Federal Reserve Financial Services
Clicking here will take you to the FedFocus home page

News from the Federal Reserve Banks
Add This Page to My Quick Links

FedACH® Services

FedACH Services

The moral of the story: Set your monitoring criteria

November 2009

The Federal Reserve Banks offer an array of tools to help our FedACH customers mitigate ACH risk. Our suite of FedACH Risk® Management Services includes the FedACH Risk Origination Monitoring Service, the FedACH Risk RDFI File Alert Service and the FedACH Risk Returns Reporting Service, all of which are readily accessible via the FedLine® access solutions.

The FedACH Risk Management Services have been very well received by customers; however, not all risk management customers are reaping the benefits. Some get only 90 percent of the way to full service activation. They sign up, secure staff authorization to administer the service, but then simply do not complete the final step: entering monitoring criteria.

Once criteria are set, risk services can help save the day

Let’s look at some actual operational situations that can be monitored by the FedACH Risk Management Services once monitoring criteria are in place.

Catching duplicate batches

With debit and/or credit origination caps set for accumulated batch totals, the FedACH Risk Origination Monitoring Service can catch origination processing errors, as well as fraud attempts. On one occasion, a financial institution’s corporate customer originated a duplicate file in error. This erroneous file caused that customer’s accumulated total to breach its allowed cap, which then triggered an alert e-mail to staff at the financial institution. The FedACH Risk Origination Monitoring Service held the problematic batch in pended status until the financial institution staff could examine it. Once they determined the batch was a duplicate, staff instructed the service to simply reject it. Because the batch was not transmitted, the financial institution avoided all the extra work involved in creating offsetting entries.

Identifying entry errors

On the receiving side, an entry error on the part of an originator sent an incoming file containing a single item in the amount of $10.7 million to an individual consumer account at the receiving depository financial institution (RDFI). Because the RDFI used the FedACH Risk RDFI File Alert Service to set incoming file size thresholds, it was promptly informed that an incoming file had breached its threshold. Staff quickly researched the file and identified the error. The RDFI was able to return the item for same day credit.

These real-life examples, as first published in the article, “Two institutions, two services, two success stories”, demonstrate how fully activated FedACH Risk Management Services can help you successfully manage your ACH risk. But, there’s another side to the story.

If you do not set your monitoring criteria, the risk services have nothing against which to monitor, so they cannot perform their functions.

On the flip side: operating without set criteria

In this example, an elaborate automated clearing house (ACH) fraud scheme detailed in the August 2009 Bank Technology News (BTN) article, “On the Backs of Mules: An ACH Fraud Scheme,” (Off-site link) could turn into a hauntingly familiar story for a FedACH customer. If only monitoring criteria had been in place, the scenario would have a different ending.

The scheme, as reported in BTN, involved using fraudulently obtained credentials to initiate an ACH batch comprised of 16 separate credit entries — each for less than $9,000 to avoid detection — going to receiver accounts in at least eight different banks throughout the U.S. The receivers (“mules”) thought they had been hired to perform legitimate jobs moving monies on behalf of an international insurance firm that, allegedly tangled in regulation, was not yet fully permitted to conduct business within the U.S.

For a commission of five percent of the amount, the mules were instructed to withdraw the funds deposited to their accounts on the day of deposit, and then wire the funds to “policy holders” who turned out to be the original fraudsters.

Imagine for a minute how a similar fraud scenario could play out for a FedACH customer. Let us say that this financial institution typically does not originate more than $300,000 in credits per day. Unbeknownst to its staff, one day the institution originated a $1 million file containing a batch full of $9,000 items.

And here is where the scenario can become truly unfortunate. Let’s say this financial institution had signed up for the FedACH Risk Origination Monitoring Service, had secured the staff credentials needed to administer the service, but had not yet completed the very last activation step: entering credit origination caps into the service. Consequently, the service wasn’t monitoring its originations against any cap limits, so the fraudulent entries were not caught.

Assuming the financial institution had set a credit origination cap at the routing transit number (RTN) level equal to its typical $300,000 daily origination amount, the origination monitoring service would have promptly alerted designated staff via e-mail when the accumulated daily total first breached that $300,000 cap. And, not only would the service have notified staff, it would have pended batches containing credits of approximately $700,000, awaiting a decision from the institution to reject or release the $700,000 of additional ACH credits for the day. While the fraudulent items themselves may or may not have been contained within the pended batches, the notification of the cap breach would have provided the financial institution with an early opportunity to research anomalies and spot the fraudulent items.

While this is a hypothetical scenario, we are aware of real instances where very similar situations have happened to FedACH Risk Management Services customers who simply haven’t yet set up their monitoring criteria.

The moral of the story … be sure to set criteria

Don’t delay setting your risk monitoring criteria. As soon as your institution activates the FedACH Risk Management Services, take the final step by going into the FedLine access solution screens for the services and entering monitoring criteria. That will help ensure a happy ending for your risk mitigation story.

Resources to assist you

If you would like assistance entering origination monitoring caps or file alert thresholds, there are resources available to you. You can review the FedACH Risk Management Services Getting Started Guide for Setting Monitoring Criteria (PDF) and the FedACH Risk Origination Monitoring Handbook (PDF). The interactive FedACH Services eLearning Tool guides you step-by-step through the risk services’ FedLine access solution screens. You can also attend a complimentary FedACH Risk Management Services Last Step – Entering Monitoring Criteria Teleseminar during which our experts will walk you through data entry. If you have additional questions, contact your FedACH sales specialist.

Top of Page