INSIDE:

INSIDE: 2013 ACH Rules Reminder for Originating Companies.....................................................................................pg. 1
How to Comply With NACHA’s New Security Framework Rule......................................................................pg. 1
Payment Card Industry Data Security Standards (PCI DSS) Revised............................................................pg. 1
Interchange Rules in the News Again..................................................................................................................pg. 2
Payroll Cards Come Under Fire...........................................................................................................................pg. 2
New $100 Note Now in Circulation....................................................................................................................pg. 4
NACHA Continues Work with Microsoft, FS-ISAC, the ABA and Others in Fight Against Cybercrime...pg. 4
FinCEN Issues Guidance on Virtual Currencies.................................................................................................pg. 4
Cyber Security Insurance: What’s All the Buzz About?.....................................................................................pg. 5
NACHA Expedited Processing and Settlement Update...................................................................................pg. 5
You Have The Right to Remain Paperless: The “No Check” CEO Bill of Rights..........................................pg. 5
Cyber Security a Growing Issue for Small Business...........................................................................................pg. 6
Top 5 OFAC Compliance Facts............................................................................................................................pg. 7
Does the International Remittance Transfer Rule Apply to Your Business?....................................................pg. 8
Protecting Personal Information: A Guide for Business....................................................................................pg. 8
Understanding Healthcare EFTs..........................................................................................................................pg. 9
2013 ACH Rules How to Comply With NACHA’s
Reminder for
New Security Framework Rule
Originating
Companies
NACHA’s ACH Security Framework Rule,
Four ACH Rules changes of significant
impact to Originators went into effect on
September 20. How have you been keeping up
with this year’s changes? As an originator of
ACH entries it is important to stay up-to-date
with the ACH Rules, including updates and
changes as they arise.
Need a refresher? Click here to download
2013 ACH Rules Update for Originating
Companies, to find out which ACH Rules
changes may apply to you. Be sure to
contact your financial institution regarding
any questions you have in regard to how
these changes pertain to your current
Origination activity.
to meet those expectations and valuable
which went into effect on September 20,
resources are included. Every business
imposes greater expectations of data security
originating ACH transactions will benefit
on business ACH Originators. EPCOR has
from this course’s fundamental overview of
developed a short, on-demand course which
the new ACH Rule requirement, useful tips
provides business ACH Originators with a
for compliance and related resources. This
basic overview of their obligations under the
course is free to EPCOR Members to provide
ACH Security Framework Rule in an easy-
to their business clients. Inquire with your
to-understand manner. Actionable guidance
financial institution for more information.
Payment Card Industry Data
Security Standards (PCI DSS) Revised
By Rayleen Pirnie, Director, Compliance & Fraud
make PCI DSS part of their business-as-usual
activities by introducing more flexibility, and
The long-anticipated revision of the
Payment Card Industry Data Security
Standards (PCI DSS) reportedly will be
finalized in November. The Payment Card
Industry Security Standards Council (PCI
an increased focus on education, awareness
and security as a shared responsibility.”
Listed below is a brief overview of the
updates we expect to see in the final release.
First, a secure network must be maintained
SSC) has released the first glimpse at the
for transactions, including robust firewalls.
proposed changes which enhance six major
This includes specialized firewalls for wireless
objectives of the current standards. In the
LANs. Additionally, the updated guidance
August 15th Press Release, PCI SSC indicated
specifies enhanced authentication standards.
that these changes “… will help companies
Second, cardholder information must
see SECURITY STANDARDS on page 2
E P CO R • I n side Origination | October 201 3
1
SECURITY STANDARDS continued from page 1
be protected regardless of how or where
each user to have their own unique access
programs should scan all exchanged data,
credentials. Access controls should consider
applications, random-access memory (RAM)
it is stored. (Criminals frequently target
cardholder data in all forms, physical and
and storage media frequently.
repositories and databases of consumer
electronic. In addition, businesses should not
Lastly, businesses must have a formal
information, hence this enhancement.)
request any cardholder information that isn’t
information security policy that is well-
Third, all systems handling card data
required to carry out a transaction or to help
defined, updated and followed at all times.
protect against fraud.
