Skip to Main Content
Welcome to

EPCOR’s Third-Party Sender User Page

Here you will find information and tools to assist you in the determination of your unique ACH Rules compliance obligations as well as opportunities to further your understanding through educational courses, ACH Compliance Audits, ACH Risk Assessments and consulting engagements.

Compliance Resources

Third-Party Sender ACH Compliance Audit & Risk Assessment Services

Leverage our payments experts to meet your requirements to conduct an annual ACH Audit and periodic Risk Assessment to gain actionable insight into compliance, efficiency, risk management and more.

Request a Quote

Customizable Third-Party Consulting Services

Our payments experts can help you with understanding your compliance requirements, enhancing your risk management program, increasing efficiencies and more.

Request a Quote

Third-Party Sender ACH Audit & Risk Assessment Workbooks

If you prefer to conduct your own ACH Audit and Risk Assessment, our helpful workbooks will guide you through the process, document your level of compliance and provide a report of findings.

Explore Workbooks

EPCOR Membership for Third-Party Senders

Consider becoming an EPCOR member for ongoing assistance with payments compliance covering all payments channels – not just ACH! Membership includes members-only pricing for services, access to EPCOR Industry Update webinars, a private Knowledge Community, our toll-free helpline for answers to ongoing payments questions and more!

Explore Membership

Third-Party Sender Education

Third Party Sender Roles & Responsibilities

Effective September 30, 2022, new ACH Rules address roles and responsibilities of Third-Party Senders, with special attention to nested Third-Party Senders and Third-Party Sender Risk Assessments.

ODFIs and Third-Party Senders will need to work together to:

  • Identify nested Third-Party Sender relationships
  • Ensure that Third-Party Senders (and Nested Third-Party Senders) conduct an ACH Risk Assessment
  • Update policies, processes, procedures and agreements

Quick Tips

ACH Authorizations

On September 17, 2021, Nacha implemented various ACH Rules amendments designed to improve and simplify the ACH user experience by facilitating the adoption of new technologies and channels for the authorization and initiation of ACH payments. Nacha is hopeful that these amendments will reduce barriers to use the Network, provide clarity and increase consistency around certain ACH authorization processes and reduce certain administrative burdens related to ACH authorizations.

Standing Authorization/Subsequent Entry Grid
Standing Authorization Received Via: Originator Receives Subsequent Entries Instructions Via: SEC Code of Subsequent Entry
In writing Internet or Wireless Network PPD or WEB
Telephone (orally over the phone) PPD or TEL
Internet or Wireless Network Internet or Wireless Network WEB
Telephone (orally over the phone) TEL or WEB
Orally Via a Telephone Call Internet or Wireless Network TEL or WEB
Telephone (orally over the phone) TEL

Originator Proper Response to a Notification of Change (NOC):

It is important for Third-Party Senders to understand their role in the receipt of an NOC that is provided by the ODFI. If the Originator is responsible for making the update to the Receiver's account information, the NOC needs to be provided to the Originator in a reasonable amount of time to ensure the Originator meets their responsibilities to make the appropriate change.

An Originator and/or Third-Party Sender must make the changes specified in an NOC or corrected NOC within six banking days of receipt of information from the Third-Party Sender or prior to initiating another Entry to the Receiver’s account, whichever is later.

An Originator and/or Third-Party Sender may choose to make changes specified in an NOC or corrected NOC with respect to any ARC, BOC, POP, RCK, Single-Entry TEL or WEB.

For an NOC that is in response to a Prenotification Entry, the Originator or Third-Party Sender must make the changes prior to originating a subsequent Entry to the Receiver’s account if the NOC is received by the ODFI by the opening of business on the second banking day following the Settlement Date of the Prenotification Entry.

Resources

Payments Insider logo icon

Payments Insider

Payments Insider is a quarterly e-newsletter designed to inform businesses of all sizes of recent payment systems developments.

Read Now
ACH Network logo

Upcoming ACH Rules Changes

  • Supplementing Data Security Requirements (Phase 2)
  • Micro-Entries
  • Third-Party Sender Roles and Responsibilities
Learn More
Did You Know logo

Did You Know

EPCOR’s Did You Know YouTube videos are a great way to get current payments information quickly. View the latest videos here.

Watch Now

Documents Resource

This resource will give Third-Party Senders an at-a-glance view of the following:

  • Documentation Retention Schedule
  • Document, presentment and authorization requirements
  • Ineligible source documents
Download

Return Reason Code Resource

It is essential that an Originator work with the Third-Party Sender in establishing procedures for handling ACH returns. Third-Party Senders should also be aware of the specific return reason codes in order to understand the reason the Entry has been Returned. This resource does not contain all ACH return reason codes but the codes commonly used.

