Third Party Resource Center

Welcome to PAR/WACHA's Third Party Resource Center 


Watch this video from NACHA that illustrates the role of a Third-Party Sender!

This infographic explains the roles of Third-Party Senders, their Financial Institutions, ODFIs, RDFIs, Receivers and Originators.

Third Party Infographic

Third-Party Service Provider:

According to NACHA, a Third-Party Service Provider is an Organization that performs any functions related to the processing of Entries on behalf of the Originator, the Third-Party Sender, the ODFI, or the RDFI. This includes the creation of the Files or acting as a Sending Point or Receiving Point on behalf of a Participating DFI. If the Originator, ODFI or RDFI are processing Entries, they are not considered a Third-Party Service Provider. An Organization acting as Third-Party Sender is also a Third-Party Service Provider.

Third-Party Sender:

A Third Party Sender is a type of Third-Party Service Provider that acts as an intermediary in Transmitting Entries between an Originator and an ODFI, including through Direct Access, and acts on behalf of an Originator or another Third-Party Sender. A Third-Party Sender must have an Origination Agreement with the ODFI of the Entry. A Third-Party Sender is never the Originator for Entries it transmits on behalf of another Organization. However, a Third-Party Sender of Entries may also be an Originator of other Entries in its own right.

Third-Party Payment Processors:

Third-Party Payment Processors are bank customers that provide payment-processing services to merchants and other business entities. Traditionally, processors contracted primarily with retailers that had physical locations in order to process the retailers' transactions. These merchant transactions primarily included credit card payments but also covered automated clearing house (ACH) transactions, remotely created checks (RCC), and debit and prepaid cards transactions. With the expansion of the Internet, retail borders have been eliminated. Processors now provide services to a variety of merchant accounts, including conventional retail and Internet-based establishments, prepaid travel, telemarketers, and Internet gaming enterprises.

Third-Party Payment Processors often use their commercial bank accounts to conduct payment processing for their merchant clients. For example, the processor may deposit into its account RCCs generated on behalf of a merchant client, or process ACH transactions on behalf of a merchant client. In either case, the bank does not have a direct relationship with the merchant. The increased use of RCCs by processor customers also raises the risk of fraudulent payments being processed through the processor's bank account. The Federal Deposit Insurance Corporation (FDIC), Office of the Comptroller of the Currency (OCC), and Financial Crimes Enforcement Network (FinCEN) have issued guidance regarding the risks, including the BSA/AML risks, associated with banking third-party processors.

More on Third-Parties

NACHA on Third-Party Senders

G2 Web Services on Third-Party Payments Processors & Third-Party Senders


Latest News on Third-Parties

Effective September 2017 – Third-Party Sender Registration

NACHA has just passed a new rule that requires every Originating Depository Financial Institution (ODFI) to either register its Third-Party Sender customer(s) with NACHA, or provide NACHA with a statement that it has no such customers.



PAR/WACHA's Third-Party Services, Training, & Tools

PAR/WACHA offers services and education geared specifically toward Third Party Senders and Originators.

Visit our E-University for more on Third Party Sender and Originator training. 


Third-Party Sender ACH Audit

Third-Parties in the ACH system are currently being scrutinized because of the additional risk they pose to the ACH Network. The NACHA Operating Rules require Third-Party Senders to conduct an annual ACH audit based on the applicable sections of Appendix Eight. Since your financial institution is responsible for your Third-Party Sender(s), it is critical that you know exactly what types of transactions they are sending to you and that they are in compliance.

Maintain compliance and mitigate your risk by contracting PAR/WACHA to perform the annual ACH audit on your Third-Party Sender(s)!

Your Third-Party Sender(s) will receive the same quality service of PAR/WACHA’s full-scale audit program that is designed to uncover areas of noncompliance and risk, while offering mitigating controls and solutions.

For more information on PAR’s Compliance Services, contact us at the PAR office at (262) 345-1245, toll-free at (800) 453-1843, or email us at

Training Resources

Training Webinars & Courses

Third-Party Training Bundle

The Third-Party Training Bundle will ensure that you know and understand the requirements of being a third-party or doing business with a third-party. This series of courses will identify each type of third-party and define the actions each performs in the ACH network. The series will also look at third-party rules, audit requirements, risk management practices, and the agreement requirements.

