OCC Guidance on Internet- Initiated ACH Transfers
- The Office of the Comptroller of the Currency this week issued an
advisory letter on Automated Clearing House (ACH) risks, focusing on
new requirements for ACH transfers originated through the Internet.
OCC Advisory Letter 2001-3 (Jan. 29, 2001). The advisory describes a
recently approved amendment to the operating rules of the National
Automated Clearing House Association (NACHA) that is designed to
enhance security for ACH debits initiated through the Internet.
Under the amendment, originators of debit entries initiated pursuant
to an authorization obtained through the Internet to effect a
transfer of funds from a consumer account (e.g., merchant customers
of national banks) are required to
- Employ commercially reasonable fraudulent-transaction detection
systems to screen the entries in order to minimize the risk of fraud
related to Internet-initiated payments.
- Use commercially reasonable procedures to verify that routing
numbers are valid.
- Establish a secure Internet session with each receiver prior to the
key entry by the receiver of any banking information. Originators
are required to use a commercially reasonable security technology
providing a level of security that, at a minimum, is equivalent to
128-bit encryption technology.
- Conduct an annual audit to ensure that the financial information
obtained from receivers is protected by security practices and
procedures that include, at a minimum, adequate levels of (1)
physical security to protect against theft, tampering, or damage; (2)
personnel and access controls to protect against unauthorized access
and use; and (3) network security to ensure capture, storage, and
distribution of financial information. The first audit must be
completed by December 31, 2001.
In addition, the originating bank must warrant that it has
established procedures to monitor the originator's creditworthiness,
established an exposure limit for the originator, and implemented
procedures to monitor entries originated by the originator. Advisory
Letter 2001-3 is available in text or Word format from
John M. Baker <JBaker@...>
Stradley, Ronon, Stevens & Young, LLP
1220 19th Street, N.W., Suite 700, Washington, DC 20036
(202) 822-9611 Fax (202) 822-0140
FundLaw Listowner Http://www.egroups.com/group/fundlaw