Together with account KYC and account closure, having a plan to manage locking accounts can be an indispensable tool to prevent identity and payments fraud. This guide will provide you the context to understand when and how accounts should be locked, and subsequently unlocked. While valuable, these actions are also sensitive and must be done with careful consideration of their regulatory and operational impact.

When can accounts be locked?

For those with permission, Treasury Prime ledger accounts can technically be locked or unlocked at any time by making a PATCH call to the /account endpoint. However, locking an account must always be done for an appropriate reason, and doing so may have a regulatory impact. Accounts cannot be locked arbitrarily or for indefinite periods of time. Always be sure to lock accounts with care and in coordination with your banking partner.

Permissions & Availability

All accounts on the Treasury Prime ledger are capable of being locked and unlocked via the API. Due to the potential regulatory compliance impact of preventing accountholders from accessing their deposits, additional permissions are required to lock and unlock accounts, both in the Treasury Prime API and in the Console. For more details on the compliance impact of account locking, see the Regulatory Compliance Impact section below. For details on being granted account lock and unlock permissions, contact your Treasury Prime Account Manager.

Lock Reasons

When locking an account, it is necessary for you to include the reason why you are locking that account in the reason parameter of the lock object. e.g.: 
  "lock": {
    "additional_context": "ach_123453254 is disputed by customer.",
    "reason": "transactions_being_investigated_ACH"
  },
Use this table for guidance when selecting the most appropriate reason.
ReasonDescription
transactions_being_investigated_wireInvestigating potentially fraudulent wire payments.
transactions_being_investigated_ACHInvestigating potentially fraudulent ACH payments.
transactions_being_investigated_cardInvestigating potentially fraudulent card transactions.
transactions_being_investigated_check_issuedInvestigating potentially fraudulent activity around checks issued from this account.
transactions_being_investigated_check_depositInvestigating potentially fraudulent check deposits made to this account.
identity_of_customer_being_investigatedInvestigating potential identity fraud related to the accountholder(s).

When should accounts be unlocked?

An account should be unlocked as soon as the investigation that caused it to be locked is resolved. In instances where fraud is verified, it is preferable to initiate the process of account closure than to leave the account locked indefinitely. Allowing accounts to stay locked for an indefinite period of time may run afoul of regulatory requirements, including Reg CC and other regulations. Treasury Prime recommends that any single account should not remain locked for more than 5 business days, but you should always collaborate with your bank partner to make this determination. For this reason, it is important to have an Account Lock Remediation Plan in place with your bank partner before locking any accounts.

Regulatory Compliance Impact

Locking an account may have regulatory impact and should always be done with care and in coordination with your banking partner. Specific regulatory constraints on locking accounts include but are not limited to Reg CC. Treasury Prime, along with your bank partner, can help you create a safe and lightweight compliance program. Contact your Treasury Prime Account Manager for details.

Account Lock Remediation Plan

Before locking any accounts, we recommend that you build out an Account Lock Remediation Plan with your bank partner(s) and Treasury Prime. Your plan should at least address the following questions, though this is not an exhaustive list:
  • The length of time you’ll allow an account to be locked
  • How to handle customer communications and inquiries related to a locked account.
  • What criteria trigger the account to be locked
  • The processes to communicate with the account owner to gain additional context on the nature of the actions that caused the lock.
  • What message will be displayed to the accountholder when a transaction is attempted on a locked account.
Treasury Prime recommends that no single account remains locked for more than 5 business days, with final determination reached in collaboration with your banking partner.

How to Lock an Account

For details about how to lock an account using the API, see the Locking an Account section of the /account endpoint API reference docs.

How to Unlock an Account

For details about how to unlock an account using the API, see the Unlocking an Account section of the /account endpoint API reference docs.

Activity on Locked Accounts

Locking an account will change the expected behavior of payments, cards, and API activity related to the locked account. It is important to understand the impacts noted below in order to build a favorable and complete experience for your accountholders while their accounts are locked.

Payments

Payment TypeBehavior When Locked
ACHAll pending and processing ACHs will be canceled when the lock is initiated. Locked accounts are blocked from creating any new ACHs. Inbound credit ACHs will be allowed, but inbound debit ACHs will be returned.
WireAll pending wires will be canceled when the lock is initiated. Locked accounts are blocked from creating any new wires. Inbound wires will continue to function on a locked account.
Book TransferLocked accounts are blocked from being either the from_account_id or to_account_id on a book transfer.
Check IssuingLocked accounts are blocked from issuing new checks.
Check DepositCheck deposits continue to work as normal on a locked account.

Cards

When an account is locked or unlocked, any cards associated with the account may automatically update their status, depending on the card’s status prior to the lock/unlock action.
Status Change When Account is Locked
Card Status Prior to LockChange When Locked
activeWill be updated to a suspended status.
unactivatedWill be updated to a terminated status.
suspendedNo change.
terminatedNo change.
Status Change When Account is Unlocked
Card Status Prior to UnlockChange When Unlocked
activeN/A — cannot have active cards on a locked account.
unactivatedN/A — cannot have unactivated cards on a locked account.
suspendedWill be updated to active if this card was automatically updated to suspended at the time the account was locked.
terminatedNo change.

Error Messages

When an API call is blocked due to a locked account a 403 - forbidden response will be returned with an error message detailing the cause. 
{
 "error": "The account is locked."
}