Additionally, formal audits should measure
must be protected against hackers by using
appropriate, patched security solutions such
Fifth, networks must be constantly
as anti-virus software, anti-spyware, anti-
monitored and regularly tested to ensure
malware, etc.
that all security measures and processes are
Fourth, appropriate access controls
the effectiveness of the program and penalties
for non-compliance may apply.
effective, function properly and current. For
Additional Resources:
must be in place to properly restrict access
example, anti-virus and anti-spyware programs
PCI 2013 Community Meetings
to cardholder data, including requiring
should have the latest updates applied. These
PCI Security Standards Home Page
Interchange Rules in the News Again
By Karen Sylvester, AAP, NCP, Compliance &
the Board’s Final Rules that went into effect
Fraud Manager
in July of 2011 which set standards for
Board to establish standards to determine the
debit card interchange transaction fees and
amount of interchange fee that is reasonable
network exclusivity prohibitions. The retail
and proportionate to the cost incurred by
District Court for the District of Columbia
associations assert that the merchants they
the Issuer. After a survey was completed, the
may have card issuers wondering what the
represent have experienced a significant
Board determined 21 cents was an appropriate
future holds for interchange fees. Judge
increase in costs due to the increase of card
compensation amount for the Issuers., and also
Richard Leon, a United States District Judge
usage. The final ruling purported that the
adopted a requirement that two unaffiliated
for the District of Columbia, concluded
financial industry has seen a decrease in
networks be available for each debit card, but
that “the transaction fee and network non-
cost by not processing as many checks and
not for each authorization method.
exclusivity regulations as currently written are
increased card usage. The final ruling also
fundamentally deficit”. This ruling requires
discussed how merchants experienced a
appealed Judge Richard Leon’s decision, additional
the Federal Reserve Board of Governors to
234% increase in interchange fees for PIN
filings were due the middle of October. Merchants
rebuild the rules and prevents the adoption of
based transactions between 1998 and 2006.
have aligned with the Board to ask for the court to
similar regulation standards.
The increase in fees is based on card usage
stay the judgment pending appeal, explaining to
as well as the networks increasing fees. The
the court that they would prefer to continue to pay
the National Association of Convenience
merchants emphasize there are not enough
pre-Durbin interchange fees until a final decision
Stores, the National Retail Federation and
networks to process transactions through
is reached. EPCOR will continue to monitor
the National Restaurant Association, filed
because of Issuer relationships and smaller
for any updates and impacts of the Durbin
a civil case against the Federal Reserve
networks have increased their fees based on
Amendment or enhancements to the current
Board of Governors (Board) to overturn
larger network fees.
interchange fee and processing standards.
A recent court decision in the United States
A number of retail associations, including
The Durbin Amendment directed the
The Federal Reserve Board of Governers has
Payroll Cards Come Under Fire
By Andrew Deichler, Association for Financial
into question how much these programs are
this week, including McDonald’s, Walgreens
Professionals
costing low-wage employees. But are the
and Wal-Mart, requesting more information on
alternatives any better?
their payroll card programs. The attorney general
Payroll cards are receiving a bit of bad
press lately, due to an investigation that calls
New York Attorney General Eric T.
Schneiderman sent letters to about 20 companies
is concerned that these card programs end up
costing employees too much money.
see PAYROLL CARDS on page 3
E P CO R • I n side Origination | October 201 3
2
PAYROLL CARDS continued from page 3
Charges such as $0.50 for a balance inquiry,
between 2.4 percent and 3 percent to cash
their payroll checks. “The study found an
$2.25 for an out-of-network ATM withdrawal
unbanked employee earning $26,000 a year
and $2.95 for a paper statement tend to
would spend approximately $750 in check-
total up, especially to a low-wage employee.
cashing and money order fees to pay their
Once these fees are taken into account, some
bills, or about 2.8 percent of their annual
employees are actually making less than
earnings,” she wrote.
minimum wage.
Schneiderman is also attempting to discern
Chuck Phipps, AAP, CTP, bank operations
manager, EFT Processing for NetSpend, the
whether these employers violated state labor
largest issuer of payroll cards, believes that the
laws by forcing employees to use payroll cards
story is being sensationalized. “Events like this
as a condition of their employment. Under
surprise me with how much misunderstanding
New York law, organizations are required
still exists about payroll cards, especially with
to receive employees’ explicit consent
the high-value they provide to both employees
before they can pay them via payroll card.
and employers,” he said, in an interview. “The
Additionally, companies are also required
vastly greater positive aspects far outweigh
to give employees an option to receive their
the few negative outliers. Reporters seem
wages without incurring any fees.
to continuously focus on payroll card fees,
The New York Times reported that many
as if paper paychecks carry zero cost to an
employees fear that if they do not accept
employee. At the very least, it takes time to
payroll cards, their employment will be
cash a check or deposit it at a bank, and check-
terminated. Others claim to be automatically
cashing stores usually take 1 percent or more
enrolled in payroll card programs and would
of the face value.”
have to “navigate a bureaucratic maze” if they
want to opt out.