Download

Synthetic Identity Fraud Mitigation Toolkit

As the threat of synthetic identity fraud continues to grow, the Federal Reserve remains committed to supporting the payments industry in its battle against this type of fraud.

Learn More

Nacha End-User Resources

Micro-Entries

Download

Reversals

Download

Expanding Same Day ACH Hours

Download

Supplementing Data Security Requirements

Download

Supplementing Fraud Detection Standards for WEB Debits

Download
available for purchase

Tools

ACH Quick Reference Cards for Corporate Users

This tool is specifically designed for corporate ACH users. This three-card series gives Originators and Third-Party Senders fingertip access to critical information for the correct handling of ACH Returns, Dishonored Returns, Standard Entry Class (SEC) codes, Transaction codes and Notifications of Change (NOC). These colorful and durable desktop reference cards provide ACH basics, including prenotifications, for Originators and Third-Party Senders along with the explanations for Return Reason codes, NOC codes, SEC codes, transaction codes and solutions for handling ACH exception entries.

Purchase Now

Nacha Operating Rules & Guidelines

The Rules include the legal framework for the ACH Network, and the basic obligations of each ACH Network participant. Additionally, the included appendices contain details on Rules enforcement, annual audit requirements, a complete table of return reason codes and formatting specifications. The Guidelines expands on the Rules, providing complete discussions of each ACH Network participant type and its role and responsibilities, detailed overviews of the Standard Entry Class Codes and use-case examples in special topic areas, such as Third-Party Service Providers.

Purchase Now

Third-Party Sender ACH Audit Workbook

Third-Party Senders that perform any functions of an ODFI are required to conduct an annual ACH Rules Compliance Audit. This user-friendly workbook has been updated to incorporate 2022 ACH Rules changes and will walk Third-Party Senders step-by-step through conducting their audit. Audit questions, sample reports and complete worksheets based on the ACH Rules are all included in this helpful tool, making it easy for Third-Party Senders to assess and document their level of compliance.

Purchase Now

Third-Party Sender Risk Assessment Workbook

This user-friendly workbook is designed to take Third-Party Senders step-by-step through the ACH risk assessment process. The workbook addresses risk criteria outlined in OCC Bulletin 2006-39, the FFIEC Retail Payments Systems' IT Examination Handbook and FFIEC Guidance to Internet Banking so that your company can identify strengths and weaknesses in your ACH risk management program. Third-Party Senders will find this tool valuable as they work to assess and mitigate ACH risk.

Purchase Now

ODFI Audit Checklists for Originators & TPS

This tool contains a series of audit checklists providing an efficient tool for Third-Party Senders to gauge their Originators'/Nested Third-Party Senders' understanding and compliance to the ACH Rules. These checklists can be completed by staff or sent to the Originator and/or Nested Third-Party Sender to complete on its own then return to the Third-Party Sender. Each Audit Checklist is a fillable PDF form for each type of ACH application. Complete or send the forms that are specific to the ACH services your organization originates.

Purchase Now

ACH Quick Reference Guide for Corporate Users

The purpose of the ACH Quick Reference Guide for Corporate Users is to help corporate Originators and Third-Party Senders to comply with the Nacha Operating Rules. It is a summary of those tasks most important to Originating ACH debits and credits. This Guide is not intended to replace the Nacha Operating Rules but to serve as a resource for corporate Originators and Third-Party Senders to understand their obligations outlined within the ACH Rules.

Purchase Now

Corporate User Bundle

Bundle the ACH Rules with BOTH Quick Reference Tools to Save an Additional 5%


Each bundle includes the ACH Rules, ACH Quick Reference Guide for Corporate Users and Corporate ACH User Quick Reference Cards. Digital Bundle includes access to ACH Rules Online Resource.

Purchase Now

FAQs

Explore our FAQs to get answers to common payment questions. Subsection(s) referenced in the FAQs can be found in the ACH Rules.

