of ACH entries to specifically use the language of Regulation E that an authorization must be “clear and readily understandable.” With regards to returns, the rule eliminates the requirement that a Receiver’s written statement regarding an unauthorized debit be made “under penalty of perjury”, and establishes minimum information requirements for the written statement.
The Stop Payments rule realigns the NACHA Rules with the requiremen
ts of Regulation E. As the Federal Reserve Board’s Staff Interpretation of Regulation E has changed over time, there has been a divergence between the NACHA Rules and Regulation E with respect to the intent of, and processing requirements for, stop payment orders on ACH debits. This rule revises specific language regarding the expiration of a stop payment order, and clarifies that the stop payment order would remain in effect until all entries related to the Receiver’s stop payment have been stopped.
Full details on these rule changes can be found in the 2010 NACHA Rule Book, or by clicking here for an excerpt from the 2009 Rule Supplements.
Financial Regulators Issue Interest Rate Risk Advisory
The Federal Financial Institutions Examination Council (FFIEC) released an advisory on January 7, 2010 reminding institutions of supervisory expectations for sound practices to manage interest rate risk (IRR). This advisory, adopted by each of the financial regulators reiterates the importance of effective corporate governance, policies and procedures, risk measuring and monitoring systems, stress testing, and internal controls related to the IRR exposures of depository institutions. It also clarifies elements of existing guidance and describes some IRR management techniques used by effective risk managers.
The financial regulators recognize that some IRR is inherent in the business of banking. At the same time, institutions are expected to have sound risk management practices to measure, monitor, and control IRR exposures. The financial regulators expect each depository institution to manage its IRR exposures using processes and systems commensurate with its complexity, business model, risk profile, and scope of operations.
The financial regulators remind depository institutions that an effective IRRs management system does not involve only the identification and measurement of IRR, but also addresses appropriate actions to control this risk. If an institution determines that its core earnings and capital are insufficient to support its level of IRR, it should take steps to mitigate its exposure, increase its capital, or both.
Please read the full Advisory on Interest Rate Risk Management for more details.
NACHA Bulletin - Business Account Takeovers
Corporate (business) account takeover is a type of cyber-crime that is targeting small business customers of financial institutions. Cyber thieves gain 
control of a business’ account by stealing the business’ valid online banking credentials. Although there are several methods being employed to steal credentials, the most prevalent involves malware that infects a business’ computer workstations and laptops.
Last month, NACHA issued an Operations Bulletin to alert financial institutions about this increasing common problem for small businesses. If your credit union offers online services to small businesses or non-profit organizations, click here to read more about how the takeover scheme operates and what you can do to prevent potential losses.
