The Difference Between Policy And Procedure
Total Page:16
File Type:pdf, Size:1020Kb
Exhibit 26.1 Sample ACH Policy
Applicable Rules/Regulations: Operating Rules of the National Automated Clearinghouse Association Regulation E, 12 CFR 205 Federal Payments Through Financial Institutions by the Automated Clearinghouse, 31 CFR 210 Regulations Governing Payments by the ACH Method on Accounts of United States Securities, 31 CFR 370 Uniform Commercial Code, Articles 3, 4, and 4A Regulation CC, 12 CFR 229 Regulation D, 12 CFR 204 Area of Responsibility: Operations Last Board Review: February 20XX
Sample ACH Policy
POLICY STATEMENT
XYZ Federal Credit Union acts as both a receiving depository financial institution (RDFI) and an originating depository financial institution (ODFI) for electronic payments made through the automated clearinghouse (ACH) Network. ACH transactions consist of both credit transfers (distribution of funds) and debit transfers (collection of funds).
All ACH transactions originated or received at the credit union will be administered in strict compliance with applicable federal and state statutes and regulations, the NACHA operating rules, and the rules of the local ACH association, to which XYZ CU will maintain membership.
The current NACHA operating rules are to be incorporated into and made a part of this policy.
GOALS AND OBJECTIVES
As an originating depository financial institution, it is the intent of the board of directors to reduce costs through increased automated processing, to create new opportunities for increasing membership by providing expanded services, and to provide effective, efficient, and innovative payment services.
12/10 26-1 12/10 NAFCU’s Policies and Procedures for Credit Unions
As a receiving depository financial institution, it is our goal to reduce the costs of item processing by eliminating much of the manual handling of individual items and to improve services by providing innovative and efficient services to the membership.
INTERNAL CONTROLS
The chief operating officer will assume responsibility for establishing sound internal controls to ensure that ACH entries are handled efficiently. These controls will identify who is responsible for ACH functions, including those outside the operations department, such as:
The marketing function
Customer service personnel
Data processing personnel
The ACH contact person
Internal controls will provide clear definition of responsibilities and effective communication to be maintained among participants in the ACH process.
COMPLIANCE
To remain in compliance with the rules and regulations governing ACH activities, the chief operating officer will ensure that:
All available resources, such as rules, regulations, and guidelines, are kept current, and the ACH staff will be informed of rule changes and the effect these changes will have on operational procedures.
A contact list of critical staff is developed and maintained, including home addresses and telephone numbers of all ACH staff and ACH support personnel.
ACH software is current, and the latest upgrades have been installed and tested.
Current call-back and verification techniques are reviewed on a periodic basis to ensure that security measures are adequate.
A periodic audit of control procedures is performed at least every three years.
The supervisory committee is consulted to assist in the establishment of proper control procedures.
Each originator executes a binding legal agreement in accordance with the NACHA operating rules, and that these agreements are kept on file.
Procedures have been established to evaluate the credit risk of each originator.
26-2 Electronic Payments Through the Automated Clearing House (ACH) System 12/10
Priorities and processing schedules are in place for each originator, establishing time lines for the initiation of entries.
ACH staff is educated about the risks involved in participation in the ACH network.
Written policies are developed that are designed to manage payment system risks and implement procedures and controls to manage these risks.
TRAINING
All credit union staff members whose duties include any ACH-related tasks will be thoroughly trained to become sufficiently competent in the performance of these tasks. The board of directors and senior management of the credit union encourage selected staff members to attend training seminars and work- shops conducted by the local ACH association, and upon approval of the chief operating officer, and within budget limitations, the credit union will reimburse the cost of the training. Additionally, the credit union encourages selected staff members to prepare for and complete the accredited ACH professional (AAP) certification examination.
REPORTING REQUIREMENTS
With the rapid growth in technology and improvements in delivery systems, the NACHA operating rules are revised frequently and existing rules are changed and updated. The ACH rules, which contain the NACHA operating rules, are reprinted and distributed annually. In the annual operations report to the board, the chief operating officer (COO) will discuss any changes made in ACH requirements since the previous annual report and the impact these changes may have now or later on the credit union. Additionally, the COO will report to the board on a timely basis any events that have occurred in the interim that may have an impact on the credit union. The report will include but not be limited to security problems, compliance issues, and staffing concerns.
RECORDS RETENTION
Records of all entries, including return and adjustment entries, transmitted from or to an ACH operator are to be retained for six years from the date the entry was transmitted. This stipulation is specified in Article One, Section 1.5 of the NACHA operating rules.
The originator of an ACH transaction must keep on file a receiver’s authorization for two years after the authorization has been terminated. This may be retained in original form or on microfilm.
ACH operators are required to retain a record of all entries, return entries, and adjustment entries received or transmitted for one year from the date of the receipt or transmittal of the entry.
26-3