CUNA Comment Letter

Network Enforcement Rule Proposal

April 23, 2007

Maribel Bondoc,
Manager Network Rules
NACHA – The Electronic Payments Association
13665 Dulles Technology Drive
Suite 300
Herndon, Virginia 20171

Dear Ms. Bondoc,

The Credit Union National Association (CUNA) is pleased to respond to the National Automated Clearing House Association’s (NACHA) Network Enforcement Proposal. By way of background, CUNA is the largest credit union trade association, representing approximately 90% of our nation’s nearly 8,700 state and federal credit unions, which serve nearly 87 million members.

Summary of CUNA’s Position:

Discussion of CUNA’s Views

We support NACHA’s proposal to expand its enforcement procedures within the NACHA Operating Rules. This is the first initiative of NACHA’s overall comprehensive risk management strategy, which addresses risk throughout the life-cycle of ACH payments. We applaud NACHA’s initiative to target the highest risk users as a prudent measure to reduce the number of unauthorized transactions. Currently, NACHA cannot compel Originating Depository Financial Institutions (ODFIs) to stop originating ACH transactions for the highest risk users, such as customers with excessive returns. Expanding the enforcement procedures will help achieve NACHA’s goals of ensuring high-quality ACH transactions and reducing risk while not burdening all ACH participants.

NACHA proposes to add a new provision that would require ODFIs to provide detailed reporting information within ten banking days when NACHA believes the unauthorized return rate of an Originator/Third Party Sender (such as a merchant processor) exceeds a defined threshold. We support the reporting requirement as it will encourage ODFIs to be more diligent in monitoring the unauthorized return rates, which should lead to a decreased number of unauthorized ACH transactions. Additionally, most of the information that would be reported is consistent with the USA Patriot Act’s Anti-Money Laundering “Know Your Customer” requirements for financial institutions and therefore should not prove too burdensome to track.

We believe, however, that an ODFI receiving a request from NACHA should be given fifteen banking days to provide information with a provision that the deadline could be extended if there are extraordinary circumstances. Fifteen banking days is a more reasonable time frame and would be consistent with the existing time-frame currently provided in the NACHA rules to respond to a Notice of Possible ACH Rules Violation. Additionally, there are situations, such as natural disasters, catastrophic events or terrorist acts, that justify giving an ODFI additional time to provide information.

If an ODFI confirms a return rate in excess of the defined threshold, the ODFI would be required to provide a detailed plan within ten banking days for reducing the Originator’s/Third-Party Sender’s unauthorized return rate and would have thirty days to reduce the excessive return rate. We are concerned that ten days does not give an ODFI enough time to prepare a thorough and detailed plan and encourage NACHA to extend the time-frame to fifteen banking days.

We also believe that it would not be feasible to reduce a return rate to within thirty days. An ODFI would need time to implement its plan and provide empirical evidence of the reduced return rate. Under the NACHA Operating Rules, Receivers have sixty days to assert that a particular transaction is unauthorized. Once an ODFI implements its plan, it would need at least sixty days to learn which transactions are unauthorized. In addition to the sixty days, we believe the ODFI would need an additional thirty days to show evidence of a decrease. Therefore, we recommend that NACHA require an ODFI to reduce its return rate to within ninety days.

NACHA is proposing that the Board define the thresholds that would trigger the ODFI reporting and enforcement procedures. An initial monthly return rate for unauthorized entries exceeding 1% or forward presentment or returns for unauthorized entries exceeding 500 per month per Originator/Third Party Sender has been recommended. The Board would review the thresholds on an annual basis and revise those thresholds as appropriate. We believe that the reporting and enforcement procedures triggered when an ODFI exceeds a defined threshold are onerous and could be costly and should not be determined at the discretion of the NACHA Board. The thresholds will have a great impact on ODFIs and should be established through the rules process with the benefit of public comment.

Furthermore, we believe that setting a threshold amount of 500 unauthorized entries per month would unfairly target ODFIs with the largest volumes of ACH transactions. Certain ODFIs may generate an ACH transaction amount high enough to have 500 unauthorized entries in a given month, but not reach a return rate that is disproportionate to its volume. Therefore, we recommend a threshold be set of 500 entries returned as unauthorized per month or unauthorized entries returned in excess of 1% of total monthly return volume, whichever is greater. This will more accurately target the participants with a disproportionate number of unauthorized returns.

This proposal includes stricter rules enforcement proceedings through higher fines and suspension. It would clearly define three specific categories of violations and related fines including recurrences of previous violations, willful disregard of the rules and violations that are deemed to have caused significant harm to the network. We support stricter enforcement proceedings on high-risk uses and users of the ACH Network with a disproportionate rate of unauthorized returns volumes. However, the proposal imposing stricter rules enforcement proceedings would apply to all rules violations and would not be limited to those exceeding the specified return rate threshold. We encourage NACHA to limit stricter rules enforcement proceedings to those rules violations relating to excessive return rates.

CUNA does not support an increase in the fine amount to $100,000 for a willful disregard of the rules or fine amounts of up to $500,000 and $25 per unauthorized return for “significant harm” to the National System of Fines. We believe these extraordinary measures are not necessary at this time and encourage NACHA to limit changes in fines and penalties based on their recurrence. We believe these fine increases as well as the proposed changes in ODFI reporting requirements, NACHA’s authority to initiate enforcement proceedings against high-risk ODFIs, and the possibility of the suspension of Originators/Third-Party Senders are sufficient to deter ACH participants from initiating unauthorized entries into the ACH Network.

Although we believe the increase in fine amounts will encourage compliance, we believe ODFIs should be given an opportunity to correct the problem that caused the rules violation before assessing a fine. This would be consistent with NACHA’s Operating Rules for Notice of Possible ACH Rules Violations. Additionally, there may be situations where an ODFI exceeds the defined threshold because of an unforeseen problem such as a systems error or catastrophic event. Under these conditions, a violation could not be avoided and assessing a fee would not decrease the number of unauthorized transactions.

Once an Originator or Third Party Sender has been suspended in situations where other fines and penalties have failed to resolve an issue, we believe it is critical that all ODFIs be precluded from originating on the suspended entity’s behalf and fully support this provision. We are concerned that the method by which information is conveyed to the industry about the suspended party is adequate. We believe there are several issues that must be addressed before implementing a method to transmit information such as which communication media are most appropriate; how much time would ODFIs have to cease originating on behalf of the suspended party; how much information about the suspended party should be shared; and what minimum requirements are needed to access the database. We urge NACHA to issue a Request for Comment to address these issues.

We believe that an implementation date of September 21, 2007 does not provide sufficient time to resolve the outstanding issues and implement the changes to the rules. We urge NACHA to provide more time for implementation, preferably until June 2008. If that is not feasible and NACHA determines an earlier implementation date is required, we urge NACHA to set compliance for no earlier than December 2007.

Conclusion

CUNA supports NACHA’s proposal to expand the enforcement procedures and applauds NACHA’s initiative to target the highest risk users. We are concerned, however, that certain provisions of the proposal will have unintended consequences for ACH participants and urge NACHA to limit the provisions of the proposal to those participants causing disproportionate volumes of unauthorized returns. If you have any questions, please contact CUNA Senior Vice President and Deputy General Counsel Mary Dunn at (202) 508-6736 or me at (202) 638-5777.

Sincerely,

Lilly Thomas
Assistant General Counsel
Credit Union National Association