The situation escalated even further when
Phipps added that the majority of state
labor laws strictly articulate how employees
can and should be paid, and most of them
16 Democratic senators sent a letter to
have rules for payroll cards that dictate
Richard Cordray, director of the Consumer
one or more free methods per month for
Financial Protection Board, and Seth
accessing all their funds in cash. “The NY
D. Harris, acting secretary of the Labor
State Attorney General is highly unlikely
Department, to investigate companies’ use of
to find any wrongdoing among the larger
payroll card programs.
corporate employers he plans to investigate,”
However, there is an argument to be
said Phipps. “They typically have the best
made that these employees would be
payroll card programs with the most features,
incurring higher costs if paid through
all fully compliant with Regulation E and zero
different means. Many individuals paid via
possibility of infringing on employee rights.”
payroll cards do not have bank accounts,
With all of this controversy in the
noted Kirsten Trusko, president and
headlines, many corporates who have
executive director of the Network Branded
implemented payroll card programs or are
Prepaid Card Association, in American
considering it will likely have questions.
Banker. If these individuals were paid by
Practitioners can look to the AFP Guide to
check, they would endure check cashing
Payroll Card Programs to help them better
fees that can total up substantially.
understand these programs.
Trusko cited a 2010 study by the
Massachusetts Division of Banks which
© 2013 Association for Financial
found that an unbanked employee pays
Professionals (www.afponline.org)
E P CO R • I n side Origination | October 201 3
3
New $100
Note Now in
Circulation
NACHA Continues Work with
Microsoft, FS-ISAC, the ABA and
Others in Fight Against Cybercrime
The new $100 note, which incorporates
In early 2012, NACHA joined with
with malware and initiating more than half a
new security features such as a blue, 3-D
Microsoft Corporation, the Financial Services
security ribbon, will be easier for the
– Information Sharing and Analysis Center
public to authenticate but more difficult for
(FS-ISAC) and others to plan and execute
effort by both the public and private sector
counterfeiters to replicate. Find out more
coordinated action to disrupt some of the
to fight cybercrime, help protect people and
about the simple steps you can take to ensure
most notorious cybercrime operations
businesses from online fraud and identity
that you and your employees are prepared
responsible for fueling online fraud and
theft, and enhance online Internet security
to recognize and accept the redesigned $100
identity theft. That action was very successful,
for everyone. NACHA provided support
note and help safeguard your organization
disrupting a number of harmful botnets
for this operation to ensure that financial
from financial loss. To explore the new
and a critical source of money-making
institutions’ customers/members continue to
security features of the $100 note and to
for fraudsters, while gaining important
trust ACH payments,online banking and bill
download training materials for your staff,
information to help identify those responsible
payment services.
click here.
and to better protect victims.
In a continuing effort to fight cybercrime,
billion dollars in fraudulent transactions.
This cooperative action is part of a growing
For additional details around this
collaborative effort, view the press release.
NACHA recently collaborated again
For computer owners worried that their
with Microsoft, the Federal Bureau of
computers might be infected, Microsoft offers
Investigation (FBI), FS-ISAC, the American
free information and malware removal tools
Bankers Association (ABA) and other
at http://support.microsoft.com/botnets.
technology industry partners to disrupt a
Source: NACHA
global cybercrime operation responsible for
infecting more than 5 million computers
FinCEN Issues Guidance
on Virtual Currencies
To provide clarity and regulatory certainty
transmitting them. Convertible virtual
for businesses and individuals engaged in
currencies either have an equivalent value
an expanding field of financial activity, the
in real currency or act as a substitute for real
Financial Crimes Enforcement Network
currency. The guidance considers the use of
(FinCEN) has issued the following guidance:
virtual currencies from the perspective of
Application of FinCEN’s Regulations to Persons
several categories within FinCEN’s definition
Administering, Exchanging, or Using Virtual
of money services businesses (MSBs).
