ACH Risk

Mitigating Transaction Risks

Introduction

When processing ACH transactions, the largest risk factor to consider is ACH returns (which are mistakenly are referred by some as ACH chargeback--chargebacks only occur on cards). ACH returns are a response from a Receiving Depository Financial Institution (RDFI) indicating that the settled funds have been pulled back. This can occur for a wide range of reasons. Unlike Interchange chargebacks, the ability to dispute an ACH return is heavily restricted. ACH returns can occur up to 60 days after the transaction has settled, depending on the return type. A high level of returns might lead to suspension or termination by NACHAthe governing organization of the ACH network.

Who Is Responsible for Covering a Return?

If we receive an ACH return for funds credited to a Synapse account (e.g. a DEPOSIT-US account), the funds will be debited from that account to honor the return, regardless of the balance. If there are not enough funds in the account, the account balance will go negative. We reconcile negative balances from your Platform Reserve on a rolling basis over the course of each month (after 30 days of account inactivity). If the negative balance is greater than -$300 and Synapse is unable to reconcile the balance from another Synapse account held by the user, the negative balance will be reconciled from your Platform Reserve immediately. Learn more about this here.

Return Fees

Synapse will charge a fee for each ACH return once a certain threshold has been reached, regardless of the type of ACH return. This is done to alleviate the fees that NACHA charges our partner banks for each ACH return, this also protects Synapse from incurring liability for these fees. Due to the fees associated with returns, as well as the risk of suspension or termination by NACHA, Synapse proactively notifies platforms of high return rates so they can be reduced as quickly as possible.

Types of ACH Returns

There are three types of ACH Returns:

1. Unauthorized

These returns occur when the account holder of the ACH-US Node informs the RDFI that the transaction was not authorized. NACHA guidelines allow for them to occur up to 60 days after settlement. We recommend that platforms pay particular attention to unauthorized returns, as we have found them to pose the biggest financial risk of all ACH return types.

Unauthorized returns are NACHA codes:

Code

Description

R07

Authorization Revoked by Customer

R10

Customer Advises Not Authorized

R29

Corporate Customer Advises Not Authorized

  • Please note that R05 and R51 are not included as they would apply to relevant listed returns (e.g. R10 & relevant check return code equivalent to R51)

2. Administrative

Administrative returns indicate that a transaction was returned due to administrative or account data errors. For example, the account number is not valid. They will occur 2-3 days post-settlement.

R02

Account Closed

R03

No Account/Unable to Locate Account

R04

Invalid Account Number

3. Total

Total returns refers to all returns, including the two categories above in addition to all other ACH return reasons. They will occur 2-3 days post-settlement.

View Full List of Return Codes.

Dishonoring a Return

ACH returns are dishonored to a very limited degree for a restricted set of reasons, most of which relate to error-type reasons such as a duplicate returns or a misrouted return. For certain specific circumstances we can attempt to recoup financial loss created by ACH returns.

LOI Requests

In cases of ACH Fraud amounting to $1,000 or more, Synapse may be able to submit a letter of indemnity (“LOI”) to a financial institution in an attempt to recoup funds. This option is limited to funds lost as a result of ACH fraud, rather than contesting a return. Specifically, this is limited to instances where funds were sent from an account opened via Synapse (e.g. a DEPOSIT-US account) to an external account (e.g. a Chase account) via an ACH Push.

LOI requests may be submitted in the following manner:

  • User files a dispute
  • Platform sends a request to Synapse SupportSynapse Support - Help Center: https://help.synapsefi.com/hc/en-us | Customer Support Email : [email protected] | Customer Support Phone Number : +1 (415) 688-2943 | Customer Support Hours : Monday-Friday, 8:00am - 7:00pm PT

If Synapse determines that the LOI request was an instance of ACH fraud, an LOI request will be sent to the Receiving Depository Financial Institution (RDFI). Please note that this LOI is sent in good faith. There is no obligation for the RDFI to respond. As such, turnaround times can vary. In some cases we never hear back, in others we hear back after days or weeks. We have even seen instances where the initial response is to decline the LOI, but we later receive a check in the mail with the recouped funds.

Even if we do receive a response, there is no guarantee that any or all of the funds will be recouped. A financial institution will not incur a loss to honor a letter of indemnity, so if funds are no longer available in the account they will decline the request. Additionally, it is not uncommon for a bank to decline the LOI with no further explanation; we often receive very minimal information back. At that point, there is no further action we are able to take on our side.

If we are able to recoup some or all of the funds, these funds will be credited back to your platform’s reserve or the user’s account, as appropriate. Separately, any disputes filed in relation to the ACH fraud will follow our standard dispute process, regardless of whether a response has been received on the LOI

Proof of Authorization Request

If the unauthorized return occurs after the allotted time of 60 days established by Reg E. The RDFI will send Synapse a proof of authorization (POA) request. When we receive this we will respond to the RDFI with documentation including items we collected during the platform’s compliance review (screenshots of ACH authorization & disclosures), the user IP address, and time/date stamps related to the user’s login to the platform’s application.

