IT Examiner School

ACH – Common Examination Exceptions • Risk tolerance for ACH activities not defined by the Board • Insufficient Board reporting • Lack of written policies & procedures • Lack of compliance - enhanced authentication requirements • No underwriting or annual review of customer exposure limits • Lack of effective monitoring

ACH – Common Examination Exceptions • Poor physical controls of EFT equipment/ security tokens • Third-party processor controls transactions without proper oversight • Inadequate International ACH Transaction (IAT) entry screening • Inadequate training and knowledge of ACH Rules by staff, including the audit and compliance departments