ACH Risk Management: 2-day Workshop
By: Rayleen M. Pirnie, AAP, CEO and Founder, RP Payments Risk Consulting Services, LLC
ACH risk management has become a focus of regulators in recent years and attaining a compliant status goes well beyond adherence to the ACH Rules. Every participant in the network except consumers bear some responsibility, with Originating Depository Financial Institutions (ODFIs) and their Originators and Third-Parties bearing the brunt of the liability. The introduction of new ACH Rules, increasing fraud using the ACH Network, and a greater focus on consumer protections make risk management more difficult every day.
This course will:
Review ACH Rules related to risk management and fraud prevention
Analyze other federal regulations, guidance and laws that impact ACH risk
Increase an attendees ability to identify and manage ACH fraud
Identify ACH audit and risk management essentials
Using real life case studies, attendees will put their knowledge to the test and determine appropriate courses of action during the workshop. Attendees, in small groups using different cases, will be given one piece of the issue at a time, much like real-life risk scenarios play out since we rarely have all the facts at the time we need to start making decisions. Each new fact will challenge participants to navigate potentially devastating scenarios.
How to define areas of ACH risk, related rules, guidance and regulations.
Recognize appropriate ACH risk management techniques for given situations.
Translate new techniques into actionable practices.
Analyze case studies to determine an appropriate course of action that minimizes risk.
Assess the success of actions taken for each case study and isolate any actions that introduced new risk.
Organize a list of three (3) action items to immediately review upon returning to work.
Areas Covered in the Seminar:
New ACH Rules that represent unique / new risk
ACH Rules related to risk management and fraud prevention
Federal rules, guidance, and laws related to ACH risk management
ACH Risk Assessment essentials
ACH Audit essentials
ACH fraud identification and response techniques
Using automated solutions to maximize risk management efforts
Unique individual and group exercises that help apply new knowledge
Day 1 (8:30 AM – 4:30 PM)
8:30 – 9:00 AM: Registration
9:00 AM: Session Start Time
8:30 – 9:00 AM: Introduction, establishes course objectives, and defines ACH Risk (30 min)
Categories of risk
Unique challenges of fraud and reputational risk
9:00 – 10:45 AM: Risk Management compliance (1.5 hours with 15 min break)
In the ACH Rules
New Rules: Thresholds and limits Rules September
ODFI warranties and liabilities
Originator obligations and risk management
Office of the Comptroller of Currency (OCC) 2006-13 and 2008-12
Federal Financial Institutions Examination Council (FFIEC)
10:45 – 11:45 AM: Regulations, Guidance, and the ACH Rules (2 hours total)
11:45 – 12:45 PM: lunch
12:45 – 1:45 PM: Regulations, Guidance and the ACH Rules continued
Regulation E vs. the ACH Rules
Federal Trade Commission (FTC)
Consumer Financial Protection Bureau (CFPB)
When legal definition of actual knowledge is met
Suspicious Activity Reports
Regulation GG FFIEC
Group discussion on unique perspectives of regulatory expectations, recent exams, etc.
1:45 – 2:00 PM: Break
2:00 – 4:00 PM: Investigating and Responding to ACH Fraud (2 hours)
Tax Refund Fraud
Prepaid cards and other platforms that merge with ACH
4:00 – 4:30 PM: Individual Exercise, final Q&A, and wrap up
Each attendee isolates 3-5 key things learned today that impact what they do or how they currently evaluate risk
Day 2 (8:30 AM – 4:30 PM)
8:30 – 9:00 AM: Recap course so far and set day 2 objectives
9:00 - 11:45 AM: Risk Assessments and Audit Essentials (2.5 hours plus 15 min break)
Steps to developing the assessment
The risk assessment process
The Do’s and Don’ts
Auditing essentials – testing the assessment
Attendees will perform a mini-risk assessment using risk matrix (supplied for attendees)
Could be a group or individual exercise
11:45 – 12:45 PM: Lunch
12:45 – 1:15 PM: A few more thoughts and helpful hints
Automating risk monitoring
Tips on what to look for and how to use automated tools
How to get help with assessments and audits
Review resources list (created by facilitator for attendees)
Share education tips, techniques, and resources for originators, consumer account holders and internal staff
Assess 3 areas of improvement needed at your organization
1:15 – 4:00 PM: Workshops (plus one 15 min break)
Larger group broken down into smaller case study workgroups (4 unique studies will be available)
Participants will be given a set of facts to investigate. New facts will be presented at regular intervals challenging participants to apply their knowledge learned from the class and determine the appropriate course of action in much the same way we must do in real-life; one fact at a time.
Participants will conclude by listing unintended consequences of any actions taken, i.e. new risks presented due to the decisions made and assess their success in navigating a potentially devastating real-life scenario.
4:00 – 4:30 PM: Group share and course wrap-up