The ACH Audit utilizes the latest NACHA ACH Audit guidelines.  After gathering general information about the bank’s ACH environment, the following areas will be covered as appropriate based on the types of ACH functions performed by the financial institution.

Section 1: ACH Background – Review the bank’s previous Audits, Training History, Employee Policies, Employee Access Controls, and Transaction Documentation/ Retention.  This review is designed to help identify risk exposure areas.

Section 2: General Information – Review additional information about personnel involved in the ACH area, Audit Logs, Documentation, Security, Management Oversight, Contingency Plans and Training.

Section 3: ACH Receipt – Review the receiving side of ACH including Pre-notifications, ACH Returns, Funds Availability, Notifications of Change, Debit and Credit Information on Customer Statements, Stop Payments, Warehousing and Funds Availability.

Section 4: Third-Party Service Providers/Third Party Senders – If a Receiving Financial Institution (RDFI) utilizes Third-Party Service Providers or Third Party Senders to receive or perform ACH processing, they remain responsible and liable for their agent following all established rules and guidelines.  We will review the Third-Party Service Providers’ documentation confirming completion of a Third-Party Audit according to the NACHA Operating Rules.  In the case of a Third-Party Sender we will review the Senders’ documentation warranting to the RDFI that it makes the warranties and assumes the liabilities of an RDFI.

Section 5: ODFI ACH Origination – Review Agreement with Originators or Third-Party Senders, Communication between the Originating Financial Institution (ODFI) and Originators or Third-Party Senders, Monitoring of Exposure Limits, Authorizations, Procedures and Special Procedures and Controls for High-Risk Transactions.  We will also review the communications channel and custom interface provided through the Bank and used by originators.

Section 6: Treasury ACH – Review of Reclamation Procedures, Controls and Return of Payments after Death of a customer/member and Timely Posting of Benefit and Salary Payments.