Risk & Compliance

Risk & Compliance Services

Have you scheduled your required annual audit and risk assessments?

Today’s regulatory requirements and escalated fraud make your payments audits and risk assessments more important than ever before. It is important to have your payments audits and risk assessments performed on an annual basis.

The PaymentsFirst Risk and Compliance team is made up of 10 skilled auditors, each holding the accreditation of Accredited ACH Professional (AAP), with some also holding the designation of Accredited Payments Risk Professional (APRP). Our auditors are well-versed in performing ACH Rules Compliance Audits and ACH Risk Assessments. In 2023, our team completed a record number of risk and compliance events, demonstrating our commitment to delivering quality services. PaymentsFirst offers a range of audit services, including ACH Audits, ACH Risk Assessments, TPSP/TPS ACH Audits, Wire Transfer Audits and Risk Assessments, RDC Audits and Risk Assessments, and RTP Audits. In 2024, we are poised to meet that number.

PaymentsFirst leverages its proprietary software, Automated Risk Tool (ART), to streamline the information consolidation process, and evaluate, and generate reports related to rules compliance audits. In 2020, PaymentsFirst enlisted Tony DaSilva, AAP, CISA, a retired Federal Reserve Bank Regulator, to review ART. Mr. DaSilva's evaluation of the ART tool is as follows:

“The reviewer completely endorses all the ART documents, including audit reports, risk assessments, and client questionnaires. The ART documents clearly meet regulatory guidelines and expectations. This endorsement is based on the reviewer’s extensive bank operations, retail and wholesale payments, information technology (IT), and regulatory professional experience. All the ART documents included in this report are extremely thorough, detailed, and comprehensive, and provide clients, regardless of size or complexity, professional products that meet or even exceed industry expectations. The reviewer highly recommends ART to financial institutions, service providers, third-party senders, regional payments associations, and IT/Payments audit firms.” Tony DaSilva, AAP, CISA.

Our certified team of experts provides consulting services tailored to help our members achieve their annual goals. These services include ACH Origination, On-Boarding Third-Party Senders, Sound Business Practices, Internal Control Reviews, Dispute Training, facilitating Risk Assessments, and navigating rule changes, among many others.

You can build a risk management package to match your needs with our Risk & Compliance services. For a proposal or to move forward with scheduling, please complete our online Compliance Services Request Form and a PaymentsFirst team member will contact you.

For more information, please call PaymentsFirst at 1-866-993-3753 or send an email to riskandcompliance@paymentsfirst.org.

ACH Annual Audit

Nacha requires all participating Depository Financial Institutions to conduct an Annual ACH Audit to be performed by December 31 of each year. Who better to conduct your institution’s annual ACH audit than your resource for electronic payment information and training? A PaymentsFirst ACH expert can conduct your annual ACH audit and examine each facet of your ACH operations. The audit includes a review of compliance with the Nacha Operating Rules, a review of online banking products using ACH, areas of compliance, and a review of procedures related to receiving Federal Government payments. PaymentsFirst is a licensed Direct Member of Nacha and our team of consultants is ACH experts.

The PaymentsFirst ACH Audit service includes:

Prior to and onsite checklists
Client questionnaire
Review of sound business practices and internal controls
Review of agreements
Exit interview
Written report including findings and/or recommendations
Audit certification form
Access to an auditor for questions

ACH Risk Assessment

Each financial institution, is required to perform a risk assessment of their ACH activities and implement a risk management program in accordance with the requirements of their regulators. Additionally, participants are further impacted by the requirement to conduct additional risk management practices prior to originating ACH entries and by the requirement to cover specific topics in all new or renewed Originator and Third-Party Sender Agreements. A financial institution must understand and identify the complexity and nature of their ACH services to effectively perform the risk assessment. A PaymentsFirst ACH expert can evaluate the complexity of services offered, discuss inherent risk, and assess the institution’s residual risk based on implemented controls. The PaymentsFirst ACH Risk Assessment is a thorough assessment of ACH activities and the institution’s overall risk management program. The written report evaluates inherent risk and provides recommendations and risk ratings of the institution’s residual risk.