ACH Originator Authorizations

Generally, an Originator must obtain authorization from the Receiver to originate one or more entries to a Receiver’s account, except for credit entries for which the Originator and Receiver are both natural Persons. (Subsection 2.3.1)

The Originator of a credit entry to a consumer account of the Receiver may obtain the Receiver’s authorization in any manner permitted by applicable legal requirements. (Subsection 2.3.2.1) The Originator of a debit entry to a consumer account of the Receiver must obtain a written authorization that is signed or similarly authenticated by the Receiver. (Subsection 2.3.2.2)

The writing and signature requirements for consumer debit entries may be satisfied by complying with the Electronic Signatures in Global and National Commerce Act (E-sign Act). An electronic authorization must be visually displayed in a manner that enables the consumer to read the communication. (Subsection 2.3.2.3)

  • Language regarding whether the authorization is for a single entry, multiple entries or recurring entries.
  • Amount of entry/entries or a reference to the method of determining the amount.
  • Timing (including start date), number and/or frequency of entries.
  • Receiver’s name or identity.
  • Account to be debited.
  • Date of the Receiver’s authorization; and
  • Language that instructs the Receiver how to revoke the authorization directly with the Originator (including time and way Receiver communication with Originator must occur).
  • For a single-entry scheduled in advance, the right of the Receiver to revoke the authorization must afford the Originator a reasonable opportunity to act on the revocation prior to initiating the entry.

For a single-entry authorized by a Receiver, Originator must make an audio recording of the oral authorization or provide the Receiver with written notice confirming the oral authorization prior to settlement of entry and retain the original or a copy of the written notice confirming oral authorization for two (2) years from date of authorization. For a recurring entry authorized by the Receiver, Originator must comply with the requirements of Regulation E for the authorization of preauthorized transfers, including the requirement to send a copy of the authorization to the Receiver and retain for two (2) years from the termination or revocation of the oral authorization, the original or duplicate audio recording of oral authorization and evidence that a copy of the authorization was provided to the Receiver in compliance with Regulation E. For a standing oral authorization, Originator must make audio recording of oral authorization or provide Receiver with written notice confirming oral authorization prior to settlement of the first subsequent entry and retain the original or duplicate audio recording of oral authorization or the original/copy of the written notice confirming the oral authorization for two (2) years from termination or revocation of standing authorization. (Subsection 2.3.2.4)

Yes, an Originator must retain the original or a copy of each written authorization of a Receiver, or a readily and accurately reproducible record evidencing any other form of authorization. (Subsection 2.3.2.5 (a))

An Originator must retain the original or a copy of each written authorization of a Receiver, or a readily and accurately reproducible record evidencing any other form of authorization, for two (2) years from the termination or revocation of the authorization.

With respect to a standing authorization, Originator must retain original or a copy of each standing authorization for two (2) years following the termination or revocation of the authorization, as well as proof that the Receiver affirmatively initiated each payment in accordance with the terms of the standing authorization for two (2) years following the settlement date of the entry. (Subsection 2.3.2.7)

Upon the request of an ODFI (Originating Depository Financial Institution), a Third-Party Sender must provide the original, copy or other accurate record of the Receiver’s authorization, including, with regard to a standing authorization, evidence of the Receivers affirmative action to initiate a subsequent entry in accordance with the terms of the standing authorization. Third-Party Sender must provide in such time and manner as to enable the ODFI to deliver the authorization to a requesting RDFI (Receiving Depository Financial Institution) within ten (10) banking days. (Subsection 2.3.2.7 2(c))

By providing the Receiver with a conspicuous notice including the following or substantially similar language prior to the receipt of an Eligible Source Document (i.e. check):
“When you provide a check as payment, you authorize us either to use information from your check to make a one-time electronic fund transfer from your account or to process the payment as a check transaction.” Copy of notice must be provided to Receiver at the time of transaction. (Subsections 2.5.1.2 and 2.5.10.2)

By providing the Receiver with a conspicuous notice including the following or substantially similar language prior to the receipt of an Eligible Source Document (i.e. check):
“When you provide a check as payment, you authorize us either to use information from your check to make a one-time electronic fund transfer from your account or to process the payment as a check transaction. For inquiries, please call (retailer phone number.)” Copy of notice must be provided to Receiver at the time of transaction. (Subsection 2.5.2.2)

ACH Prenotifications

No, according to the ACH Rules you may originate a prenotification entry to a Receiver’s RDFI prior to the first transaction you send. (Subsection 2.6.1)

An Originator and/or Third-Party Sender that has originated a prenotification entry may initiate subsequent entries as soon as the third banking day following the settlement date of the prenotification entry, provided the ODFI has not received a return or notification of change related to the prenotification. (Subsection 2.6.2)

Notification of Change

An ODFI must provide the Third-Party Sender with the NOC information within 2 banking days of settlement date of the NOC or corrected NOC. (Subsection 2.11.1)