Currencies. The guidance is in response to
questions raised by financial institutions,
To view the news release, click here.
law enforcement and regulators concerning
Download the guidance.
the regulatory treatment of persons who
use convertible virtual currencies or make
Source: FinCEN
a business of exchanging, accepting and
E P CO R • I n side Origination | October 201 3
4
Cyber Security
Insurance:
What’s All the
Buzz About?
NACHA Expedited Processing
and Settlement Update
transactions, thereby creating a common
adopt the Fed service as a stepping stone to a
By Rayleen Pirnie, Director Compliance &
foundation for all financial institutions on
broader, more ubiquitous offering in the future;
Fraud
which they can then develop valuable services
thereby developing internal processes and
for their customers. In response, NACHA is
launching new services that take advantage of
In years past, most companies either
continuing its outreach to its members and
same-day settlement gradually over time.
considered cyber security to be a purely
the industry, exploring options that can lead
Information Technology function, or didn’t
to the certainty of a ubiquitous same-day
ACH Operators to ensure that the ACH
really consider cyber security as a necessary
settlement rule.
Rules and the technology infrastructure
part of their daily business. With the high
Many organizations have encouraged
NACHA to continue its work on a rule
supporting same-day settlement of ACH
In the meantime, NACHA is supportive of
Expedited Processing and Settlement rule
would have become effective.
NACHA encourages financial institutions to
NACHA will carry on its work with both
they support are complementary. NACHA
number of breaches today, more businesses
the offering available to financial institutions
also will continue to support the industry to
realize the importance of cyber security,
via the FedACH® SameDay Service. Although
provide certainty of roles and responsibilities
and that at times security itself isn’t enough.
the service is not ubiquitous, it is a very good
for all utilizing the ACH Network via both
Protect information from nefarious aggressive
starting point and it is available now – almost
ACH Rules and, when beneficial, NACHA
sources, or pay the consequences.
a year and a half earlier than the proposed
Opt-in programs and rules.
Breaches large and small have made the
media over the years, and the negative
publicity isn’t the only expense the
compromised business must contend with. In
Ponemon Institute’s 2013 Cost of Data Breach
Study, the average cost of a data breach was
$188 for each lost or stolen record. Times this
by hundreds, or even thousands of records
that may be lost in a breach. Also consider
the Federal Trade Commission Act (FTC
Act) which requires businesses who disclose
to consumers that the business will protect
information actually do so. A breach can
result in a violation of this federal act. The
Federal Trade Commission has reportedly
brought 35 businesses up on charges of
violations in just the past two years; many
of these cases were businesses who were
breached during a cyber-attack. It’s not
surprising given today’s environment that
more businesses are seeking shelter from the
fall out of often uncontrollable events.
When considering cyber security
insurance, understand that not all policies
see BUZZ on page 6
You Have The Right to Remain
Paperless: The “No Check”
CEO Bill of Rights
Did you know there’s a whole new
generation of CEOs and CFOs who run
paperless businesses and insist on electronic
payments instead of paper checks? They have
no patience for time-consuming, paperbased processes that drag down everyone’s
productivity. They’ve been endowed by
game-changing cloud-based technology with
certain inalienable rights.
Freedom from their desks. “No Check”
CEOs aren’t tied to their offices, but free to
Become a paperless CEO with
Direct Deposit and Direct
Payment via ACH!
Visit electronicpayments.org for more
information, tools and ideas.
manage their companies from wherever they
documents to a cloud-based service, manage
need to be, with instant, real-time access
the approval process online, and make
to their business and financial data from
payments electronically.
anywhere, 24 hours a day.
Freedom from bill-payment hassles. They
simply scan, fax or email bills and associated
Freedom from receivables worries. “No
Check” businesses rake in their receivables 2-3
times faster, thanks to e-invoicing, automatic
see PAPERLESS on page 6
E P CO R • I n side Origination | October 201 3
5
BUZZ continued from page 5
PAPERLESS continued from page 5
anywhere, any time – so no need to save
are created equally. It’s important to read
reminders, and online customer payments
and store paper receipts, purchase orders,
the policy coverage carefully and ensure it
deposited directly into their bank accounts.
contracts, check stock or paper invoices.
Freedom to reduce operating costs.
covers what your business considers crucial.
