Loading ...
Sorry, an error occurred while loading the content.
 

OCC Guidance on Internet- Initiated ACH Transfers

Expand Messages
  • jbaker@stradley.com
    The Office of the Comptroller of the Currency this week issued an advisory letter on Automated Clearing House (ACH) risks, focusing on new requirements for ACH
    Message 1 of 1 , Feb 3, 2001
      The Office of the Comptroller of the Currency this week issued an
      advisory letter on Automated Clearing House (ACH) risks, focusing on
      new requirements for ACH transfers originated through the Internet.
      OCC Advisory Letter 2001-3 (Jan. 29, 2001). The advisory describes a
      recently approved amendment to the operating rules of the National
      Automated Clearing House Association (NACHA) that is designed to
      enhance security for ACH debits initiated through the Internet.
      Under the amendment, originators of debit entries initiated pursuant
      to an authorization obtained through the Internet to effect a
      transfer of funds from a consumer account (e.g., merchant customers
      of national banks) are required to

      - Employ commercially reasonable fraudulent-transaction detection
      systems to screen the entries in order to minimize the risk of fraud
      related to Internet-initiated payments.

      - Use commercially reasonable procedures to verify that routing
      numbers are valid.

      - Establish a secure Internet session with each receiver prior to the
      key entry by the receiver of any banking information. Originators
      are required to use a commercially reasonable security technology
      providing a level of security that, at a minimum, is equivalent to
      128-bit encryption technology.

      - Conduct an annual audit to ensure that the financial information
      obtained from receivers is protected by security practices and
      procedures that include, at a minimum, adequate levels of (1)
      physical security to protect against theft, tampering, or damage; (2)
      personnel and access controls to protect against unauthorized access
      and use; and (3) network security to ensure capture, storage, and
      distribution of financial information. The first audit must be
      completed by December 31, 2001.

      In addition, the originating bank must warrant that it has
      established procedures to monitor the originator's creditworthiness,
      established an exposure limit for the originator, and implemented
      procedures to monitor entries originated by the originator. Advisory
      Letter 2001-3 is available in text or Word format from

      http://www.occ.treas.gov/new.htm


      John M. Baker <JBaker@...>
      Stradley, Ronon, Stevens & Young, LLP
      1220 19th Street, N.W., Suite 700, Washington, DC 20036
      (202) 822-9611 Fax (202) 822-0140
      Http://www.stradley.com/bios/bakerj.htm
      FundLaw Listowner Http://www.egroups.com/group/fundlaw
    Your message has been successfully submitted and would be delivered to recipients shortly.