Two new rules regarding third-party senders (TPS) come into effect on September 30, 2022. These aim to clarify TPS roles, accountabilities, and risk assessment requirements (including nested third-party sender—NTPS— relationships) in the ACH network.
The new regulations classify NTPS as a TPS that has an agreement with another third-party sender, and not with the ODFI. NACHA’s new regulations clearly define the agreements and obligations of all parties involved in NTPS relationships and update existing registration compliance.
Rules also require an ODFI origination agreement with a TPS to address whether they can have nested third-party senders. If so, an additional origination agreement between the TPS and NTPS is required. ODFIs must now identify all third-party senders that allow NTPS relationships and provide NACHA with the required documentation. Registration time frames apply.
The second part of the new regulations requires third-party senders, whether nested or not, to complete a risk assessment of ACH activities and implement risk management protocols accordingly. New 2022 measures also indicate that a TPS cannot rely on an ACH rules Compliance Audit or a risk assessment completed by another TPS. It must administer its own.