Freedom from cash flow uncertainty. “No
Most breach expenses don’t end with just the
Check” CEOs and CFOs get precision control
Eliminating paper not only reduces
exposed records; consider damage to your
over cash flow, by projecting receivables,
processing costs for payables and receivables,
infrastructure if a particularly nasty piece
payables and balances up to three months out,
digital access enables better cost controls
of malware infects your network leaving a
revealing potential problems well in advance.
through improved visibility. Getting rid of
wake of ruin to computers and servers alike.
Freedom from check fraud. Unlike checks,
time-consuming paper-based processes also
And consider if a consumer group decides
electronic payments can’t be intercepted or
increases productivity for everyone. Ready
to file a Torte Action against your business
modified. And unlike paper documents,
to become a “No Check” CEO? It’s as simple
for harm suffered when you were unable
electronic data can be protected with
as moving your business processes from the
to protect their information. Businesses
enterprise-level security systems.
manual, paper-based world to the cloud, via
should also consider what happens if the
Freedom from paperwork. Some “No
services such as Bill.com.
criminal element manages to gain access to
Check” businesses don’t even have file
financial accounts while they are siphoning
cabinets, because everything is digitized
Source: Pymnts.com; René Lacerte,
information during a breach; this often causes
and stored online for secure access from
Founder and CEO of Bill.com
a devastating loss that many businesses never
recover from.
Businesses should perform an internal
assessment of what they seek to protect by
way of the insurance, just like any other
policy. If your business is located at the top
of a mountain, you may not need flood
insurance, right? Consider the same with
cyber security insurance. If your business
doesn’t collect or maintain consumer records,
then you probably don’t need a policy that
covers the theft of consumer records. If you
have financial accounts, but don’t have the
proper coverage, then the policy may not help
you recover from those losses.
Many businesses find themselves lost when
aimed at increasing cyber security measures
trying to identify a good policy for them. In
nationwide. In August, the White House
august 2013, the Ponemon Institute published
distributed some loosely defined sets of
Managing Cyber Security as a Business Risk:
incentives designed to promote private
Cyber Insurance in the Digital Age to help
company adoption of the voluntary aspects of
guidance businesses understand what’s at
the “Cyber security Framework.” At the top of
stake, influences on purchasing cyber security
the list is a proposed cyber security insurance
insurance, and general guidance in navigating
market, which calls for the adoption of risk-
this policy world. Also check national and state
reducing measures and risk-based pricing
resources, such as the Better Business Bureau
models. So ideally, if businesses opt to comply
or independent reviewers such as Tech Target.
with the voluntary cyber security standards
Today’s policies could change in coming
we anticipate in early 2014, and want cyber
months. Remember back in February,
security insurance, you may have more options
President Obama signed an executive order
than those who choose not to comply.
Cyber Security a Growing Issue for Small Business
As more business owners utilize technology
cyber threats, making them easy targets
just as much a danger for small companies as
such as cloud computing and mobile devices
for expert criminals,” said Chris Collins,
it is for larger ones. Here are three security
and apps, the risk of hackers accessing money
chairman of the House’s Subcommittee on
tips that were offered as part of the testimony:
and sensitive business data becomes more
Health and Technology. “In addition, many
real. The House Committee on Small Business
of these firms have a false sense of security
employees. When it comes to cyber security,
addressed this issue during a special hearing
and believe they are immune from a possible
one of the biggest problems is the lack of
called, “Protecting Small Businesses Against
cyber-attack.”
education among small-business owners and
Emerging and Complex Cyber-Attacks.”
The committee heard testimony from
“Small businesses generally have fewer
a number of professionals from the tech
resources available to monitor and combat
industry on how and why cyber security is
1. Create a written security policy for
their employees, Collins said.
Business owners and their IT departments
need to stay up-to-date on issues relating
see SECURITY on page 7
E P CO R • I n side Origination | October 201 3
6
SECURITY continued from page 6
something that can be guessed based on
to cyber security threats and should create
public information, consider changing it to
a written security policy for employees,
something more difficult to crack.
suggested Dan Shapero, founder of Laguna
Weber told a story about how one of his
Beach, Calif.-based pay-as-you-go digital
small-business clients used the name of his
marketing firm ClikCloud. In it, determine
college mascot as his bank password. Hackers
whether employees should be allowed to
figured out the password and removed
have personal data on business devices, he
$40,000 from his account. Business owners
said. Conversely, figure out whether business
should create passwords that are at least 12
data should be permitted on their personal
characters long and contain upper and lower
devices and what to do in case a device is lost
case letters, as well as numbers and special
or stolen.
characters, Weber said.
