Risk & Compliance

Nacha requires all participating Depository Financial Institutions to conduct an Annual ACH Audit to be performed by December 31 of each year. Who better to conduct your institution’s annual ACH audit than your resource for electronic payment information and training? A PaymentsFirst ACH expert can conduct your annual ACH audit and examine each facet of your ACH operations. The audit includes a review of compliance with the Nacha Operating Rules, a review of online banking products using ACH, areas of compliance, and a review of procedures related to receiving Federal Government payments. PaymentsFirst is a licensed Direct Member of Nacha and our team of consultants is ACH experts.

The PaymentsFirst ACH Audit service includes:

• Prior to and onsite checklists
• Client questionnaire
• Review of sound business practices and internal controls
• Review of agreements
• Exit interview
• Written report including findings and/or recommendations
• Audit certification form
• Access to an auditor for questions

Each financial institution, is required to perform a risk assessment of their ACH activities and implement a risk management program in accordance with the requirements of their regulators. Additionally, participants are further impacted by the requirement to conduct additional risk management practices prior to originating ACH entries and by the requirement to cover specific topics in all new or renewed Originator and Third-Party Sender Agreements. A financial institution must understand and identify the complexity and nature of their ACH services to effectively perform the risk assessment. A PaymentsFirst ACH expert can evaluate the complexity of services offered, discuss inherent risk, and assess the institution’s residual risk based on implemented controls. The PaymentsFirst ACH Risk Assessment is a thorough assessment of ACH activities and the institution’s overall risk management program. The written report evaluates inherent risk and provides recommendations and risk ratings of the institution’s residual risk. 

The PaymentsFirst ACH Risk Assessment service includes:

• Prior to and onsite checklists
• Client questionnaire
• Review of agreements
• Exit interview
• Written report including findings and/or recommendations
• Risk Assessment Certification form
• Access to auditor for questions

PaymentsFirst’s RDC Risk Assessment and Audit of Internal Controls reviews the financial institution’s compliance with FFIEC Guidance. The various methods for using RDC within the financial institution are covered including mobile RDC, branch/teller capture, and merchant capture. Allow one of PaymentsFirst’s payments experts to analyze your institution’s RDC compliance, internal controls, and risk management process.

The PaymentsFirst RDC Risk Assessment and Audit of Internal Controls service includes:

• Prior to and onsite checklists
• Client questionnaire
• Review of sound business practices and internal controls
• Review of agreements
• Exit interview
• Written report including findings and/or recommendations
• Risk Assessment Certification form
• Access to auditor for questions

Wire Transfers are becoming more of a focus for regulatory agencies during yearly exams. Wire transfers are attractive to business customers and consumers because they allow funds to settle same day, additionally, wire transfers are irrevocable; both attributes make wire transfers a signification risk. Let one our payments experts complete an assessment of your institution’s wire transfer program to ensure your program is following regulatory guidelines. The service includes review of compliance with FFIEC Guidance. All methods in which the financial institution receives wire requests are considered during the review.

The PaymentsFirst Wire Risk Assessment and Audit of Internal Controls service includes:

• Prior to and onsite checklists
• Client questionnaire
• Review of sound business practices and internal controls
• Review of agreements
• Exit interview
• Written report including findings and/or recommendations
• Risk Assessment Certification form
• Access to auditor for questions

The RTP Risk Assessment is designed to assist the financial institution’s board of directors and senior management by identifying potential areas that require stronger internal controls, increased focus, or pose an unmitigated risk. The scope of the assessment includes a review of the financial institution’s RTP operations, policies, procedures, processes, and established risk controls.

The PaymentsFirst RTP Risk Assessment service includes:

• Prior to and onsite checklists
• Client questionnaire
• Exit interview
• Written report including Sound Business Practice recommendations
• Risk Assessment Certification form
• Access to the auditor for questions

Please visit www.paymentsfirst.org or send an email to riskandcompliance@paymentsfirst.org today for a free proposal or to begin the scheduling process.

