Third Party Resource Center

Welcome to PAR/WACHA's Third Party Resource Center 


Watch this video from NACHA that illustrates the role of a Third-Party Sender!

This infographic explains the roles of Third-Party Senders, their Financial Institutions, ODFIs, RDFIs, Receivers and Originators.

Third Party Infographic

Third-Party Service Provider:

According to NACHA, a Third-Party Service Provider is an Organization that performs any functions related to the processing of Entries on behalf of the Originator, the Third-Party Sender, the ODFI, or the RDFI. This includes the creation of the Files or acting as a Sending Point or Receiving Point on behalf of a Participating DFI. If the Originator, ODFI or RDFI are processing Entries, they are not considered a Third-Party Service Provider. An Organization acting as Third-Party Sender is also a Third-Party Service Provider.

Third-Party Sender:

A Third Party Sender is a type of Third-Party Service Provider that acts as an intermediary in Transmitting Entries between an Originator and an ODFI, including through Direct Access, and acts on behalf of an Originator or another Third-Party Sender. A Third-Party Sender must have an Origination Agreement with the ODFI of the Entry. A Third-Party Sender is never the Originator for Entries it transmits on behalf of another Organization. However, a Third-Party Sender of Entries may also be an Originator of other Entries in its own right.

Third-Party Payment Processors:

Third-Party Payment Processors are bank customers that provide payment-processing services to merchants and other business entities. Traditionally, processors contracted primarily with retailers that had physical locations in order to process the retailers' transactions. These merchant transactions primarily included credit card payments but also covered automated clearing house (ACH) transactions, remotely created checks (RCC), and debit and prepaid cards transactions. With the expansion of the Internet, retail borders have been eliminated. Processors now provide services to a variety of merchant accounts, including conventional retail and Internet-based establishments, prepaid travel, telemarketers, and Internet gaming enterprises.

Third-Party Payment Processors often use their commercial bank accounts to conduct payment processing for their merchant clients. For example, the processor may deposit into its account RCCs generated on behalf of a merchant client, or process ACH transactions on behalf of a merchant client. In either case, the bank does not have a direct relationship with the merchant. The increased use of RCCs by processor customers also raises the risk of fraudulent payments being processed through the processor's bank account. The Federal Deposit Insurance Corporation (FDIC), Office of the Comptroller of the Currency (OCC), and Financial Crimes Enforcement Network (FinCEN) have issued guidance regarding the risks, including the BSA/AML risks, associated with banking third-party processors.

More on Third-Parties

NACHA on Third-Party Senders

G2 Web Services on Third-Party Payments Processors & Third-Party Senders


Latest News on Third-Parties

For FIs, Risk Becomes Reputation (And Vice Versa)

Date Posted: Nov. 20, 2017

Call it connected commerce of a different stripe. It’s not just buyer and seller.

For banks and processors, commerce means customers, of course, transacting across time zones, business verticals and currencies.

And there’s an intangible connection too, one that can sow dividends or destruction. We’re talking about reputation.

In the latest Topic TBD, PYMNTS’ Karen Webster spoke with Jane Hennessy, head of external alliances at of G2 Web Services about the growing need for reputation management – and it’s an endeavor that needs constant attention.

Read the full article or listen to the Topics TBD on

The Role Of Reputation In Managing Risk

Date Posted: Oct. 13, 2017

On Wall Street, you are only as good as your last trade.

In banking, you might only be as good as your latest customer’s reputation.

Sound far-fetched?

Consider Know Your Customer (KYC).

Now, let’s extend the links in the chain just a bit: Know Your Customer’s Customer.

A recent whitepaper by G2 Web Services, titled “Why Reputation Monitoring Matters for Strong KYC,” found that manual searches for consumer complaints and negative news about banking customers has its limits. Automation can make a proactive approach to risk monitoring a bit easier.

In an interview with PYMNTS, Jane Hennessy, head of External Alliances at G2 Web Services, noted that for entrenched financial services players, a captive customer base can suddenly not be so captive anymore, and reputation matters in an era of increased regulatory scrutiny.

“Financial institutions do not want to lose their franchises,” she told PYMNTS. Upstarts, marked by speed and technology, have been nibbling at traditional banking relationships with consumers. As a result, banks have become aware of their reputations, whether based on customer service or product innovation (or both) as a key point of leverage in keeping (or losing) customers.

Read the full article at

Effective September 2017 – Third-Party Sender Registration

NACHA has just passed a new rule that requires every Originating Depository Financial Institution (ODFI) to either register its Third-Party Sender customer(s) with NACHA, or provide NACHA with a statement that it has no such customers.



PAR/WACHA's Third-Party Services, Training, & Tools

PAR/WACHA offers services and education geared specifically toward Third Party Senders and Originators.