Then, share the document with employees
Also, avoid using the same password across
and make certain that they understand what to
multiple accounts, recommended Justin
do and why cyber security is vital, Shapero said.
Freeman, corporate counsel at San Antonio,
2. Use stronger passwords. This might
Texas-based IT hosting company Rackspace.
seem like a no-brainer to some, but
The more passwords between hackers and
business owners have been “dumb” about
your data or money, the better, he said.
creating smart passwords, said William
Need a Cyber
Security Plan?
3. Encrypt your data. You can’t always keep
Weber, senior vice president and general
hackers out of your computer systems, so take
counsel at Cbeyond, an Atlanta-based
steps to protect the data contained within
telecommunications and IT company.
those systems, Freeman said. That’s where
If your password is a common word, or
encryption comes in. Disk encryption tools
Create your own customized
cybersecurity plan with the Federal
Communications Commission’s (FCC)
Small Biz Cyber Planner 2.0. This online
tool will allow you to create and save
a custom cyber security plan for your
company, choosing from a menu of
expert advice to address your specific
business needs and concerns.
Click here to get started.
come standard on most operating systems,
including BitLocker for Windows PCs and
FileVault for Macs. These programs essentially
convert the data on your systems into
unreadable code that isn’t easily deciphered
by hackers.
Source: Entrepreneur; Jason Fell
Top 5 OFAC Compliance Facts
OFAC is the acronym for the Office of
1. What OFAC Compliance Means
entities and their foreign branches. In the
Foreign Asset Control. OFAC compliance
The Office of Foreign Assets Control
cases of certain programs, such as those
is critical for U.S. businesses working with
administers and enforces economic sanctions
regarding Cuba and North Korea, all foreign
overseas partners; the regulations are in
programs primarily against countries and
subsidiaries owned or controlled by U.S.
place in part to ensure that companies
groups of individuals, such as terrorists and
companies also must comply. Certain
don’t unwittingly do business with terrorist
narcotics traffickers. The sanctions can be
programs also require foreign persons in
organizations or other unsanctioned entities.
either comprehensive or selective, using
possession of U.S. origin goods to comply.
the blocking of assets and trade restrictions
3. Industry Specific Information
businesses, no matter how small, will
to accomplish foreign policy and national
OFAC provides downloadable guidelines
have foreign suppliers or clients, makes
security goals. All U.S. persons (which by
and FAQs for specific industries, including:
it imperative that they understand Office
legal definition includes firms) must abide
• Financial Sector
of Foreign Asset Control Compliance is.
by these sanctions—this is the meaning of
• Money Service Businesses
Businesses are responsible for following
compliance.
• Insurance Industry
The increasing possibility that US
OFAC regulations designed to halt terrorist
2. Who Must Be in Compliance
• Exporters and Importers
and other illegal funds from circulating
All U.S. persons must comply with OFAC
• Tourism / Travel
If you are in an industry with signficant
regulations, including all U.S. citizens and
• Credit Reporting
foreign business, a small business owner, or
permanent resident aliens regardless of where
• Non-Governmental Organizations
an individual doing business, here are the top
they are located, all persons and entities
five areas to familiarize yourself with.
within the United States, all U.S. incorporated
(NGOs) / Non-profit
• Corporate Registration
see OFAC on page 8
E P CO R • I n side Origination | October 201 3
7
OFAC continued from page 7
Information is available on the OFAC
Information for Industry Groups page.
• Cuba
5. Specially Designated Nationals (SDN) List
• Democratic Republic of the Congo
OFAC publishes a list of Specially Designated
• Iran
Nationals and Blocked Persons (“SDN list”) which
4. OFAC Country And List-based Sanctions
• Iraq
includes over 3,500 names of companies and
OFAC Country Sanctions and List-Based
• Liberia
individuals connected with the sanctions targets.
Sanctions, including general licenses for
• North Korea
A number of the named individuals and entities
exceptions; related documents; and laws, rules
• Sudan
are known to move from country to country and
and regulations authorizing the sanctions are
• Syria
may end up in unexpected locations. U.S. persons
available on the OFAC Sanctions webpage.
