As a team, we often hear this question from financial institution personnel: “We are considering onboarding a client but are unsure if they are a Third-Party Service Provider (TPSP), a Third-Party Sender (TPS) or an Originator. How can we be sure?”
Determining a corporate client’s role in the ACH Network is not always easy. As relationships between parties become more complicated and companies come up with more ways to collect and distribute funds via the ACH Network, it is crucial that financial institutions know what to look for and what questions to ask to properly label a potential client who is seeking ACH banking services.
The condensed definitions of the participants are as follows:
- Originator – an organization that has authorized an ODFI to transmit an ACH entry to a Receiver’s account on the Originator’s behalf.
- Third-Party Service Provider – an organization that performs any functions on behalf of an Originator, TPS, ODFI or RDFI related to the processing of entries.
- Third-Party Sender – a type of TPSP that acts as an intermediary on behalf of an Originator in transmitting entries between the Originator and the ODFI.
As the ODFI, it is your responsibility to perform the appropriate level of due diligence to identify the entity for which you intend to provide ACH services. This is necessary to understand the details of their ACH activity, the specific risks of their participation in the ACH Network, to determine the entity’s ability to comply with the ACH Rules and to execute proper agreement with the entity.
Before you can execute any agreement, you must properly identify your client. The best way to make this identification is to start with a thorough application. It’s crucial to collect as much information as possible, and then review and evaluate the information. If the information provided is confusing in any way, assumptions should not be made. In addition to a review of the client application, additional information can be obtained from other sources. One primary source that often can be quite detailed is the organization’s website. It’s highly recommended to view the company’s website and especially watch any embedded videos that may be there. In the case of TPSPs, they often include videos on their websites that exhibit payment processes, funds flow and other information that can aid in your determination. It also suggested that you inquire about any process or funds flow charts the organization may have. These would most likely be internal (non-public) documents. Still, if available, they can highlight key information to make the appropriate determination of the organization’s participant role(s) by identifying all the parties involved. Another item to request is the organization’s client agreement template. This is another source of information that can pinpoint exactly what service the organization is offering to its clients, how ACH transactions are used in those services, what type (if any) of authorization is being obtained and how and may help identify the involvement of other parties (who may be TPSPs or Nested TPSs).
One of the primary objectives for you is to identify which parties are linked contractually. If the organization to whom you are providing ACH services is the party directly benefiting from, or liable to, the Receivers, then that organization is the Originator. The Originator is obtaining an authorization from the Receiver to either debit or credit their account via ACH. Therefore, you as the ODFI should execute an ACH Origination Agreement with the organization in accordance with Subsection 2.2.2.1 of the ACH Rules.
Alternatively, if it is determined that the organization whom you are onboarding is acting on behalf of the party who is directly benefiting from, or liable to, the Receivers, then you must consider that the organization is probably not the Originator. Rather, that organization is a TPSP, and possibly a TPS. This will require a different agreement from the Origination Agreement mentioned previously, and some additional investigation to make the proper determination.
How to Decide between a TPSP and a TPS
This question boils down to whether you as the ODFI have a direct, contractual relationship with the Originator. A direct, contractual relationship between the ODFI and the Originator could be a bank account deposit agreement, a loan, a letter of credit, a CD or even a safe deposit agreement. It is the establishment of a direct association between the parties. If there is no such relationship, then the organization being onboarded is a TPS. As such, the ODFI’s agreement with that TPS must comply with the provisions of Subsection 2.2.2.2 of the ACH Rules. This subsection differs from Subsection 2.2.2.1 in that the ODFI is imparting certain ODFI duties to the TPS and the contract should specifically define what those duties are. Additionally, this is how the Third-Party Sender is bound to the ACH Rules.
Another thing to consider is that, as the ODFI, you may have a direct, contractual relationship with some (but not all) of the TPS’s clients. If that’s the case, the organization will serve dual participant roles; one as a TPSP and the other as a TPS. This highlights the importance of obtaining a client list from the organization and is one of several reasons why the ODFI should be aware of all clients of third parties with whom the ODFI engages.
To make all this more complicated, which party ultimately benefits from the transactions, or has the ultimate liability in the transactions is not always obvious. And, in certain scenarios, the party benefiting, or liable, can be up for debate. An important point to make here is to not assume that the organization, your client, has a level of ACH knowledge that is equal to yours and don’t let the organization make the ultimate determination. As the ODFI, you carry all the risks and provide all the warranties related to the ACH entries being transmitted through your financial institution. The determination is yours and that determination should be thoroughly researched, documented and presented to the appropriate committee for approval. This is especially important if the financial institution has policy restrictions related to TPSs. Also, if the organization already has banking relationships, do not rely on the assessment of another financial institution. It would be inappropriate to automatically adopt the conclusions made by another financial institution without performing your own due diligence. Any assessment made by other financial institutions does not represent the relationship you will have with the organization nor does it guarantee those previously made determinations were accurate. You must make your own determination based on your understanding of the information presented and the various contractual relationships involved.
Where To Go From Here
Hopefully, this provides some clarification into distinguishing between an Originator, a TPSP and a TPS. Keep in mind these relationships aren’t stagnant and circumstances can change with even long-tenured clients of your financial institution. The ACH Rules require ongoing Originator/TPS due diligence, and it’s not difficult to see why. In today’s competitive environment, parties are constantly looking for new opportunities and new solutions to move money, and that can alter or expand the roles those parties play.
Let EPCOR be your partner in making these types of determinations! Our team of experts offers a number of educational resources, including interactive consulting services, to assist and further educate you on identifying third-parties, developing TPS programs and managing the risks related to TPS relationships. If you're thinking of a DIY ACH Compliance Audit or Risk Assessment, our easy-to-use workbooks walk you through the process step-by-step, giving you an actionable report of findings!