Andrew Bigart, Evan Minsberg

ACH Transactions and Third-Party Senders

In part I of this series, we discussed the impact of the beneficial ownership rule on banks and their payment facilitator relationships. In this installment we discuss how the beneficial ownership rules apply to a bank acting as an originating depository financial institution for Automated Clearing House (ACH) transactions and its relationships with Originators, Third-Party Service Providers, and Third-Party Senders.

A lot has been written about the new Financial Crimes Enforcement Network (FINCEN) rule requiring banks to obtain beneficial ownership information from their legal entity customers, but little of this discussion has focused on how the rule may apply to the various entities that participate in the ACH network.

Under FinCEN’s new rules, starting in May 2018, banks are required to obtain from their legal entity customers the identity of (1) beneficial owners of 25% or more and (2) a single individual with significant control over the entity, taken together to mean “beneficial owners.”

Legal entity customers include corporations, limited liability companies, and partnerships that maintain an “account” with a bank. For FinCEN purposes, an “account” means “a formal banking relationship established to provide or engage in services, dealings, or other financial transactions.” An “account” does not include “a product or service where a formal banking relationship is not established with a person, such as check-cashing, wire transfer, or sale of a check or money order.”

The ACH Network is an electronic network comprised of participating banks and governed by the National Automated Clearing House Association (NACHA). The ACH Network is used to batch process large volumes of credit and debit transactions, including consumer purchases, direct deposit, payroll, and commercial payments.

The Originator in an ACH transaction is the company or individual that initiates the transaction, as either a debit or a credit entry. The Originating Depository Financial Institution (ODFI) is the bank that submits the Originator’s payment instruction in the ACH network to effect the transaction. The Receiver is the company or individual that authorizes the Originator to initiate the ACH transaction and to debit funds from, or credit funds to, the Receiver’s account. The Receiving Depository Financial Institution (RDFI) is the bank that receives the payment instruction and credits or debits funds from the Receiver’s account at the RDFI.

To submit ACH entries directly as an Originator, a merchant or other business must enter into an Origination Agreement with an ODFI. In this situation, the ODFI has a formal banking relationship with the merchant and must obtain beneficial ownership information. Similarly, some companies may engage a Third-Party Service Provider (TPSP) to perform functions related to processing ACH transactions on its behalf.

For example, an Originator may use a TPSP for ACH file creation and transmission to the ODFI. Even where a company outsources some functions to a TPSP, if the company maintains the Origination Agreement with the ODFI, the company is the Originator and a legal entity customer that must submit beneficial ownership information to the ODFI.

Some TPSPs, called “Third Party Senders” or TPSs, maintain their own Origination Agreements with ODFIs for the purpose of submitting ACH transactions on behalf of their customers. The ODFI maintains a relationship with the TPS to provide financial services, and, therefore, the ODFI must obtain beneficial ownership information from any TPS that is a legal entity customer. Under this arrangement, however, the ODFI does not maintain a direct contractual relationship with any of the companies on whose behalf the TPS submits ACH transactions. Whether the TPS or each of its customers should be considered the Originator in a transaction and whether any of the TPS’ customers should also be considered the ODFI’s legal entity customers are complicated issues.

According to NACHA guidance, whether the TPS or its customer is the Originator depends on the underlying transaction and the obligations between the parties to the transaction. For example, an employer may contract to outsource its payroll functions to a TPS providing payroll processor services (a payroll processor). Generally, a payroll processor will (1) initiate an ACH debit to the employer’s account for the aggregate payroll amount (the funding transaction) and (2) initiate ACH credits from its own account to the accounts of each employee (the disbursal transaction).

In the funding transaction, the movement of funds from the employer’s account to the payroll processor’s account is a transaction between the employer and the payroll processor – the payroll processor is the Originator and the employer is the Receiver.

However, in the disbursal transaction, the payroll processor is sending funds to satisfy the employer’s obligation to pay its employees. Each employee is a Receiver, and, according to NACHA, “the employer, which has instructed the payroll processor, is the Originator of the ACH credit to the same extent as if the employer had initiated the ACH credit directly itself.”

According to the NACHA Operating Rules, an ODFI is required to use commercially reasonable methods to verify the identity of all Originators for which it submits entries. Thus, although the ODFI has no formal relationship with the employer-Originator, NACHA’s guidance instructs an ODFI to treat the employer as if it had entered into a formal Origination Agreement directly with the employer. If the ODFI is required to treat each TPS customer as if it maintained Origination Agreements with the ODFI, then arguably, each company is a legal entity customer of the ODFI and must provide beneficial ownership information to the ODFI.

This approach is consistent with existing bank regulatory guidance. The FFIEC instructs banks to require their third-party payment processors, including ACH processors, to identify their major customers “by providing information such as the merchant’s name, principal business activity, geographic location, and transaction volume.” Similarly, the OCC and FDIC have public guidance stating that banks should require TPS customers to provide information on their Originator customers, including name, principal business activity, and geographic location, and to verify that the Originator is operating a legitimate business.

Thus, according to the NACHA Operating Rules, the FFIEC, and guidance from individual regulators, banks are essentially required to apply their standard Know Your Customer (KYC) requirements to the customers of their TPS customers. And, starting in May 2018, every bank’s standard KYC process for legal entity customers must include obtaining beneficial ownership information. Therefore, starting on or before the effective date of the beneficial ownership rules, TPSs should expect their ODFIs to require them to obtain beneficial ownership on customers/Originators as if they were direct legal entity customers of the bank.

* * * * * * * * * *

The new beneficial ownership rules are right around the corner. If your bank has not assessed how to flow these requirements down to its third-party senders, now is the time to do it. And if you are a third-party sender that has never had to collect this type of information, it may be prudent to get a jump on your competition by designing a new intake program that ensures compliance while minimizing customer friction.

Andrew Bigart and Evan Minsberg are attorneys with the law firm Venable LLP.