Visit our E-University for more on Third Party Sender and Originator training. 


Third-Party Sender ACH Audit

Third-Parties in the ACH system are currently being scrutinized because of the additional risk they pose to the ACH Network. The NACHA Operating Rules require Third-Party Senders to conduct an annual ACH audit based on the applicable sections of Appendix Eight. Since your financial institution is responsible for your Third-Party Sender(s), it is critical that you know exactly what types of transactions they are sending to you and that they are in compliance.

Maintain compliance and mitigate your risk by contracting PAR/WACHA to perform the annual ACH audit on your Third-Party Sender(s)!

Your Third-Party Sender(s) will receive the same quality service of PAR/WACHA’s full-scale audit program that is designed to uncover areas of noncompliance and risk, while offering mitigating controls and solutions.

For more information on PAR’s Compliance Services, contact us at the PAR office at (262) 345-1245, toll-free at (800) 453-1843, or email us at

Training Resources

Training Webinars & Courses

Third-Party Training Bundle

The Third-Party Training Bundle will ensure that you know and understand the requirements of being a third-party or doing business with a third-party. This series of courses will identify each type of third-party and define the actions each performs in the ACH network. The series will also look at third-party rules, audit requirements, risk management practices, and the agreement requirements.

Read More

Identifying Third-Party Relationships

In this course, you will uncover:

  • New definitions of third-parties
  • Types of agreements needed
  • Risks associated with third-parties
  • Audit Requirements

>> 1.2 AAP Continuing Education Credits

Read More

Tools & Handbooks

TPS Sample Agreement

Third-Party Sender Agreement
Newly Updated to include Same Day ACH Language!

The Third-Party Sender Agreement is designed to provide the protection your financial institution needs that no other agreement can deliver. This electronic file contains a customizable Microsoft Word document that includes the critical terms and conditions needed between your financial institution and each third-party sender.

Price: Member $95 | Non-Member $190

 Add to Cart

Third-Party Sender ACH Audit Guide
The Third-Party Sender ACH Audit Guide is designed to assist Third-Party Senders in conducting their annual ACH audit as required by the NACHA Operating Rules. Provided electronically, to allow for distribution to all your Third-Party Senders, the guide includes audit worksheets that will take your Third-Party Senders step-by-step through the audit process.

Price: Member $199 | Non-Member $398

Add to Cart


Third-Party Senders & The ACH Network – An Implementation Guide
This publication from NACHA - The Electronic Payments Association provides a review of the variations in legal requirements and processing obligations relating to the origination of ACH entries when a Third-Party Service Provider, acting as a Third-Party Sender, is involved in the origination of transactions through the ACH Network.

Price: Member $40 | Non-Member $80

Add to Cart



For a complete listing of PAR/WACHA’s Tools and Products, please see our Online Store  



Web Resources


OCC Bulletin

OCC ACH Risk Management

The OCC ACH Risk Management bulletin provides guidance for national banks and examiners on managing the risks of automated clearing house (ACH) activity. National banks may be exposed to a variety of risks when originating, receiving, or processing ACH transactions, or outsourcing these activities to a third party. The bulletin outlines the key components of an effective ACH risk management program. Each bank should use the OCC ACH Risk Management guidance to develop an ACH risk management program that reflects the nature and complexity of the bank’s activities. Read More




FDIC Financial Institution Letters

FIL-3-2012 - January 31, 2012

The FDIC Financial Letters revised guidance describes potential risks associated with relationships with third-party entities that process payments for telemarketers, online businesses, and other merchants (collectively "merchants"). These relationships can pose increased risk to institutions and require careful due diligence and monitoring. The guidance outlines certain risk mitigation principles for this type of activity. Statement of Applicability to Institutions with Total Assets under $1 Billion: The guidance applies to all FDIC-supervised financial institutions that have relationships with third-party payment processors.Read More



FIL-43-2013 - September 27, 2013

The FDIC clarifies its policy and supervisory approach related to facilitating payment processing services directly, or indirectly through a third party, for merchant customers engaged in higher-risk activities. Facilitating payment processing for merchant customers engaged in higher-risk activities can pose risks to financial institutions; however, those that properly manage these relationships and risks are neither prohibited nor discouraged from providing payment processing services to customers operating in compliance with applicable law.Read More



FIL-5-2015 - January 28, 2015 

The FDIC has issued a statement to encourage institutions to take a risk-based approach in assessing individual customer relationships rather than declining to provide banking services to entire categories of customers.Read More






FFIEC Guidances 

The FFIEC IT Examination Handbook (IT Handbook), "Retail Payment Systems Booklet" (booklet), provides guidance to examiners, financial institutions, and technology service providers (TSPs) on identifying and controlling risks associated with retail payment systems and related banking activities.Read More