The PaymentsFirst ACH Risk Assessment service includes:

Prior to and onsite checklists
Client questionnaire
Review of agreements
Exit interview
Written report including findings and/or recommendations
Risk Assessment Certification form
Access to auditor for questions

RDC Risk Assessment and Audit of Internal Controls

PaymentsFirst’s RDC Risk Assessment and Audit of Internal Controls reviews the financial institution’s compliance with FFIEC Guidance. The various methods for using RDC within the financial institution are covered including mobile RDC, branch/teller capture, and merchant capture. Allow one of PaymentsFirst’s payments experts to analyze your institution’s RDC compliance, internal controls, and risk management process.

The PaymentsFirst RDC Risk Assessment and Audit of Internal Controls service includes:

Prior to and onsite checklists
Client questionnaire
Review of sound business practices and internal controls
Review of agreements
Exit interview
Written report including findings and/or recommendations
Risk Assessment Certification form
Access to auditor for questions

Wire Transfer Risk Assessment and Audit of Internal Controls

Wire Transfers are becoming more of a focus for regulatory agencies during yearly exams. Wire transfers are attractive to business customers and consumers because they allow funds to settle same day, additionally, wire transfers are irrevocable; both attributes make wire transfers a signification risk. Let one our payments experts complete an assessment of your institution’s wire transfer program to ensure your program is following regulatory guidelines. The service includes review of compliance with FFIEC Guidance. All methods in which the financial institution receives wire requests are considered during the review.

The PaymentsFirst Wire Risk Assessment and Audit of Internal Controls service includes:

Prior to and onsite checklists
Client questionnaire
Review of sound business practices and internal controls
Review of agreements
Exit interview
Written report including findings and/or recommendations
Risk Assessment Certification form
Access to auditor for questions

Real Time Payments (RTP) Participant Audit

The Clearing House requires all RTP Participants to complete an annual audit to verify compliance with the RTP Participation and Operating Rules, as required by RTP Operating Rule IX.A.2. Who better to conduct your institution’s RTP audit than your resource for electronic payments information and training? A PaymentsFirst payments expert can conduct your RTP audit and examine each facet of your RTP operations. The audit includes a review of compliance with the RTP Participation and Operating Rules, review of online banking products using RTP, areas of compliance, and review of procedures related to processing RTP payments. PaymentsFirst is a licensed Direct Member of Nacha and our team of consultants are payments experts.

The PaymentsFirst RTP Audit service includes:

Service checklists
Client questionnaire
Review of sound business practices and internal controls
Review of agreements
Opening and Exit interviews
Written report including findings and/or recommendations
Certification of Audit Form
Access to auditor for questions

RTP Risk Assessment

The RTP Risk Assessment is designed to assist the financial institution’s board of directors and senior management by identifying potential areas that require stronger internal controls, increased focus, or pose an unmitigated risk. The scope of the assessment includes a review of the financial institution’s RTP operations, policies, procedures, processes, and established risk controls.

The PaymentsFirst RTP Risk Assessment service includes:

Prior to and onsite checklists
Client questionnaire
Exit interview
Written report including Sound Business Practice recommendations
Risk Assessment Certification form
Access to the auditor for questions

Please visit www.paymentsfirst.org or send an email to riskandcompliance@paymentsfirst.org today for a free proposal or to begin the scheduling process.

Third-Party Sender/Third-Party Service Provider Audit

The Nacha Operating Rules require Third-Party Senders and Third-Party Service Provider, who performs ACH services on behalf of a financial institution, to conduct an annual audit of its ACH operations and related processes. Allow our team of payments experts to evaluate your existing program and audit based on requirements of the Nacha Operating Rules and Guidelines. PaymentsFirst is a licensed Direct Member of Nacha and our team of consultants are ACH experts.

