Why is monitoring Originator's activity important for the exposure limit review?
For our on-site audit process, auditor’s request proof of the annual exposure limit process. Many times, we see a simple list of Originator names, a dollar amount, someone’s initials and a date for proof of audit requirement Part 8.4.C - ODFI Risk Management. The simple list that worked several years ago is not sufficient anymore.
Due to changes back in 2010, the exposure limit process has expanded to include additional due diligence procedures like: assessing the nature of the Originator's ACH activities, monitoring not only the origination files but also the Originator return activity, ensuring the specific SEC codes are used and enforcing exposure limits.
So while continuing with the Know You Customer banking philosophy for your Originators is great, the ODFI should dig further into your Originator's business needs. Look at the past year's activity, analyze outgoing file volumes and frequencies, review any over-the-limit situations, returns and NOCs, and ask some questions.
Is the exposure limit relative to what is being sent?
What is happening with the Return activity?
Are there many unauthorized returns?
What about other Returns?
Some ODFIs in the EPCOR membership are reporting that some examiners are requesting to see the review of all Originator return activity and the number of times the limit was exceeded.
Has the Originator outgrown current limits?
Or, maybe their established SEC codes?
Eek, maybe it’s time to think about WEB origination?
A full review of the ACH relationship, (and maybe review of the customer's other retail services like RDC, Wire Transfer, merchant card services, and cash management needs) is recommended to keep ACH auditors and the regulators satisfied.
On another note, I recently read the FDIC' Supervisory Insight, Summer 2013. And even-though it was related to credit risk assessment of bank investments and mergers and acquisitions, the key theme to all articles was monitoring all activity for effective due diligence.
Can you see the theme; due diligence includes monitoring activity?