- Personal Home
- Products & Services
- Insights
-
Explore Topics
- Save
- Spend
- Borrow
- Invest
- Wealth Mangagement
- Small Business
- See All
-
Featured Insight
-
- 3 Tips to Help Manage a Never-Ending Shopping List
-
As your family's needs grow and change, so will your grocery list. By implementing a few easy tricks, you can manage your spending and return home happy.
-
- Support
- Small Business Home
- Products & Services
- Insights
-
Explore Topics
- Starting Your Business
- Managing Your Business's Finances
- Running Your Business
- Growing Your Business
- Business Planning
- Corporate & Institutional
- See All
-
Featured Insight
-
- Saying "No" is One of the Best Strategic Moves
-
Entrepreneur Brian Honigman, founder at Honigman Media, explains the rules of saying “No” that can help keep you focused on your financial goals.
-
- Support
- Corporate & Institutional Home
- Your Needs
- Our Businesses
- Industry Specialties
- Insights
-
Explore Topics
- Maximize Cash Flow
- Raise Capital
- Mitigate Risk
- Go International
- Gain Market Insight
- Manage Assets
- Manage Nonprofit Enterprises
- Pursue Strategic Alternatives
- See All
-
Featured Insight
-
- Will Blockchain Become a Welcome Disruption in Healthcare?
-
As blockchain technology evolves, there are opportunities for blockchains to significantly improve financial and clinical operations in healthcare.
-
Sign on to Online Banking
- Forgot User ID or Password?
-
ENROLL IN ONLINE BANKING:
Personal | Small Business - Sign on to PINACLE®
Get our Mobile Banking Apps »
Personal and Small Business:
Sign on to Mobile Banking »
Personal and Small Business:
Sign on to Online Banking »
Corporate and Institutional:
Sign on to PINACLE® »
NACHA Rule Change
September 2013: ACH Security Framework
On September 20th, 2013, the ACH Security Framework Rule change will be implemented. The ACH Security Framework establishes minimum data security obligations for ACH Network participants to protect ACH data within their purview. This Rule is aimed at protecting the security and integrity of certain ACH data throughout its lifecycle, and is intended to be consistent with other data security obligations of ACH Network participants.
The Rule implementation includes three sets of rules:
- Protection of Sensitive Data and Access Controls
- Self-Assessment; and
- Verification of Third-Party Senders and Originators
Protection of Sensitive Data and Access Controls
The ACH Security Framework Rule requires non-consumer Originators, Participating DFIs (Depository Financial Institutions), Third Party Service Providers, and Third-Party Senders to establish, implement, and, as appropriate, update security policies, procedures, and systems related to the initiation, processing, and storage of Entries.
These policies, procedures, and systems must:
- Protect the confidentiality and integrity of Protected Information;
- Protect against anticipated threats or hazards to the security or integrity of Protected information; and
- Protect against unauthorized use of Protected Information that could result in substantial harm to a natural person
The amendment defines Protected Information as the non-public personal information, including financial information, of a natural person used to create, or contained within, an Entry and any related Addenda Record. This not only covers financial information, but also includes sensitive non-financial information (such as health information) that may be incorporated into the Entry or any related Addenda Record. This Rule applies to consumer information only, which is consistent with existing regulations and also with the approach of aligning the ACH Security Framework with existing industry regulations and guidance. However, impacted ACH participants may wish to apply the rule so that it covers all customers.
Security policies, procedures, and systems of ACH participants covered by this Rule must include controls on system access that comply with applicable regulatory guidelines. The systems impacted include all systems used by the ACH participate to initiate, process, and store Entries.
Self Assessment
Each Participating DFI, Third-Party Service Provider, and Third-Party Sender is required under the amendment to verify, as part of its annual ACH Rules Compliance Audit, that it has established, implemented, and updated the data security policies, procedures, and systems required by the ACH Security Framework Rule.
The annual Rules Compliance Audit applies directly to DFIs, Third-Party Providers and Senders, but not directly to Originators. Originators are bound to the NACHA Operating Rules through their origination agreements with their ODFIs. Therefore, the Originators must ensure that they have existing policies, procedures, and systems in place that will enable compliance with the ACH Security Framework.
Verification of Third-Party Senders and Originators
This Rule requires ODFIs to use a commercially reasonable methods to establish the identity of each non-consumer Originator or Third-Party Sender with whom the ODFI enters into an origination agreement at the time the agreement is created.
If you are an Originator, Third-Party Senders, or Third Party Service Providers, it is your responsibility to determine if existing policies, procedures, and systems are sufficient to comply with the ACH Security Framework Rule. If you do not have such policies, procedures and systems in place, you will need to establish and/or update policies, procedures, and systems to ensure compliance. Additionally, if you are Third-Party Sender or Third-Party Service Provider, you will need to add such verification to your annual Rules Compliance audit.
For additional information regarding this Rule change, or to request a copy or access to the latest ACH Rules from PNC, please contact your Treasury Management representative to request an access code to achrulesonline.org.
Feedback