Read More

Identifying Third-Party Relationships

In this course, you will uncover:

  • New definitions of third-parties
  • Types of agreements needed
  • Risks associated with third-parties
  • Audit Requirements

>> 1.2 AAP Continuing Education Credits

Read More

Tools & Handbooks

TPS Sample Agreement

Third-Party Sender Agreement
Newly Updated to include Same Day ACH Language!

The Third-Party Sender Agreement is designed to provide the protection your financial institution needs that no other agreement can deliver. This electronic file contains a customizable Microsoft Word document that includes the critical terms and conditions needed between your financial institution and each third-party sender.

Price: Member $95 | Non-Member $190

 Add to Cart

Corporate Account Takeover (CAT) Kit 
Includes 2 on-Demand Training Webinars

The Corporate Account Takeover (CAT) Kit will provide you with the tools needed to help your financial institution and business clients build a comprehensive defense system against cyber crime.

Price: Member $450 | Non-Member $900

Add to Cart


  Corporate Account Takeover (CAT) Incident Response Checklist - for Businesses
In the event of a corporate account takeover attempt, as your financial institution is working your incident response checklist, the compromised business should also be responding to the attempt. This Incident Response Checklist is for your financial institution to distribute to the compromised business to guide them through the steps that should be taken at the business level. The checklist is provided electronically in a Word document to allow for customization.

Price: Member $50 | Non-Member $100

 Add to Cart


Third-Party Sender ACH Audit Guide
The Third-Party Sender ACH Audit Guide is designed to assist Third-Party Senders in conducting their annual ACH audit as required by the NACHA Operating Rules. Provided electronically, to allow for distribution to all your Third-Party Senders, the guide includes audit worksheets that will take your Third-Party Senders step-by-step through the audit process.

Price: Member $199 | Non-Member $398

Add to Cart


Third-Party Senders & The ACH Network – An Implementation Guide
This publication from NACHA - The Electronic Payments Association provides a review of the variations in legal requirements and processing obligations relating to the origination of ACH entries when a Third-Party Service Provider, acting as a Third-Party Sender, is involved in the origination of transactions through the ACH Network.

Price: Member $40 | Non-Member $80

Add to Cart


2017 NACHA Operating Rules & Guidelines -

The NACHA Operating Rules & Guidelines is the definitive source for information about the exchange and settlement of transactions through the ACH Network. This hard copy of The Rules comes with access to the ACH Rules Online, the electronic version...

Price: Member $45 | Non-Member $90

Add to Cart



For a complete listing of PAR/WACHA’s Tools and Products, please see our Online Store  



Web Resources


OCC Bulletin

OCC ACH Risk Management

The OCC ACH Risk Management bulletin provides guidance for national banks and examiners on managing the risks of automated clearing house (ACH) activity. National banks may be exposed to a variety of risks when originating, receiving, or processing ACH transactions, or outsourcing these activities to a third party. The bulletin outlines the key components of an effective ACH risk management program. Each bank should use the OCC ACH Risk Management guidance to develop an ACH risk management program that reflects the nature and complexity of the bank’s activities. Read More




FDIC Financial Institution Letters

FIL-3-2012 - January 31, 2012

The FDIC Financial Letters revised guidance describes potential risks associated with relationships with third-party entities that process payments for telemarketers, online businesses, and other merchants (collectively "merchants"). These relationships can pose increased risk to institutions and require careful due diligence and monitoring. The guidance outlines certain risk mitigation principles for this type of activity. Statement of Applicability to Institutions with Total Assets under $1 Billion: The guidance applies to all FDIC-supervised financial institutions that have relationships with third-party payment processors.Read More



FIL-43-2013 - September 27, 2013

The FDIC clarifies its policy and supervisory approach related to facilitating payment processing services directly, or indirectly through a third party, for merchant customers engaged in higher-risk activities. Facilitating payment processing for merchant customers engaged in higher-risk activities can pose risks to financial institutions; however, those that properly manage these relationships and risks are neither prohibited nor discouraged from providing payment processing services to customers operating in compliance with applicable law.Read More



FIL-5-2015 - January 28, 2015 

The FDIC has issued a statement to encourage institutions to take a risk-based approach in assessing individual customer relationships rather than declining to provide banking services to entire categories of customers.Read More






FFIEC Guidances 

The FFIEC IT Examination Handbook (IT Handbook), "Retail Payment Systems Booklet" (booklet), provides guidance to examiners, financial institutions, and technology service providers (TSPs) on identifying and controlling risks associated with retail payment systems and related banking activities.Read More