The PaymentsFirst Third-Party Sender and Third-Party Service Provider services include:

Prior to and onsite checklists
Client questionnaire
Review of sound business practices and internal controls
Review of agreements
Exit interview
Written report including findings and/or recommendations
Certification form
Access to auditor for questions

Third-Party Sender/Third-Party Service Provider Risk Assessment

PaymentsFirst offers Third-Party Sender and Third-Party Service Provider ACH risk assessments. It is a sound business practice for companies that perform ACH services on behalf of customers or on behalf of financial institutions to assess the risk of their ACH activities. The Nacha Operating Rules and Guidelines requires Third-Party Senders to perform a risk assessment of their ACH activities and implement a risk management program since when acting as a Third-Party Sender they assume many responsibilities of the ODFI. You should expect verification of compliance as part of your next ACH Audit and/or regulatory examination. The PaymentsFirst ACH Risk Assessment is a thorough assessment of ACH activities and your overall risk management program. The written report evaluates inherent risk and provides recommendations and risk ratings of your residual risk. PaymentsFirst is a licensed Direct Member of Nacha and our team of consultants are ACH experts.

The PaymentsFirst Third-Party Sender and Third-Party Service Provider services include:

Prior to and onsite checklists
Client questionnaire
Review of sound business practices and internal controls
Review of agreements
Exit interview
Written report including findings and/or recommendations
Certification form
Access to auditor for questions

Third-Party Sender ACH Audit

The PaymentsFirst Third-Party Sender and Third-Party Service Provider services include:

Prior to and onsite checklists
Client questionnaire
Review of sound business practices and internal controls
Review of agreements
Exit Interview
Written report including findings and/or recommendations
Certification form
Access to auditor for questions

Third-Party Sender ACH Risk Assessment

The PaymentsFirst Third-Party Sender and Third-Party Service Provider services include:

Prior to an onsite checklists
Client questionnaire
Review of sound business practices and internal controls
Review of agreements
Exit interview
Written report including findings and/or recommendations
Certification form
Access to auditor for questions

E-Banking Risk Assessment

New - E-Banking Risk Assessment

Accepting Dates in 2024

PaymentsFirst’s E-Banking Risk Assessment includes a review of the financial institution's e-banking products and services, operations, policies, procedures, processes, and established risk controls. The scope is limited to products and services offered through online banking that settle through or are initiated through the underlying payment systems. PaymentsFirst will review the products and services you offer, within the scope identified. Our focus on access channels will be limited to access using ACH, RDC, Wire transfer, and specific products/services offered through Online/Mobile Banking (P2P, A2A, Consumer Bill Pay, online account opening, mobile banking, and mobile deposit).

Ensure Your Nacha Rules Compliance Audit is Conducted by a Direct Member of Nacha

It's crucial to have your Nacha Rules Compliance Audit conducted by a Direct Member of Nacha. As the rulemaking authority and owner of the Nacha Operating Rules, Nacha is responsible for creating and overseeing these regulations. PaymentsFirst, as a Direct Member of Nacha, is deeply involved in every step of the rulemaking process, from its inception to its implementation. Our unique position grants us comprehensive insights into the entire rulemaking process.

Our team of Risk Consultants and Auditors is extensively trained in all aspects of the Nacha Operating Rules. Many of our team members have achieved prestigious certifications such as Accredited ACH Professionals (AAP) or Accredited Payments Risk Professionals (APRP), further demonstrating our commitment to excellence and compliance.

Is Your Audit Firm's Process Endorsed by a Former Federal Reserve Regulator?

PaymentsFirst has developed a specialized software tool to streamline the data collection and compilation process for your audit. To ensure our software meets the most stringent regulatory standards, we sought an independent review from a former Federal Reserve regulator. This endorsement is a testament to our dedication to quality and compliance, setting us apart in the industry.

When you choose PaymentsFirst for your audit needs, you can rest assured that your audit will adhere to the highest industry standards. Our unique approach and commitment to excellence ensure that your organization remains compliant and secure.

Tip: Schedule early to ensure availability, efficient preparation time and to avoid additional charges.

Customized Consulting

PaymentsFirst offers customized consulting on emerging payments topics. Our experts will design a program that fits your specific needs. Contact us to find out about creating a highly customized and effective program. Topics might include, new product/ service launch, conversions, policy/procedure development, payments strategy, to name a few.

Compliance Services Request Form

ACH Audit Certification Form

Risk & Compliance

Risk & Compliance Services

Customized Consulting

Get In Touch!

Additional Resources

Stay Connected!