Connect ► twitter| youtube|  Log In ► Members Only  |  Corporate One Safekeeping  |  Search

New year, new rules: Payments-related compliance activities

By: Jen Kirk, AAP, VP Industry & Government Relations, EPCOR

Compliance is a bold word that touches almost every facet of a financial institution, and millions of dollars are spent each year attempting to ensure that financial institutions remain in compliance. Regulatory agencies and private sector rule-making bodies, such as NACHA (The Electronic Payments Association) continuously release updated and new compliance requirements. As a Regional Payments Association, EPCOR has summarized specific payments-related activities changing this year. The following is a list of compliance issues currently of interest to the payments space.

Payday Lending – Consumer Financial Protection Bureau (CFPB)

Effective date: January 16, 2018

The CFPB has issued a rule to create consumer protections for certain consumer credit products. The rule generally requires that, before making a balloon loan, a lender must reasonably determine that the consumer can to repay it.

Second, for longer-term loans with an annual percentage rate greater than 36 percent that are repaid directly from the consumer’s account, the rule identifies that it is an unfair and abusive practice to attempt to withdraw payment from a consumer’s account after two consecutive payment attempts have failed unless the lender obtains the consumer’s new and specific authorization to make further withdrawals from the account.

The rule also requires lenders to provide certain notices to the consumer before attempting to withdraw payment for a covered loan from the consumer’s account. Learn More >

Third Party Sender Registration – NACHA – The Electronic Payments Association

Deadline to register: March 1, 2018

Originating Depository Financial Institutions (ODFIs) are required to acknowledge whether or not they are originating ACH transactions for Third-Party Senders. For ODFIs with no Third-Party Sender origination, the financial institution must simply attest to this by registering with ‘no Third-Party Senders’ in NACHA’s Risk Management Portal.

For ODFIs who do originate for Third-Party Senders, the following information must be registered: ODFI name and contact information; name and principal business location of the Third-Party Sender; the ODFI’s RTN used in originating transactions for the Third-Party Sender; and the company ID(s) of the Third-Party Senders.

The rule is being used to collect initial data, but in the occurrence of a significant risk event, NACHA is permitted to request more specific information. If requested, the ODFI would have 10 banking days to respond.

Register your Third-Party Senders >

Same Day ACH – Phase 3 – NACHA – The Electronic Payments Association

Deadline to comply: March 16, 2018

Same Day ACH is here to stay. And, on March 16, financial institutions will have implemented the third of three requirements to ensure compliance with the Same Day ACH Rules. Phase 1 (effective 2016) and Phase 2 (effective 2017) addressed settlement between the financial institutions and ACH Operators. In Phase 3, the ACH Rules require that monies for same-day ACH credits be made available for cash withdrawal to account holders by 5:00 p.m. local time.

Customer Due Diligence (CDD) – Financial Crimes Enforcement Network (FinCen)

Deadline to comply: May 11, 2018

A new beneficial ownership requirement requires financial institutions to know and verify the identity of individuals of legal entity account holders. The rule was passed to address weaknesses enabling criminals to access the financial system anonymously. These requirements should be addressed through the financial institution’s Bank Secrecy Act (BSA) program.

Learn More >

Regulation CC – Board of Governors of the Federal Reserve System

Changes effective: July 1, 2018

After much anticipation, the Federal Reserve Board has amended check collection and return requirements under Regulation CC (Availability of Funds and Collection of Checks) to facilitate the financial industry’s ongoing transition to a fully electronic check collection and return process. These rules impact paper and electronic check returns, non-payment requirements for electronic checks, exchange or electronic checks, Electronically Created Items (ECIs) indemnities, Remote Deposit Capture (including mobile) indemnities and settlement times for electronic checks.

Learn More >

Prepaid Account – Consumer Financial Protection Bureau (CFPB)

Effective date: April 1, 2019

The CFPB is amending Regulation E, regarding prepaid accounts. The amended Rules include changes in error resolution and limitations on liability for prepaid accounts where the financial institution has not successfully completed its consumer identification and verification process.

Learn More>


EPCOR provides electronic payments and risk management information, education, support and national industry representation to assist U.S. financial institutions and affiliated organizations in maintaining compliance, reducing risk and enhancing the overall operational efficiency of electronic payments. EPCOR members include over 2,200 banks, credit unions, thrifts and affiliated organizations located in Arkansas, Illinois, Indiana, Iowa, Kansas, Kentucky, Missouri, Nebraska, Oklahoma, Ohio, Pennsylvania and West Virginia.