Risk

Question 1

Is the risk that a party to a payment transaction will be unable to provide the necessary funds for settlement of the payment

Answer 1

Credit Risk

Question 2

is the Risk of loss resulting from inadequate or failed processes or systems, or external events that support the exchange of the transaction

Answer 2

Operational Risk

Question 3

____ is the Risk that ACH data will be compromised through the introduction of false transactions, the alteration of valid transactions, or the alteration of static data that controls the routing or settlement of valid ACH transactions

Answer 3

Fraud Risk

Question 4

is the Risk that a party to a transaction fails to comply either knowingly or inadvertently with the rules, regulations and applicable US/State laws.

It’s risk that an organizations involved with a payment system will either:
1. no comply with statutory or regulatory requirements, even if the payments system otherwise operated properly.
2. bears liability for what it does or it has failed to do regarding a payment function
3. will not be able to enforce critical requirements imposed on either parties is its agreements, policies or practice

Answer 4

Compliance Risk

Question 5

is the Risk posed to the reliability and soundness of the payments system as a whole. It is the risk that the inability or unwillingness of one participant in the ACH Network to settle its commitments will cause other participants to be unable to settler their commitments.

Answer 5

Systemic Risk

Question 6

is Risks or consequences or byproducts of not managing compliance, fraud, credit, operational, systemic risks.

Answer 6

Ancillary Risk

Question 7

an ODFI must perform due diligenece in respect to each originator TPS that is sufficient for the ODFI to believe that the Originator or TPS has ____________

Answer 7

The capacity to perform its obligations with the rules

Question 8

an ODFI must asses the nature of participant’s ACH activity and risks it presents, then establish, implement and periodically review _____ _____ set for the Originator or TPS

Answer 8

Exposure Limits

Question 9

an ODFI must establish and implement procedures to monitor each originator or TPS __(1)___ and __(2)__ activity across multiple settlement dates, enforce any ___(3)___ on the types of entries that may be originated and enforce the _______(4)________

Answer 9

1. Return
2. Origination
3. Restrictions
4. Exposure Limit

Question 10

an ODFI must be familiar with any ___(1)___ and ___2____ when establishing and implementing written policies and procedures to identify and block, or otherwise prevent or prohibit, restricted transactions

Answer 10

1. Federal Laws
2. State Laws

Question 11

__(1)___ and ___(2)___ are required by the rules to conduct a __(3)___ assesment of their ACH activities, and implement __(3)___ management programs based on the results of such assesment

Answer 11

1. ODFI’s
2. Third Party Senders
3. Risk

Question 12

Risk Management Programs should be implemented based on ..

Answer 12

1. The results of a conducted Risk Assesment of ACH Activities
2. In accordancewith the requirements of their regulator(s)

Question 13

An ODFI may terminate an ACH Origination agreement within ___ days

Answer 13

10 banking days
unless a shorter period is provided to the Originator in the agreement

Question 14

The risk of transactions being returned after it has credited the account of the originator for the amount of the file, and then the account not having sufficient funds to cover the returns

Answer 14

Credit Risk on ACH Debits

Question 15

True of False:
The Credit Risk from originating ACH debits is generally for the amount of individual transactions that are returned and it is not for the amount of the entire file.

Answer 15

TRUE

Question 16

Operational Risks can be midigated by practicing/implementing:
(5)

Answer 16

1. Business Resiliency
2. Contingency Procedures
3. Information Security
4. System Operation Controls
5. ACH Payments Date, Dollar & Operations Controls

Question 17

is the integrations of crisis management, incident response, business continuity and disaster recovery into one integrated process

Answer 17

Business Resiliency

Question 18

The risk of disruption due to hardware failure can be reduced by:
(4)

Answer 18

1. having reliable equipment
2. regular equipment maintenance
3. responsive service personnel
4. Having a backup component

Question 19

Contingency Planning:
if the power is out in the ACH processing area, limited processing should be ______

Answer 19

done at a different location that is not affected by the outage

Question 20

Contingency Planning:
In case of a distaster such a flood, fire etc. ACH operations may be able to continue in limited mode and relocate to another operating site.

The following 4 pieces of information should be included regarding the setup of the alternate location:

Answer 20

1. Names & Phone numbers of the people who can setup the alternate operating site
2. How records will be transferred or transported to the new site
3. How communication links will be reestablished at the new site
4. what facilities are available for recovering work in process at the time of the disaster

Question 21

The three key components of Information Security:

Answer 21

1. Confidentiality
2. Data Integrity
3. Data Availability

Question 22

means maintaining and assuring the accuracy of completeness of data of its life cycle so that data cannot be modified in an unauthorized and undetected manner

Answer 22

Data Integrity

Question 23

means that information will not be made available or disclosed to unauthorized individuals, entities or processes

Answer 23

Confidentiality

Question 24

means that information is available when needed, while preventing denial-of-service attacks. (takeovers/floods etc)

Answer 24

Data Availability

Question 25

ACH Security Requirements consist of three elements:

Answer 25

1. Protection of sensitive data & establishing access controls
2. Periodic Self-Assesment
3. Verification of Identity of TPS and Originators

Question 26

the rules require all nonconsumer Originator, DFI’s, TPS and TPSP to establish impements and as appropriate update security procedures and systems related to the initiation, processing and storage of entries to proctect: (3)