The Nacha Operating Rules require Third-Party Senders and Third-Party Service Provider, who performs ACH services on behalf of a financial institution, to conduct an annual audit of its ACH operations and related processes. Allow our team of payments experts to evaluate your existing program and audit based on requirements of the Nacha Operating Rules and Guidelines. PaymentsFirst is a licensed Direct Member of Nacha and our team of consultants are ACH experts.

The PaymentsFirst Third-Party Sender and Third-Party Service Provider services include:

• Prior to and onsite checklists
• Client questionnaire
• Review of sound business practices and internal controls
• Review of agreements
• Exit interview
• Written report including findings and/or recommendations
• Certification form
• Access to auditor for questions

PaymentsFirst offers Third-Party Sender and Third-Party Service Provider ACH risk assessments. It is a sound business practice for companies that perform ACH services on behalf of customers or on behalf of financial institutions to assess the risk of their ACH activities. The Nacha Operating Rules and Guidelines requires Third-Party Senders to perform a risk assessment of their ACH activities and implement a risk management program since when acting as a Third-Party Sender they assume many responsibilities of the ODFI. You should expect verification of compliance as part of your next ACH Audit and/or regulatory examination. The PaymentsFirst ACH Risk Assessment is a thorough assessment of ACH activities and your overall risk management program. The written report evaluates inherent risk and provides recommendations and risk ratings of your residual risk. PaymentsFirst is a licensed Direct Member of Nacha and our team of consultants are ACH experts.

The PaymentsFirst Third-Party Sender and Third-Party Service Provider services include:

• Prior to and onsite checklists
• Client questionnaire
• Review of sound business practices and internal controls
• Review of agreements
• Exit interview
• Written report including findings and/or recommendations
• Certification form
• Access to auditor for questions

The Nacha Operating Rules require Third-Party Senders and Third-Party Service Provider, who performs ACH services on behalf of a financial institution, to conduct an annual audit of its ACH operations and related processes. Allow our team of payments experts to evaluate your existing program and audit based on requirements of the Nacha Operating Rules and Guidelines. PaymentsFirst is a licensed Direct Member of Nacha and our team of consultants are ACH experts.

The PaymentsFirst Third-Party Sender and Third-Party Service Provider services include:

• Prior to and onsite checklists
• Client questionnaire
• Review of sound business practices and internal controls
• Review of agreements
• Exit Interview
• Written report including findings and/or recommendations
• Certification form
• Access to auditor for questions

PaymentsFirst offers Third-Party Sender and Third-Party Service Provider ACH risk assessments. It is a sound business practice for companies that perform ACH services on behalf of customers or on behalf of financial institutions to assess the risk of their ACH activities. The Nacha Operating Rules and Guidelines requires Third-Party Senders to perform a risk assessment of their ACH activities and implement a risk management program since when acting as a Third-Party Sender they assume many responsibilities of the ODFI. You should expect verification of compliance as part of your next ACH Audit and/or regulatory examination. The PaymentsFirst ACH Risk Assessment is a thorough assessment of ACH activities and your overall risk management program. The written report evaluates inherent risk and provides recommendations and risk ratings of your residual risk. PaymentsFirst is a licensed Direct Member of Nacha and our team of consultants are ACH experts.

The PaymentsFirst Third-Party Sender and Third-Party Service Provider services include:

• Prior to an onsite checklists
• Client questionnaire
• Review of sound business practices and internal controls
• Review of agreements
• Exit interview
• Written report including findings and/or recommendations
• Certification form
• Access to auditor for questions

New - E-Banking Risk Assessment

Accepting Dates in 2024

PaymentsFirst’s E-Banking Risk Assessment includes a review of the financial institution's e-banking products and services, operations, policies, procedures, processes, and established risk controls. The scope is limited to products and services offered through online banking that settle through or are initiated through the underlying payment systems. PaymentsFirst will review the products and services you offer, within the scope identified. Our focus on access channels will be limited to access using ACH, RDC, Wire transfer, and specific products/services offered through Online/Mobile Banking (P2P, A2A, Consumer Bill Pay, online account opening, mobile banking, and mobile deposit).