NDB provides ACH audit and auditor services for entities (i.e., Depository Financial Institutions - DFI, Third-Party Service Provider(s) - TPSP, and other relevant organizations) requiring compliance with Appendix Eight (8) "Rule Compliance Audit Requirements," as published by NACHA Operating Rules & Guidelines. Specifically, entities must undergo an ACH audit on an annual basis in accordance with Appendix Eight (8), which ultimately means that "participating DFI's" must comply with all provisions of the rules as stated. Trust NDB for your competent, and capable ACH audits and auditor services.
As for NACHA's Appendix Eight Rule Compliance Audit Requirements, it consists of the following "Parts":
Part 8.1 - General Audit Requirements
Part 8.1 states that each participating DFI, Third-Party Service Provider (TPSP), and other relevant entities must conduct an actual ACH audit in accordance with the stated rules of Appendix Eight (8). Furthermore, Part 8.1 denotes the following:
- A specific audit methodology is not prescribed - rather, the identification key provisions that should be examined for compliance are noted.
- An annual audit must be conducted no later than December 31.
- The audit must be performed under the direction of the audit committee, audit manager, senior level officer, or independent external examiner, as stated within Appendix Eight (8).
- Documentation validating completion of the audit must be retained for a period of six (6) years from the date of the audit. Failure to do so is a serious rule violation.
Part 8.2 requires verification of the following:
- Record of each entry is retained for six (6) years.
- Records in electronic form accurately reflect the information on the record.
- Participating DFI's conducted an audit of compliance in accordance with Appendix Eight (8).
- Encryption or a secure protocol is used for banking information.
- Participating DFI's have reported and paid all annual fees and a per entry fee to the National Association.
- Participating DFI's have conducted an assessment of ACH risks and have implemented a risk assessment program.
Part 8.3 requires verification of the following:
- Account numbers contained in a Pre-notification entry are valid.
- Notifications of changes are transmitted within two (2) banking days.
- All types of entries are received and accepted, where applicable.
- The amount of each credit entry received from an ACH operator is made available no later than settlement date.
- RDFI provides or makes available required information concerning credit and debit entries.
- RDFI transmits return entries to its ACH operator as required.
- Return entries are transmitted to RDFI's ACH operator by midnight, etc.
- RDFI returns any credit entry that are refused.
- RDFI honors stop payment orders.
- Written statements are obtained from consumers as required.
- RDFI provides proper notice as required.
- RDFI, when requested by the non-consumer receiver, provides all necessary information as required.
Part 8.4 requires verification of the following:
- ODFI has entered into origination agreements with all originators or third party senders.
- ODFI has entered into agreements with all sending points that transmit entries as required.
- ODFI has assessed the risks as required and has implemented an exposure limit.
- ODFI accepts return entries and extended return entries in compliance with the applicable rules.
- Information relating to NOC's and corrected NOG's is provided to parties as required.
- ODFI provides to the RDFI, upon written request, relevant records as required.
- Late return entries are accepted.
- Provided originator with proper notice to ensure compliance with UCC Article 4A.
- ODFI has utilized a commercially reasonable record for establishing identities.
- Reversing entries and reversing files are initiated in accordance with the requirements.
- ODFI has established and implemented procedures relating to identification.
- ODFI has reported return rate information as required.
- ODFI has complied with three (3) critical points regarding registration, approval, and reporting.
- ODFI has kept applicable parties informed of their responsibilities under these rules.
ACH Audits and Consulting Expertise | That's the NDB Difference.