Welcome to PAR/WACHA's Third Party Resource Center
- What is a Third-Party
- Latest News on Third-Parties
- PAR/WACHA Services, Training, & Tools
- Web Resources
Watch this video from NACHA that illustrates the role of a Third-Party Sender!
This infographic explains the roles of Third-Party Senders, their Financial Institutions, ODFIs, RDFIs, Receivers and Originators.
Third-Party Service Provider:
According to NACHA, a Third-Party Service Provider is an Organization that performs any functions related to the processing of Entries on behalf of the Originator, the Third-Party Sender, the ODFI, or the RDFI. This includes the creation of the Files or acting as a Sending Point or Receiving Point on behalf of a Participating DFI. If the Originator, ODFI or RDFI are processing Entries, they are not considered a Third-Party Service Provider. An Organization acting as Third-Party Sender is also a Third-Party Service Provider.
A Third Party Sender is a type of Third-Party Service Provider that acts as an intermediary in Transmitting Entries between an Originator and an ODFI, including through Direct Access, and acts on behalf of an Originator or another Third-Party Sender. A Third-Party Sender must have an Origination Agreement with the ODFI of the Entry. A Third-Party Sender is never the Originator for Entries it transmits on behalf of another Organization. However, a Third-Party Sender of Entries may also be an Originator of other Entries in its own right.
Third-Party Payment Processors:
Third-Party Payment Processors are bank customers that provide payment-processing services to merchants and other business entities. Traditionally, processors contracted primarily with retailers that had physical locations in order to process the retailers' transactions. These merchant transactions primarily included credit card payments but also covered automated clearing house (ACH) transactions, remotely created checks (RCC), and debit and prepaid cards transactions. With the expansion of the Internet, retail borders have been eliminated. Processors now provide services to a variety of merchant accounts, including conventional retail and Internet-based establishments, prepaid travel, telemarketers, and Internet gaming enterprises.
Third-Party Payment Processors often use their commercial bank accounts to conduct payment processing for their merchant clients. For example, the processor may deposit into its account RCCs generated on behalf of a merchant client, or process ACH transactions on behalf of a merchant client. In either case, the bank does not have a direct relationship with the merchant. The increased use of RCCs by processor customers also raises the risk of fraudulent payments being processed through the processor's bank account. The Federal Deposit Insurance Corporation (FDIC), Office of the Comptroller of the Currency (OCC), and Financial Crimes Enforcement Network (FinCEN) have issued guidance regarding the risks, including the BSA/AML risks, associated with banking third-party processors.
More on Third-Parties
Effective September 2017 – Third-Party Sender Registration
NACHA has just passed a new rule that requires every Originating Depository Financial Institution (ODFI) to either register its Third-Party Sender customer(s) with NACHA, or provide NACHA with a statement that it has no such customers.
PAR/WACHA offers services and education geared specifically toward Third Party Senders and Originators.
Third-Parties in the ACH system are currently being scrutinized because of the additional risk they pose to the ACH Network. The NACHA Operating Rules require Third-Party Senders to conduct an annual ACH audit based on the applicable sections of Appendix Eight. Since your financial institution is responsible for your Third-Party Sender(s), it is critical that you know exactly what types of transactions they are sending to you and that they are in compliance.
Maintain compliance and mitigate your risk by contracting PAR/WACHA to perform the annual ACH audit on your Third-Party Sender(s)!
Your Third-Party Sender(s) will receive the same quality service of PAR/WACHA’s full-scale audit program that is designed to uncover areas of noncompliance and risk, while offering mitigating controls and solutions.
For more information on PAR’s Compliance Services, contact us at the PAR office at (262) 345-1245, toll-free at (800) 453-1843, or email us at firstname.lastname@example.org.
The Third-Party Training Bundle will ensure that you know and understand the requirements of being a third-party or doing business with a third-party. This series of courses will identify each type of third-party and define the actions each performs in the ACH network. The series will also look at third-party rules, audit requirements, risk management practices, and the agreement requirements.
In this course, you will uncover:
- New definitions of third-parties
- Types of agreements needed
- Risks associated with third-parties
- Audit Requirements
>> 1.2 AAP Continuing Education Credits
October 10, 2016
This session will cover:
- How to identify if you have a Third-Party Sender
- Requirements of NACHA’s new registration rule
- How to ensure compliance with the audit requirement
>> 1.8 AAP Continuing Education Credits
Tools & Handbooks
Third-Party Sender Agreement
For a complete listing of PAR/WACHA’s Tools and Products, please see our Online Store
OCC ACH Risk Management
The OCC ACH Risk Management bulletin provides guidance for national banks and examiners on managing the risks of automated clearing house (ACH) activity. National banks may be exposed to a variety of risks when originating, receiving, or processing ACH transactions, or outsourcing these activities to a third party. The bulletin outlines the key components of an effective ACH risk management program. Each bank should use the OCC ACH Risk Management guidance to develop an ACH risk management program that reflects the nature and complexity of the bank’s activities.
FDIC Financial Institution Letters
FIL-3-2012 - January 31, 2012
The FDIC Financial Letters revised guidance describes potential risks associated with relationships with third-party entities that process payments for telemarketers, online businesses, and other merchants (collectively "merchants"). These relationships can pose increased risk to institutions and require careful due diligence and monitoring. The guidance outlines certain risk mitigation principles for this type of activity. Statement of Applicability to Institutions with Total Assets under $1 Billion: The guidance applies to all FDIC-supervised financial institutions that have relationships with third-party payment processors.
FIL-43-2013 - September 27, 2013
The FDIC clarifies its policy and supervisory approach related to facilitating payment processing services directly, or indirectly through a third party, for merchant customers engaged in higher-risk activities. Facilitating payment processing for merchant customers engaged in higher-risk activities can pose risks to financial institutions; however, those that properly manage these relationships and risks are neither prohibited nor discouraged from providing payment processing services to customers operating in compliance with applicable law.
FIL-5-2015 - January 28, 2015
The FDIC has issued a statement to encourage institutions to take a risk-based approach in assessing individual customer relationships rather than declining to provide banking services to entire categories of customers.
The FFIEC IT Examination Handbook (IT Handbook), "Retail Payment Systems Booklet" (booklet), provides guidance to examiners, financial institutions, and technology service providers (TSPs) on identifying and controlling risks associated with retail payment systems and related banking activities.