Connect ► twitter| youtube|  Log In ► Members Only  |  Corporate One Safekeeping  |  Search

Reminder: The importance of ACH audits and risk assessments

Earlier this year, we featured an article by EPCOR’s Jennifer Kline, AAP, on this very topic, emphasizing the importance of conducting ACH audits and risk assessments. As we are now well into the fourth quarter, we hope this brief reminder will assist you as you make your end-of-year plans.

Back in July, as part of Corporate One’s ACH Services offering and our partnership with EPCOR, we provided our ACH Services users with complimentary downloads of the following resources:

  • EPCOR’s annual ACH Audit Workbook
  • EPCOR’s ACH Rules Update for Credit Unions webinar

The Workbook is a useful tool and includes audit questions and sample reports needed by an auditor. The Rules Update webinar discusses the various Rules changes and how they impact credit unions. For questions about these resources or our ACH Services offerings, please don’t hesitate to contact Corporate One Member Services at 866/MyCorp1.

The short, easy answer to why ACH audits are important is because they are required. But it’s about more than just compliance. ACH has a number of fine nuances that are not automated, and, therefore, can be subject to error. These nuances include:

  • Processing returns properly and timely
  • Getting the entries posted to accounts
  • Transmitting to the ACH Operator timely
  • Ensuring that agreements are obtained
  • Monitoring origination files against exposure limits prior to transmission

ACH audits are also necessary/important/critical because of the following:

  • The billions of dollars that move monthly via ACH, especially now that the industry has implemented Phase 1 of Same Day ACH. For example, there were approximately four million Same Day ACH transactions and $5 billion transferred by Same Day ACH in October 2016 alone. (Source: NACHA)
  • The industry trends to move funds faster overall.
  • The ACH risks of protecting against account takeover, fraud or legal action.
  • That ACH is the one payment system that governs itself by everyone agreeing to play by the “rules.”

ACH transactions are an automated process but rely on manual set up, input and maintenance. It is these manual processes that need to be reviewed to ensure continuity. More specifically, we should verify all ACH processes, functions, procedures, policies, reports, compliance, technology and recovery practices are strong to ensure that it “seems” to be an all-automated process.

The importance of ACH audit and risk assessments is to show other financial regulators that controls, checks and balances are established for this payment system.

What the ACH audit and risk assessment confirms

The ACH audit and risk assessments process confirms that the manual processes are being done right, not to specifically look for errors or flaws. If an error is found, then it is an opportunity to fix the problem prior to an issue that may result in a loss of money, a regulatory exception or any other identified risk.

The audit/assessment is also an opportunity for credit unions to enhance processes, procedures and policies and to address found issues and then verify the correction in the next annual review.

Examples of useful ACH audit/assessment findings

Maybe the ACH credit union learns from the audit or risk assessment that staff needs additional training, or more staff is needed. Or, perhaps they learn that the exposure limit established and approved on paper for an originating business client is not what is being monitored electronically by the ACH software. Even further, maybe they discover that one branch is having difficulty getting a proper Written Statement of Unauthorized Debit. Each of these situations, once revealed, will allow the credit union to repair a process that is not entirely automated.

The bottom line is that the ACH audit and risk assessments demonstrate to regulators that the appropriate controls, checks and balances are in place for this payment system.