Going All In on Board Reporting
|
|
- Hilary Carroll
- 8 years ago
- Views:
Transcription
1 Going All In on Board Reporting February 13, :15 A.M to 11:15 A.M. Tony DaSilva, AAP, CISA Senior Examiner, Federal Reserve Bank of Atlanta Rajiv Donde President, Laru Technologies Peter Davey, AAP VP & Director, Enterprise Payments, Capital One 2014 EastPay. All Rights Reserved
2 Disclaimer This presentation and applicable materials are intended for general education purposes and nothing in this presentation should be considered to be legal, accounting or tax advice. You should contact your own attorney, accountant or tax professional with any specific questions you might have related to this presentation that are of a legal, accounting or tax nature. Image source: Thinkstock 2014 EastPay. All Rights Reserved
3 Guidance on Management and Board Reporting for ACH and RDC Tony DaSilva, AAP, CISA Senior Examiner Federal Reserve Bank of Atlanta
4 Disclaimer The views and opinions expressed in this presentation are those of the individual presenter and do not necessarily represent the views and directives of the Federal Reserve Bank of Atlanta, the Federal Reserve System. The content of the presentation should not be construed as regulatory guidance.
5 Board and Management Issues Nonexistent or Limited Board Level ACH and RDC Risk Tolerances and Reporting Insufficient Data and Analysis in Senior Management Reporting Type and Nature of ACH and RDC Activity Customer Activity Analysis Including Habitual Limit Violators, Profitability, Volumes, Return Rates Limited MIS Capabilities of ACH and RDC Software
6 Top Five Examination Findings 1) Lack of Senior Management & Board Oversight 2) Lack of Adequate MIS and Reporting 3) Lack of Monitoring 4) Inappropriate Approval Process (separation of duties) 5) Inadequate Limits or No Limits 2014 EastPay. All Rights Reserved
7 High-Level Regulatory Requirements Regulatory Body Office of the Comptroller of the Currency (OCC) Regulatory Summary OCC ACH Risk Management Program: Board Reporting Board awareness through periodic reporting whether ACH activities remain within Board-approved risk parameters and achieving appropriate financial results OCC Third Party Service Providers: Third Party Senders - Written Agreements Board-approved third-party sender risk parameters, inclusion in formal written agreements that define obligations and liabilities, information requirements, and requirement for originator approvals OCC - Merchant Processing: Profit Analysis Periodic notice to the Board and senior leadership of the merchant processing operation's profitability OCC ACH Risk Management Program: Systems and Controls Board-approved risk tolerances for the types of businesses and activities for ACH transactions. OCC - Merchant Processing: Risk Management Develop and implement a comprehensive risk management process to manage the risk of merchant services that is appropriate with the size of our program OCC BC International Payments Systems Risk: Centralized Review Process Senior management centralized review for awareness and monitoring of domestic and international payment risk exposure OCC BC International Payments Systems Risk: Policies and Practices Implement policies and practices for participation in large dollar payments systems 2014 EastPay. All Rights Reserved
8 High-Level Regulatory Requirements Regulatory Body Federal Financial Institutions Examination Council (FFIEC) Regulatory Summary IT Wholesale Payments: Board and Management Control Capital One must develop and implement wire policies to enable the Board of Directors to provide administrative direction for Capital One s wire payment function Payments Board Requirements Compliance with Federal Reserve s Payment Systems Risk Policy. Board understanding of processing transactions on own, customer, and respondent accounts Payments Board Requirements Compliance with Federal Reserve s Payment Systems Risk Policy. Manage Fed accounts effectively, prudent use of daylight overdraft, periodically review daylight overdraft activity to ensure operation within the established guidelines. Remote Deposit Capture (RDC) Guidance Board approval of plans, policies, and significant expenditures, review periodic performance and risk management reports on the implementation and ongoing operation of RDC systems and services National Automated Clearing House Association (NACHA) ACH Operating Rules Board or board-approved committee or its designee must approve Direct Access Debit Participant relationships EastPay. All Rights Reserved