To be able to provide a full response to the POA request we will need for the platform to operate under the good practice of submitting the user IP address on the headers of our API calls (not the IP of the platform), and to share the time/date stamp of the user login before the transaction was made.

Returns Rates

High return rates can lead to fines by NACHA and suspension from the ACH network. This section provides insight into those rates.

How are Return Rates Calculated

The return rate is calculated by the number of ACH debit returns divided by the total ACH debit originated, over the last 60 calendar days.

NACHA only counts ACH debits because ACH credits do not entail the same level of risk if a return occurs--the ODFI simply gets the funds from the transaction back.

From Nacha.org

Only transactions with SETTLED and RETURNED statuses are included in the number of debits originated. Micro-deposits are not currently included, but will be in the future (we will send notice once that changes).

Return Rate Thresholds

As a proactive step, Synapse will start sending notifications to platforms if return rates are above:

Rate

Unauthorized

0.3%

Administrative

1.0%

Total

10.0%

Platforms will be subject to suspension when they surpass NACHA’s limits of.

Unauthorized

0.5%

Administrative

3.0%

Total

15.0%

How to Reduce your Return Rates

Please make sure to check our general risk mitigation section as the steps outlined can help you reduce your ACH return rates. Below a list of further suggestions.

Slow Down Settlement Times

You can slow down settlement times by 3 days within your controls OR platforms can use extra.settlement_delay to slow down one-off settlement times (ex: for new users). This helps reduce the risk of transactions returning after the user has already emptied their Synapse managed account. This also helps mitigate return risk for all ACH return reasons that must be submitted within 2-3 business days.

Use our Bank Logins Product over Account and Routing Numbers

If external accounts are linked with our bank logins product we can compare their user information on the external account to what’s stored in our base doc. This ensures that the linked account belongs to the user and decreases the risk of account takeovers which results in unauthorized returns.

Check There’s Enough Balance in The Account Before Debiting

If an external account is connected via bank logins, you can force refresh to check its current balance and corroborate there are enough funds for the transaction. We recommend same-day ACH transactions in combination with force refresh as the transactions are processed on the same business day and the risk of NSF returns is lowered.

Lower Limits

Setting lower ACH transaction limits mitigates the level of loss.

Other Actionable Items to Reduce a Platform’s Return Rate

  • Give users one-day advance notifications prior to (both one time and recurring) account debits.
  • Allow users to snooze or cancel the transactions if they lack the balance to complete the transaction.
  • Confirm that the transaction description matches your company’s name, this helps avoid confusion among your users which may result in disputed transactions despite the transaction being authorized.
  • Schedule a call with our compliance team to talk about how to reduce your rate.

ACH Suspension

If a platform exceeds acceptable rates for an extended period of time, and processes 100+ ACH Debits in a trailing 60 day window, they will be subject to suspension from the ACH network for 180 days.This means that should you fail to remediate return rates that exceed NACHA’s thresholds for 30 days, Synapse, or our bank partner may, at its discretion, disable ACH Debit functionality, either temporarily or permanently. If you are suspended for High Return Rates, you must wait 180 days (6 months) from your last return to go through the ACH Debit reapproval process.

Synapse has applied a transaction volume threshold to prevent the suspension of a platform with distorted return rates based on low processing volume alone. For example, should a platform process 100 transactions in 60 days and receive two unauthorized returns, they would exceed NACHA’s allowable rates. This does not justify suspension, nor does it indicate a systemic issue.

Analysis and Reporting

If your rates are approaching or above NACHA thresholds, Synapse will send an email notification to the appropriate representatives at your company. We might also reach out to that person if we notice unusual patterns, and work with you to update any KYC or limits.

Each week, a designated member of the compliance team will review the return rates for further analysis. We will try to identify any problematic users and/or transactions that contributed to the rate and how that might be mitigated moving forward. The weekly emails you receive will include a calendly link for you to schedule calls with our compliance team should you wish to discuss return rates in general or way in which you can lower your returns.

ACH Debit Suspensions

Should a platform’s rates exceed NACHA’s thresholds for 30 days, Synapse will notify the platform via email with a formal warning notice. From that point, you will have 15 days to bring the rates below thresholds. Please be advised, if you successfully decrease your rates within that time frame, you will still be under review for 180 days and subject to suspension if they increase again. If you are not able to decrease rates below the thresholds within that time frame, the suspension will be scheduled. We will give you 15 days to wind down ACH debit functionality.

In the case of ACH suspension, your platform architect can work with you to offer creative transaction solutions to avoid major service interruptions to users. During the suspension, your Spec Sheet will show a limit of $0.00 for ACH-US to Deposit-US (and all other account types) and your production controls will reflect the update. Both end user and platform flows will be set to this $0.00 limit.

When the 180-day suspension concludes, if you would like, we may submit an updated Spec Sheet to our bank partner to re-enable ACH Debit functionality. We would require supporting documentation, clearly outlining the steps taken to remediate the excessive return rates. Please be advised, that re-approval is not guaranteed. If it is granted, you cannot exceed NACHA return rate thresholds again; we will disable ACH Debit functionality permanently if rates rise above the allowable thresholds again.

Updated 2 months ago

ACH Risk


Mitigating Transaction Risks

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.