Helps mitigate and manage credit risk. An ODFI can put these is place for all their originators before they transmit ACH entries.

Occurs when a party to a transaction cannot provide the necessary fund, as contract, in order for settlement to occur

Occurs when a transaction is altered or delayed due to an unintentional error

Hardware or software failure

Risk that a payment transaction will be initiated or altered in an attempt to misdirect or misappropriate funds.

The risk that the failure of one financial institution can bring down other institutions as well

Defined as the risk of legal sanctions, material financial loss, or loss to reputation the Bank may suffer as a result of its failure to comply with laws, its own regulations, code of conduct, and standards of best/good practice.

Risk that occurs when an account holder's confidence in a financial institution is diminished.

The risk of adverse publicity, possibly resulting in litigation, loss of business from an incident, event or problem

Risk that occurs when fraudulent or illegal payment transactions move from one payments channel to another (e.g. check payments to ACH)

Risk presented when processors, sending or receiving points, or other parties performing a function of ACH processing on behalf of a participant.

Risk that occurs when an ODFI permits an Originator or Third-Party to use its routing number to send files directly to the ACH Operator.

Occurs when the rate of unauthorized returns rises above a reasonable ratio, with potential loss to the ODFI

3%

15% (excluding RCK's)

.05%

Periodic review of risks present in a payment system

The degree, amount, or volume of risk that an organization or individual will withstand.

Administrative Controls, Technical Controls, & Physical Controls to reduce existing risks to an acceptable rate

Evaluation of each risk's importance and, priority for attention, and probability for loss requiring action

A local bank suddenly closes and is unable to meet its financial obligations.

A local FI has failed to adequately cross train their staff and 2 of the 4 call in sick, leaving the others unsure of how to perform their ACH duties

Well documented policies, procedures and practices

Preventative and Detective

Entity whom controls Systemic Risk

A secondary risk occurring due to a major risk also occurring

Characterized by the FFIEC as using different controls at different points in a transaction process to that a weakness in one control is generally compensated for by the strength of a different control

Information that can be used to identify an individual. PII should be protected as sensitive data.

Risk of choosing inappropriate technology, or a lackluster policy to ensure management makes appropriate decisions

The probability that the information is false or misleading, or used for a nefarious purpose

Guidelines and arrangements for response to disruption of critical business functions, to restore and maintain operation.

Master agreement for ACH originator not binding the originator to follow the Nacha Rules

One of the steps in a good risk mitigation program

A risk mitigation step to reduce transactional risk

A risk control for transaction or fraud risk, which identifies actions in online banking that do not conform to other actions or habits seen previously by a user

A policy for compliance ensuring management establishes sound internal operating practices.

A comprehensive risk management program that addresses the organization's pure, speculative, strategic, and operational risks, established by the organizations Board of Directors and Senior Management.

Effective BSA/AML/OFAC program approved by the board with written policies, procedures and practices to prevent money laundering and terrorist financing

The amount of risk on a broad level an entity is willing to accept in pursuit of value

Includes key areas including personnel, capital investment, physical security, change mgt, strategic planning and business continuity

A method for confirming users' identities, with something a user is, something a user has or something a user is.

The process of giving permission to create a payment or deposit, either written or verbal

Internal controls, such as segregation of duties, for critical or sensitive tasks.