Answer 26

1. the confidentiality and integrity of protected infromation until its destruction
2. against anticipated threats to the security of protected infromation until its desctruction
3. against unauthorized use of protected infromation that could result in harm to a natural person

Question 27

General guidelines for reducing risk that ACH data will be corrupted are (6)

Answer 27

• Secure Storage
• Limited Access
• Redundancy (data backup)
• Audit Trails
• File accountability
• File Balancing

Question 28

The four data security standards and technical controls that must be implemented by an ODFI to their environment and customers

Answer 28

1. Establish controls required by rules or regulations (e.g enforce exposure limits)
2. Perform risk assesment
3. Determine its risk tolerance
4. Deploy controls to reduce risk to an acceptable level

Question 29

Encryption vs. Tokenization

Answer 29

Encryption - process of scrambling data
Tokenization - enabled token that replaces data

Question 30

ODFI General Warranties (7)

Answer 30

1. Entries are properly authorized between originator and reciever
2. The authorization for an entry has not been revoked
3. Entries comply with the rules, including proper SEC code
4. The TPS, and originator has not been suspended
5. Entires are timely
6. Entries contain the appropiate information (properly routed)
7. Banking information is securely transmitted

Question 31

ODFI Responsibilities and Obligations (4)

Answer 31

1. ODFI has used a commercially reasonable method to verify the identity of an Originator or TPS
2. An agreement has been entered into with Originators or TPS
3. Risk compliance audit requirements are met
4. TPS, and nested-TPS are in compliance with the rules

Question 32

RDFI General Warranties (6)

Answer 32

1. Receiving and validating all entries in a timely manner
2. Posting to reciever’s accounts in a timely manner
3. Validating Pre-notes timely
4. Timely returning entries that do not pst
5. Handling remmitance data as required by the reciever
6. Make funds available to the reciever within the proper time frame

Question 33

The TPS registration rule requires all ODFI’s to either register its TPS and any nested -TPS with NACHA, or _______

Answer 33

provide NACHA a statement that it has no such customers

Question 34

If an ODFI does not reduce a return rate within 30 days or fails to maintain a rate low for 180 days, the case goes to the national system of fines as a _______

Answer 34

class 2 violation of the rules

Question 35

Percentage and Return Codes in an Adminitrative Return Rate

Answer 35

3%
R02 - Closed Account
R03 - Unable to Locate Account
R04 - Invalid Account

Question 36

a notice of posible ACH rules violation response must include:

Answer 36

1a. FI’s acknowledgement and intent to correct the problem causing the violation
1b. Written statement specifying the date by which the FI will resolve the problem

or

2. a statement and supporting documentation that the FI does not believe an infraction has occured

Question 37

In UCC Article 4A, these 4 provisions can vary based on ACH Rule or customer agreement

Answer 37

1. Provisional Payment
2. Notice to the Reciever
3. Choice of Law (state)
4. ACH operator acts as an agent of the ODFI

Question 38

In UCC Article 4A, the following four provisions cannot be varied

Answer 38

1. Delay or failure to transmit
2. Payment upon acceptance
3. Erroneous transmitals
4. Unauthorized Entry

Question 39

In reference to UCC Article 4A - what is the Delay or Failure to Transmit provision?

Answer 39

ODFI is obligated to pay interest for the period of delay in completing a funds transfer, that was previously accepted.

Question 40

In reference to UCC Article 4A - what is the Payment Upon Acceptance provision?

Answer 40

an RDFI is required to pay the Reciever on Settlement Date of the entry

Question 41

In reference to UCC Article 4A - what are the exceptions to the Payment Upon Acceptance provision?

Answer 41

the Reciever does not have an account at the RDFI
the account is closed
RDFI is not permitted by law to post credits to the recievers account

Question 42

In reference to UCC Article 4A - what is the Erroneous Transmittal provision?

Answer 42

if the ODFI transmits and errouneous entry, the Otiginator is entitled to receive a refund
or,
pay only the amount of the erroneous entry, if less that the original amount

Question 43

Governs the clearing and settlement of ACH credit and debit items by the Federal Reserve Banks, RDFI’s, and ODFIs

Answer 43

Operating Circular 4

Question 44

Operating Circular section that governs ACH items

Answer 44

Appendix D

Question 45

Establishes a comprehensive body a law for wholesale credit electronic funds transfers

Answer 45

UCC4A
(Uniform Commercial Code Article 4A)

Question 46

Varying UCC4A Provison: Provisional Credit

Article 4A states that an RDFI must pay the reciever upon acceptance of a payment, and that a payment is final and can not be revised even if the RDFI fails to obtain settlement from the ODFI

NACHA Rules State: ________

Answer 46

A payment is provisional until settlement, provided that the receiver or originator has been provided notice that the payment is provisional until the RDFI has received final payment

Question 47

Varying UCC4A Provison: Notice to Receiver

Article 4A states that an RDFI that accepts an ACH payment must provide next-day notice (before midnight of the business day following settlement)

NACHA Rules State: ________

Answer 47

RDFI is not required to provide notice to the reciever of an entry, provded the RDFI previously has given the reciever notice that it will not be providing next day notice

(RDFI and reciever may agree to entry notifications as well as periodic statements that may be provided)

Question 48

Varying UCC4A Provison: Choice of Law

UCC4A allows for a rule or agreement to specify the state whose law will apply to a transaction

NACHA Rules State: ________

Answer 48

it has adopted New York as their choice of law state, unless another state is specified in an agreement