• Zimbabwe
are prohibited from dealing with SDNs wherever
Included on the Country Sanctions List Are:
List-Based Sanctions Programs Include:
they are located and all SDN assets are blocked. It
• The Balkans
• Anti-Terrorism
is important to check OFAC’s website on a regular
• Belarus
• Counter Narcotics Trafficking
basis to ensure that your SDN list is current.
• Burma
• Non-proliferation
• Cote d’Ivoire (Ivory Coast)
• Diamond Trading
Source: About.com
Does the International Remittance
Transfer Rule Apply to Your Business?
The Remittance Transfer Rule, which
you, including a temporary exception that
amends Regulation E goes into effect on
allows insured depository institutions and
October 28, 2013. The final rule provides
credit unions to use certain estimates in their
new protections, including disclosures and
disclosures. Any business that sends money
error resolution and cancellation rights, to
internationally for consumers may find this
consumers who send remittance transfers to
guide helpful.
other consumers or businesses in a foreign
This guide may also be helpful to agents,
country. The amendments implement
software providers, and other companies
statutory requirements set forth in the
that serve as business partners to remittance
Dodd-Frank Act.
transfer providers.
The remittance transfer rule covers a broad
range of companies and types of transfers.
Click here to download the International
This CFPB’s Small Entity Compliance Guide
Money Transfers Small Entity Compliance
will help you determine whether the transfers
Guide.
you send are regulated by this rule, and if
so, what your compliance obligations are.
Source: NACHA, CFPB
It discusses exceptions that might apply to
Protecting Personal Information: A Guide for Business
The Federal Trade Commission (FTC)
Security numbers, credit card, or other
your free copy of the guide to safeguard your
has developed a guide titled Protecting
account data. While collecting information
customers’ trust and perhaps even defending
Personal Information: A Guide for Business
is often necessary in the course of your daily
yourself against a lawsuit.
to help small businesses learn how to protect
business, it can lead to fraud or identity theft
consumer information such as names, Social
when it falls into the wrong hands. Download
E P CO R • I n side Origination | October 201 3
Source: Federal Trade Commision
8
Understanding Healthcare EFTs
Healthcare Electronic Funds Transfers (EFTs) offer healthcare providers a safe, convenient,
and timely alternative to paper checks or card payments for healthcare claims payments.
What is the Healthcare EFT Standard?
up to 7 days faster than with paper
An EFT is the electronic exchange or transfer
checks, improving cash flow.
of funds from one account to another. EFTs
• Safe and Secure — Checks continue to
2.Provide payment information to
health plans — Enroll in EFT with a few
health plans each week. Start with the
serve as an efficient means of payments for
be the dominant payment form targeted
health plans that represent the largest
providers and their practices. Per the Patient
by fraudsters. Replacing all checks with
percentage of your business.
Protection and Affordable Care Act, the
healthcare EFTs via ACH is the single
NACHA ACH CCD+ is the healthcare standard.
best way to combat fraud.
To receive EFTs, providers can request
• HIPAA EFT Transaction — As a HIPAA
delivery of claims payments via the healthcare
transaction, under 45 CFR 162.925,
EFT standard, and health plans must comply.
providers can request delivery of the
Benefits to using the healthcare EFT
standard are many:
• Easy Automatic Payments — Receiving
3.Receive payments directly in your bank
account — In the same ways employees
receive payroll via Direct Deposit, receive
your claims payments on time, every time.
4.Receive the Reassociation Trace
healthcare ET standard and health plans
Number directly from your bank
must comply.
— Contact your bank to receive the
• Automatic Reasssocation — Only
Reassociation Trace Number to begin
healthcare EFTs via ACH is as quick as
healthcare EFTs via ACH offer providers
automatically matching remittance
receiving Direct Deposit.
the ability to automatically reassociate
information with payments.
• Smart, Cost-Effective Choice — The
cost of claims via ACH is, on average,
only $0.34 versus $10.73 or more for
remittance information.
How to Enroll to Receive the Healthcare
Source: NACHA
EFT Standard
1.Contact health plans — Choose the
other EFT payment types.
• Improved Efficiencies — Healthcare
EFTs via ACH ensure funds are available
healthcare EFT standard (the ACH
CCD+ Addenda) for payment.
E P CO R • I n side Origination | October 201 3
9
Through our direct membership in
NACHA, EPCOR is a specially recognized
and licensed provider of ACH education,
publications and support.
The Bank of Missouri |
888-547-6541
E P CO R • I n side Origination | October 201 3
10