June 28, 2013
Via e-mail Maribel Bondoc Manager, Network Rules
NACHA, The Electronic Payments Association firstname.lastname@example.org
Re: Clarification of Third-Parties in the ACH Network-Request for Comment
Dear Ms. Bondoc:
New Economy Project (formerly NEDAP) is a resource and advocacy center based in New Yark City that works to promote community financial justice and to eliminate discriminatory economic practices that harm communities and perpetuate inequality and poverty. The Virginia Poverty Law Center (VPLC) is a non-profit organization that serves Virginia’s legal aid system by providing advocacy, training, and litigation support on civil justice issues that affect low income Virginians. We thank you for the opportunity to submit comments on the proposed amendments to the NACHA Operating Rules regarding third-parties in the ACH network.
New Economy Project and the Virginia Poverty Law Center generally support the proposed amendments to the operating rules, and urge NACHA and its members to take additional steps to combat illegal and unauthorized ACH transactions, which have particularly harmful consequences for low-income people, and to prevent the abuse of the ACH network by internet payday lenders and other unscrupulous entities.
Internet Payday Lending and the ACH Network
Payday lending in New Yark State is illegal. Unfortunately, some payday lenders still manage to make illegal payday loans to New York State residents via the internet. Banks play an integral role in facilitating this illegal activity, as internet payday lenders typically both deposit payday loan proceeds and debit loan payments by electronic transfer to or from the borrower’s bank account. These electronic transfers often occur via the ACH network.
These illegal payday loans cause great harm to banks’ customers, especially those who are low income. Ms. B, one of New Economy Project’s clients, tried to stop payday lenders from debiting her bank account, which had virtually no funds, by asking her bank to block the debits. Unfortunately, Ms. B’s bank refused, saying it was unable to stop the debits. The payday lenders proceeded to attempt to debit Ms. B’s account 55 times over a two-month period, and Ms. B’s bank charged her over $1,500 in fees.
In Virginia, though storefront payday lending is legal, internet payday lending is illegal. For several years, the Virginia Poverty Law Center has offered advice via a telephone hotline to Virginians caught up in payday loans. Over the last few months, callers with internet payday loans have made up the bulk of the hotline calls. Numerous callers report that they cannot get their banks to stop internet payday lenders from debiting their accounts, and that they have incurred huge amounts of overdraft fees.
New Economy Project and the Virginia Poverty Law Center believe that banks with customers in states that have banned payday lending should affirmatively identify and block illegal debit transactions initiated by payday lenders. Furthermore, all banks must comply with their legal obligations to stop payment on preauthorized electronic fund transfers upon their customers’ requests. Because third-parties, rather than lenders, often initiate payday loan repayment debits, the requirements for third-party-initiated transactions on the ACH network affect the ability of banks to identify and stop such transactions.
Unauthorized ACH Transactions
Whereas even properly authorized ACH transactions involving internet payday lenders are problematic — and illegal in states such as New York — borrowers who transact business with internet payday lenders may also find themselves subject to two different kinds of unauthorized ACH transactions. First, internet payday lenders routinely continue to debit from borrowers’ accounts after borrowers revoke their authorization. Second, particularly unscrupulous lenders sell borrowers’ bank account information to other companies, which then initiate transactions that are completely unauthorized and amount to nothing more than theft from the borrower.
These unauthorized transactions cause great harm to consumers and undermine confidence in the ACH network. These amendments provide an opportunity for NACHA to take steps to address this problem.
The Proposed Amendments
The proposed revisions are intended to “clarify the definitions, roles and responsibilities of Third-Parties in the ACH Network.” NACHA, “Clarification of Third Parties in the ACH Network: Request for Comment,” Executive Summary and Rules Description 1 (May 20, 2013) (hereinafter “Executive Summary”). We comment briefly on two aspects ofthe proposal:
1) Identification of Originator in Authorization
While this proposal is a basic transparency requirement and a positive development, it is unlikely that it will affect the abilities of banks to identify transactions involving internet payday lenders or known senders of unauthorized transactions. In general, the Sender retains each authorization. While it is true that the Sender must provide a copy to the Originating DFI (ODFI) upon its request, and that the ODFI must request and transmit a copy to the Receiving DFI (RDFI) on the RDFI’s request, the ACH Rules do not require that the DFis obtain a copy of the authorization as a matter of course. See ACH Rules§ 22.214.171.124. Therefore, even if the true payee is identified on the authorization, the RDFI will not be able to flag the transaction unless it has specifically requested a copy of the authorization.
