CUNA Comment Letter

Re: Proposed Warranties for Third-Party-Service Providers

April 1, 2003

Mr. William Colbert
Network Services Manager
NACHA – The Electronic Payments Association
13665 Dulles Technology Drive
Suite 300
Herndon, Virginia 20171

Dear Mr. Colbert:

The Credit Union National Association (CUNA) appreciates the opportunity to comment on the proposal by NACHA to make third-party service providers more accountable under NACHA Operating Rules. CUNA, a national trade association, represents more than 90 percent of the nation’s 10,000 state and federal credit unions. This letter reflects the views of CUNA’s Payment Systems Subcommittee, whose chair is Terry West of VyStar Credit Union, Jacksonville, Florida.

Summary of CUNA's Views

CUNA has the following comments on the changes to the NACHA Operating Rules that would affect third-party service providers and their originators:

Discussion

CUNA supports NACHA’s proposal to define third-party service providers that would be covered under the rule. A new term, “Third-Party Sender,” is defined to identify an entity that is not the Originator but that has authorized an ODFI or another third-party to transmit credit or debit entries on behalf of the Originator. CUNA encourages NACHA to revise its definition of Third-Party Sender. The proposed definition is confusing because it includes the term it attempts to define, i.e., “Third Party Sender.” CUNA proposes the following instead:

SUBSECTION 14.1.58 “Third-Party Sender”

means a person that is not an Originator that has authorized an ODFI or another Third-Party Sender a Third-Party Service Provider to transmit for the account of the Third-Party Sender or another Third-Party Sender on its behalf, (i) a credit entry to the account of a Receiver with an RDFI, or, if the Receiver is also the RDFI, to such Receiver, in order to effect a payment from the Originator to the Receiver, or (ii) a debit entry to the Receiver’s transaction account or general ledger account with an RDFI, or, if the Receiver is also the RDFI, to such Receiver, in order to effect a payment from the Receiver to the Originator.”

CUNA believes that both the Third-Party Sender and the Originator should be held accountable to the NACHA Operating Rules, as is provided in the proposal. The proposal would expand the Originator authorization and agreement rules provision to require a contractual agreement between the Originator and Third-Party Sender that binds them to the NACHA Operating Rules when the Originator does not have a contractual relationship with the ODFI. By requiring a contractual agreement between the Originator and Third-Party Sender that would bind both parties to the NACHA Operating Rules, that would reduce risk to all ACH participants and increase the reliability of the ACH system. Furthermore, in the case that a Third-Party Sender has a direct relationship with an ODFI, CUNA believes that this provider should be required to enter into a contractual agreement with the ODFI that binds the third-party provider to the NACHA Operating Rules. By requiring all parties that use the ACH system to commit to the NACHA Operating Rules, including Third-Party Senders, NACHA ensures the consistent application of its rules.

CUNA favors a policy that holds ODFIs accountable through warranties, where the ODFI is the party that should be held responsible. The NACHA proposal would expand the warranties of ODFIs by requiring them to establish exposure limits for the Third-Party Sender. CUNA supports the requirement that an ODFI establish limits for the Third-Party Sender.

CUNA supports joint responsibility between the ODFI and the Third-Party Sender for other warranties that regard monitoring the Originator. Under the proposal, the ODFI and Third-Party Sender would be required to warrant that the agreement between the Originator and Third-Party Sender has not been terminated. And, that neither the Originator or Third-Party Sender has knowledge of the revocation of the Receiver’s authorization or of the termination of the arrangements between the RDFI and the Receiver concerning the entry. The Third-Party Sender is in the best position to know whether the Third-Party Sender or the Originator has knowledge of the revocation of the Receiver’s authorization or termination of the arrangement between the RDFI and the Receiver. Therefore, the Third-Party Sender and the ODFI should both be responsible for this warranty.

Similarly, the proposed ODFI warranties regarding WEB transactions (ACH transactions created over the Internet) should be shared with the Third-Party Sender as well. The proposal requires ODFIs to warrant that, in case the case of WEB entries, the Third-Party Sender has (1) utilized a commercially reasonable method to establish the identity of the Originator, (2) established procedures to monitor the credit worthiness of the Originator or any Third-Party Sender from which it receives entries, (3) established an exposure limit for the Originator or any such Third-Party Sender, (4) implemented procedures to review that exposure limit periodically, and (5) implemented procedures to monitor entries initiated by the Originator or any such Third-Party Sender relative to its exposure limit across multiple settlement dates. With regard to these warranties, however, the Third-Party Sender, not the ODFI, is in the best position to determine whether its procedures and dealings with each Originator and/or Third-Party Sender, meet the above requirements. Further, the Third-Party Senders are in a position to change or alter their procedures and practices to fulfill these obligations. Therefore, responsibility for this warranty should be shared jointly.

CUNA supports the proposed requirement that both the Originator and the Third-Party Sender guarantee payment to the ODFI for any credit entries originated by the ODFI on behalf of those parties and for any debit entries returned by the RDFI to those parties. This requirement is reasonable because the ODFI should not insure both the Originator and the Third-Party Sender.

Furthermore, CUNA supports the requirement that each Third-Party Sender that transmits entries to an ODFI must provide the ODFI with information to identify each Originator for which it transmits entries to the ODFI. This information should be included because the name of the Originator is more useful to a consumer when reading his or her statement than the name of a Third-Party Sender. The name of the Originator should always be passed to a consumer’s statement to reduce confusion and resulting inquiries to the RDFI. CUNA supports the proposed requirement to include certain minimal information about the Originator, including the Originator’s name, address, contact person, and telephone number. Other information, such as the taxpayer identification number, should be available on request.

CUNA supports the proposed requirement that a Third-Party Sender perform an annual compliance audit. This requirement will benefit the overall operation of the ACH network by ensuring that Third-Party Senders detect rule compliance problems early and take corrective action. Moreover, CUNA recommends that Third-Party Senders be subject to NACHA’s National System of Fines for rule violations. The potential for monetary fines would encourage Third-Party Senders to take corrective action promptly when rule violations occur. Prompt corrective action will help preserve the quality of the ACH and the satisfaction of all ACH participants and their consumers.

CUNA also supports other issues presented by NACHA for future consideration that are not part of this proposal. Specifically, CUNA supports strict risk controls for direct access. Direct Access to the ACH Operator occurs when an ODFI gives a Third-Party Sender or a company permission to transmit entries directly to the ACH Operator using the ODFI’s routing number. Strict risk controls for these types of transactions should minimize the problems with Direct Access. As part of that program, a Third–Party Sender should make itself available for on-site audits by the ODFI and limit the dollar amount of its transmissions. In addition, ODFIs should be required to periodically review the third party’s financial position and compliance audits, set guidelines for resolving problems with transmissions, and require special approval for transmissions that exceed a certain dollar amount. In addition, CUNA supports establishment of a process to audit Third-Party Senders. A certification program for Third-Party Senders would help Originators and ODFIs determine whether or not a Third- Party Sender has the expertise and ability to perform ACH processing functions in compliance with NACHA’s Operating Rules. Any such certification program should be administered by an independent third party to assure its integrity.

Conclusion

CUNA supports the proposal to make Third-Party Senders and Originators more accountable to the NACHA Operating Rules in those cases where ODFIs do not have contracts directly with the Originators. If you have any further questions, please contact CUNA's Senior Vice President and Associate General Counsel Mary Dunn or me at (202) 638-5777.

Sincerely,

Michelle Q. Profit
Assistant General Counsel