Yes, an Originator and/or Third-Party Sender must make the changes specified in the NOC or corrected NOC within 6 banking days of notification receipt or prior to initiating another entry, whichever is later.
An Originator and/or Third-Party Sender may choose, at its discretion, to make changes specified in any NOC or corrected NOC received with respect to any ARC, BOC, POP, RCK and Single-Entry TEL or WEB.
For an NOC received in response to a prenotification, the Originator and/or Third-Party Sender must make the changes prior to originating a subsequent entry if the NOC is received by the ODFI by the opening of business on the 2nd banking day following the settlement date of the prenotification. (Subsection 2.11.1)

ACH Returns

It is important for businesses to watch their accounts closely as the RDFI has only 2 banking days from settlement date to return CCD and CTX transactions that post to a non-consumer account. The RDFI may request a copy of the authorization for the transaction and ask the ODFI to accept a late return but the ODFI is not required to take a late return. This would only be an attempt to the recover the money. The Originator and Receiver may also deal directly with one another to resolve the issue.

This means the Receiver did not know the identity of the Originator or Third-Party Sender, had no relationship with the Originator or Third-Party Sender or did not authorize the Originator or Third-Party Sender to debit their account. For an ARC or BOC entry it means the signature on the source document (check) is not authentic, valid or authorized. For a POP entry it means the signature on the written authorization is not authentic, valid or authorized.

If a consumer Receiver completes a Written Statement of Unauthorized Debit form, the RDFI may return a consumer transaction within 60 calendar days. The Originator or Third-Party Sender must not reinitiate the entry. The Originator can settle the matter with the consumer outside of the ACH Network or gain a new authorization and send another transaction through.

This means the Receiver has a relationship and authorization for a debit with the Originator or Third-Party Sender, however; an error in the payment exists such that the entry does not conform to the terms of the authorization obtained from the Receiver. For example, the entry is for a different amount than authorized, the entry was initiated for settlement earlier than authorized, the entry is part of an incomplete transaction, the debit entry was improperly reinitiated and for an ARC, BOC or POP entry, the source document was ineligible, notice was not provided or the amount was not accurately obtained from the source document. It could also mean that a reversing entry was improperly initiated or the Receiver did not affirmatively initiate a subsequent entry in accordance with the terms of a standing authorization.

An R11 return does not require a new authorization, however; an Originator or Third-Party Sender may reinitiate an R11 return entry (other than an ARC, BOC, or POP) if the Originator or Third-Party Sender transmits a new entry that conforms to the terms of the original authorization.

ACH Origination

Utilizing the proper SEC code is paramount for several reasons:

  • Returns are based on SEC code. For example, a business originates a debit to another business for supplies they have shipped, and they use the PPD code. This transaction should be coded as a CCD. Since the PPD code was utilized, the business Receiver of the transaction now has 60 days to dispute the transaction as unauthorized versus the 2 days for a CCD transaction.
  • There are different authorization requirements depending on the SEC code. Utilizing the correct SEC code for a transaction tells the RDFI what type of authorization was obtained.
  • When your company signed an ODFI/Third-Party Sender agreement you agreed to originate certain SEC codes based on that agreement.

Reversing Entries (Section 2.9)

An Originator and/or Third-Party Sender may initiate a reversing entry to correct an erroneous entry previously initiated to a Receiver’s account. An authorization is not required for a reversal entry if all the requirements of Section 2.9 of the ACH Rules are followed.

Appropriate Reason to Send a Reversal (Subsection 2.9.1)

  • Duplicate file or entry
  • Payment in wrong amount
  • Payment destined to wrong Receiver
  • Employee received both a separation check and a direct deposit
  • Error in Effective entry date*

Must Not Use Reversal Process (Subsection 2.9.5)

  • Failed to fund entry*
    • Originator
    • Third-Party Sender
  • Outside of 5 banking days of Settlement Date of erroneous entry

For each reversing entry, the content of the following fields must remain unchanged from the original, erroneous entry to which the Reversal relates:

  • Standard Entry Class Code
  • Company Identification/Originator Identification; and
  • Amount

The description “REVERSAL” must replace the original content of the Company Entry Description field within the file format transmitted in the original batch, including content otherwise required by the ACH Rules.

*Effective 6-30-21

Not an EPCOR Member?

Join today and experience our commitment to providing reliable, timely and accurate payments and risk management education, information, support and national industry representation.

Join Now