We recommend two changes that would further strengthen the authorization provisions:
a) Require the ODFI to Obtain a Copy of Each Authorization
NACHA rules should require that an ODFI must obtain a copy of each authorization from the Sender before processing an ACH transaction. Given the current level of abuse of the ACH system, NACHA should not permit ODFis to rely solely on the representations of the Originator.
b) In Case of a Dispute, Require the RDFI to Obtain a Copy of the Authorization from the ODFI
Furthermore, NACHA rules should require, in the event that a consumer disputes a transaction as unauthorized, that the RDFI obtain a copy of the authorization from the ODFI and provide it to the consumer. As written, the rules only permit the RDFI to request this information. Such a requirement would be consistent with and build upon the RDFI’s obligation under the Electronic Fund Transfer Act to conduct a good-faith investigation of a consumer’s report of an error. See
15 U.S.C. § 1693f; 12 C.F.R. § 205.11.
2) Third-Party Audits
We agree that the Rules should require Third-Party Senders and Third-Party Service Providers to undergo audits. This audit requirement could increase compliance with the ACH Rules, including the requirement that the Company Name field of each entry identify the ultimate payee. However, to the extent that Third-Party Senders are intentionally evading their obligations to identify the Originator of the transactions, the audit structure may not lead to increased compliance unless NACHA ensures that audits actually take place and are competently conducted. Accordingly, we recommend that NACHA vigorously enforce this provision.
Identification of Ultimate Payee: Recommendations for Further Amendments
As the Executive Summary points out, under existing NACHA guidelines, Senders must identify the ultimate payee in a debit entry, using the name by which the payee is “known to and readily recognized by” the Receiver. See Executive Summary at 2. In addition to listing the name of the ultimate payee in the Company Name field, the entry should list the ultimate payee’s EIN, DUNS number, or user-defined identification number in the Company Identification field. See ACH Rules, Appx. 3, pt. 2, subpt. 2. In our experience, some Third-Party Senders, particularly in the internet payday loan context, are not complying with this requirement, complicating efforts
to identify entries originated by particular entities.
To the extent that this results from a misunderstanding of the existing rules, the guidance accompanying the proposed amendment on the distinction between the Originator and a Third Party Sender could improve compliance. On the other hand, in many cases lenders may deliberately conceal their identities by utilizing the Third-Party Senders. These Third-Party Senders in turn may conceal the identity of the ultimate payee by listing their own name in the company name field. We therefore recommend two additional amendments to the ACH Rules:
First, the Rules should require that participating ODFis remind their customers of their obligation to report the ultimate payee of the transaction. More importantly, ODFis should prevent payees who do not comply with this requirement from initiating transactions through the ACH system.
Second, the ACH Rules should require each ODFI to warrant that the entity whose name appears in the Company Name Field is the Originator of the instruction and that the payment is not intended for any other entity. ODFis already warrant that each entry complies with the ACH rules. See ACH Rules § 126.96.36.199. Including a specific warranty that the company name field accurately represents the ultimate payee would give ODFis an additional incentive to ensure that their customers are complying with that requirement.
In sum, New Economy Project and the Virginia Poverty Law Center generally support these amendments and urge NACHA and its members to take additional steps to curb illegal and unauthorized transactions, which have particularly harmful consequences for low-income people. Thank you for the opportunity to submit these comments and we would welcome the opportunity to speak to you in more detail about our mutual goal of preventing abuse of the ACH network.
Susan Shin, Staff Attorney New Economy Project susanl@,nedap.org
James W. (Jay) Speer, Executive Director Virginia Poverty Law Center jayl@,vplc.org