9 High-Level Regulatory Requirements Regulatory Body Federal Reserve Bank Regulatory Summary Payment Systems Risk Policy - Risk Framework Board establishes prudent limits on daylight overdrafts in its Federal Reserve accounts, periodically reviews daylight overdrafts levels to ensure Capital One operates within the Board-approved guidelines, and Board appointment of a committee of directors or retain responsibility to focus on payment systems and use of intraday credit as outlined in the Federal Reserve s Payments Systems Risk Policy. Payment Systems Risk Policy Board Review & Debit Cap Resolutions Board annual approval and resolution for daylight overdraft limit Payment Systems Risk Policy - De Minimis Cap Status Submit to the Federal Reserve Bank at least once in each 12-month period a copy of a resolution of the bank s or holding company s Board approving the use of daylight credit up to the de minimis level of 40 percent of the capital measure. Payment Systems Risk Policy - Examiner Review File Maintain a file for examiner review including: (1) an executed copy of Board resolution adopting the net debit cap and (2) status reports made available to the Board regarding compliance with Payment Systems Risk resolution or policy 2014 EastPay. All Rights Reserved
10 ACH related MIS should include: Portfolio-wide ACH origination volume compared to capital ACH returns ACH contract aging Customer distribution by risk rating Customer-specific ACH origination volume trends ACH return trends Unauthorized Return types, volume, $, and % to total transaction Volume Rules/contract violations Times over limit Changes in risk rating Contract date Note: If available, profitability analysis may be appropriate.
11 ACH MIS Reporting Lower Risk and Lower Volume Track daily, multi-day exposure limits Track ACH volume and return trends and compare to capital Identify and track customer-specific originations and returns (risk-based and/or volume-based threshold) Identify and track highest risk ACH originators ACH originator list with SEC code restrictions, limits, ACH line review date, and agreement date Track ACH over limits and exceptions Higher Risk and Higher Volume All from lower risk plus: ACH originations and returns by debits, credits, SEC type, third-party sender, originator Track ACH reserve adequacy High-risk ACH originator risk ranking report High-risk ACH, tracking returns by SEC types and return code
12 Remote Deposit Capture related MIS should include: Portfolio-wide RDC volume compared to total deposits RDC returns to RDC deposits RDC contract aging Customer distribution by risk rating Customer-specific RDC volume trends RDC return trends Times over limit Duplicate deposits Image quality issues Rules/contract violations Changes in risk rating Contract date Note: If available, profitability analysis may be appropriate.
13 Payments Resources FRB Financial Services Website: FRS Payments System Risk Policy: FFIEC Payments Handbooks: OCC ACH Risk Management Guidance: NACHA - The Electronic Payments Association: Payments Study: Check 21:
14 MIS Overview BOD Reporting Premise Sample Reports Rajiv Donde President Laru Technologies
15 Information Systems (MIS) Premise Data Transformation Data Information Knowledge Transaction Data Collated Data / Grouping / Categorization Trends, Cause and Effect ACH Transactions Activity Organization by SEC, industry, Risk Lessons for Business - Basis for policy Operations Did transactions get through? Management Are there deviations from or exceptions to policy? Board Members Are our program policies working?
16 An Attack Example What s wrong here?
17 Data Transformation A transaction was out of trend New receivers were present.
18 BOD Reporting Premise BOD reporting is meant to facilitate a dynamic process between Discovery Realization policy and and of implementation identification intended of Discovery unintended consequences Compliance and identification of consequences with RDFI external Profitability unintended? (Billing reports) Compliance Limits Better risk / Profitability consequences Perspective??(Volume (Billing rules reports) characterization and with external report) Limits? (Volume reward characterization ratio rules and report) Unhealthy regulations Concentration? regulations Industry SEC Code (OCC, FFIEC) (OCC, Compliance FFIEC) with Realization of intended consequence s Better risk / reward ratio Compliance with established policies SEC Return Code rates TPPP Return Rule violations rates Risk Category TPPP Rule violations Risk Category established policies RDFI Perspective
19 Data to support Cost/Benefit Analysis Know How You re Covering the Cost Assess What Your Program is Costing
20 SEC Code Activity Recurring and Non-Recurring Payment Types Know if you have more Recurring or Non-Recurring Transactions
