What Should Banks Expect During ACH Exams After June 19?

We recommend financial institutions document basic procedures for monitoring fraud risks, focusing on simple reviews tailored to fraud trends, with a low compliance bar: complete periodic checks and update as needed.

Key Monitoring Requirements

What to review: Specify report names (e.g., ACH reports) and frequency (e.g., each ACH window or daily morning)

Who monitors: Identify the department or individuals responsible.

Sign-off process: Detail how reviewers initial or sign reports to confirm completion

Fraud trend adaptation: Adjust monitoring based on past institution fraud or common industry patterns; evaluate if it's sufficient to detect these.

Documentation Needs

Include write-ups for report items: Note if fraud was found, actions taken (e.g., for confirmed cases), and who reviewed (beyond just the signer)

Expect low detail overall: periodic reviews and changes suffice for compliance; deeper info may appear in early risk assessments tied to the FI's risk tolerance, not audits.

General Best Practices from Compliance Guides

Start with risk assessment to prioritize high-impact areas, then define policies, controls, and key performance indicators.

Use techniques like regular audits, automated tools, and self-assessments.

Document everything: test dates, results, testers, and fixes; conduct ongoing entity-level checks by operations staff.

Train staff, report to management, and improve based on findings.