Operational Resilience in Funds Transfers

Based on the principles of the GRF Operational Resilience Framework, GRF, Nacha, and the ACH Network produced a joint paper on the operational resilience of funds transfers titled “Enhancing Operational Resilience for ACH Network Participants.” The paper offers five measures to address cybersecurity and operational resilience for financial institutions’ and third parties’ payment operations.

 1. Develop, review, and update annually all ACH incident and recovery plans that address disruption or impairment to ACH Critical Services.

 2. Define minimum ACH service levels that can satisfy the needs of customers, partners and counterparties before the service is no longer useful. These are the Minimum Viable Service Levels (MVSLs) for ACH services which define the “lowest possible level of service delivery (i) to enable customers, partners, and counterparties to continue their operations without significant disruption to the delivery of their critical services to their own customers, partners, and counterparties; or (ii) if the customer is an individual, to minimize consumer harm.”

 3. Establish Service Delivery Objectives for how quickly ACH services can be restored to a target impaired state with considerations of both business and technical dependencies.

 4. Implement recovery environment, processes, and mechanisms to meet Service Delivery Objectives for ACH services.

 5. Independently evaluate and test ACH service restoration processes against Service Delivery Objectives.