21 TPPP Activity Review Reveal Sub-Originator Activity.
22 Change Report See Threshold Changes Monthly
23 Limit Management Assign Dynamic Limits
24 NACHA Rule Violations Uncover NACHA Rule Violators
25 Review Behavioral Actions of an Entire Risk Group Activity by Risk Category OCC
26 Activity by Industry Analysis by Industry Classification
27 Conclusion Measurement precedes Management Banks are in the business of risk management Strong MIS is critical!
28 Payments Board Reporting: How to make it relevant to your Board Peter Davey VP & Director, Enterprise Payments Capital One
29 Still not convinced that Board Reporting is important? The OCC published proposed rulemaking on January 16, 2014 regarding heightened expectations for Large Banks, but the same guidance holds true for all FI s The proposal centers around 5 key points that will give regulators more teeth in regulating risk management practices of Financial Institutions: 1. One of the primary fiduciary roles of the board of directors is to ensure that the institution operates in a safe and sound manner 2. Large institutions will be required to have a well-defined personnel management program that ensures appropriate staffing levels, provides for orderly succession and provides compensation tools to motivate and retain talent that does not encourage risk taking
30 Still not convinced that Board Reporting is important? (contd.) 3. Institutions should define and communicate acceptable risk appetite across the organization including measurements that: address capital needed, earnings or liquidity, the amount of risk for each business and for each key risk category monitored 4. Develop reliable oversight programs that include strong audit and risk management functions as well as comparing performance to OCC standards and other FI s; ensuring the appropriate actions are taken to address gaps 5. Ensure the board of directors have a thorough understanding of an institution s risk profile in order to ask probing questions of management and ensure senior management is prudently addressing risks
31 The health of your payments environment is larger than just a few key regulatory metrics Issues and Opportunities Throughout the Payments Value Chain Are your processes for Initiation, Processing & Fulfillment, Clearing & Settlement and Reconciliation operating as expected? Have you set thresholds that those processes can be monitored against? Vendor Management and Outsourcing Relationships Do you have your key/strategically important vendors identified? How are you reporting on your vendor management program? Are large portions of your operations outsourced? Have you mapped key controls that your vendor performs on your behalf? Do you have Third Party Senders banking with you or operating on your behalf?
32 The health of your payments environment is larger than just a few key regulatory metrics Event, Fraud and Audit Metrics Have you established thresholds for losses and impact? How are you reporting outages, customer complaints, regulatory complaints? Are you making sure the board is aware of Audit results, upcoming exams (external or internal)? Regulatory & Rules Compliance Have you mapped key regulatory and rules guidance to controls? How are you reporting up the effectiveness or breakdown in those controls? Are folks aware and prepared for upcoming rules or regulatory changes? Have you assessed the net impact of the change and adjusted your revenue, losses etc?
33 It is important to make sure you are presenting the right information to the right people and they know why! Before developing your full report it may be best to get on the board or Senior Executive agenda to discuss: Why you are required to report to them (hint: Use Tony s Summary Slides) What are their responsibilities as it concerns reviewing the report Determine how often you would recommend reporting Educating them as to the types of products, services that are offered and what businesses utilize payments Organizations may have Board and/or Board Committee s The Board Committee may have the power to make changes and then report to the board in summary form For privately held Financial Institutions or Financial Institution holding companies there may be more coordination required
34 Our approach was to make sure we took a broad view of payments and then provide a summary of how payments are performing Overall Status and rationale can help to be a quick indicator of where problems are or how well things are going An individual summary score for each channel will help to identify where more discussion is needed Failures of key metrics and regulatory requirements should be brought to the first page Indicating key accomplishments and upcoming milestones will help to remind executives that this is a journey
35 For each payment channel we created a score card that includes required regulatory data and key elements A summary of key components will help the reader to understand pertinent information It is important to level set what elements are covered in the assessment Context setting through transaction data may be helpful Assessment of key payments value chain elements will help show you have a complete view Setting appropriate thresholds will help to make your report more quantitative and defensible Make sure you highlight the regulatory related metrics
36 Even if everything is going well in your institution it is important to highlight the activities that are needed to maintain a well-managed environment When you may not be in a Green status you will want to ensure your executives know what actions are being taken to get there Risk management is a journey and ever evolving; It is important to let executives know that work is required even when there aren t burning issues Even if things are going well, you may want to highlight industry changes or areas that need to be assessed
37 Implementing board reporting in a disbursed governance model can lead to confusion if not managed appropriately Payments processes aren t the only items your board needs to be aware of so you may need to coordinate with other groups to ensure consistency and avoid duplication Compliance may be able to help identify the other groups that already or should have board commitments Sometimes it may be necessary to report the same metrics in multiple forums so you will want to make sure alignment If there is already a good cadence to present key metrics to your board you will want to make sure you understand when they happen and what format they use Not every organization may have a centralized payments governance group so you may need to identify who takes the lead (Product, Ops, IT) Regardless of who is primarily responsible you will need input from multiple areas Even if you automate your reporting or have a central group aggregate, you need to ensure the business is involved in the review
38 Questions? 2014 EastPay. All Rights Reserved
39 Contact The Presenter Tony DaSilva, AAP, CISA Senior Examiner Federal Reserve Bank of Atlanta Rajiv Donde President Laru Technologies Peter Andrew Davey, AAP VP & Director, Enterprise Payments Capital One 2014 EastPay. All Rights Reserved
40 General Information Audit and Risk Education 2014 EastPay. All Rights Reserved
41 Follow Us on EastPay. All Rights Reserved
AIM for Success and Effectively Manage High Risk Originators
AIM for Success and Effectively Manage High Risk Originators Pamela T. Rodriguez, AAP, CIA, CISA EVP, Risk Management & Education, EastPay Brent Siegel Vice President, Argos Risk Disclaimer This presentation
More informationIndustry Update & New Rules. Stephanie Schrickel, AAP Director, emarketing. 2014 EastPay. All Rights Reserved 1 EASTPAY
Industry Update & New Rules Stephanie Schrickel, AAP Director, emarketing EASTPAY Not-for-profit Regional Payments Association Educational Programs Member benefits Voice & Representation in National Rule
More informationO OCC BULLETIN OCC 2006-39. Automated Clearing House Activities. Risk Management Guidance
O OCC BULLETIN Comptroller of the Currency Administrator of National Banks Subject: Automated Clearing House Activities Description: Risk Management Guidance TO: Chief Executive Officers, Chief Risk Officers,
More informationThird-Party Senders Risks and Best Practices
Third-Party Senders Risks and Best Practices Please turn off all cell phones or mobile devices. Thank you to today s sponsors! This morning s refreshment break sponsored by The Royal Bank of Scotland EventMobile
More informationIdentifying Key Risk Indicator
PUERTO RICO PAYMENTS SYMPOSIUM Identifying Key Risk Indicator EPOCPR Services Agenda for Today Background History Regulators & Risk Management Let s have fun Regulators & Risk Assessment ACH Risks Categories
More informationRisk Management of Remote Deposit Capture
Federal Financial Institutions Examination Council 3501 FAIRFAX DRIVE ROOM 3086 ARLINGTON, VA 22226-3550 (703) 516-5487 http://www.ffiec.gov Background and Purpose Risk Management of Remote Deposit Capture
More informationVendor Management Compliance Top 10 Things Regulators Expect
Vendor Management Compliance Top 10 Things Regulators Expect Paul M. Phillips, CFA Attorney, Adams and Reese Pamela T. Rodriguez, AAP, CIA, CISA EVP, Risk Management & Education, EastPay 2014 EastPay.
More informationThird Party Payment Processors Job Aid
Third Party Payment Processors Job Aid This job aid is to be used by state institution examiners as a means to understand, identify, and assess the risks associated with institutions relationships with
More informationOperational Means to Fraud Mitigation and BSA/AML Compliance
Operational Means to Fraud Mitigation and BSA/AML Compliance Brad Johnson Director of Business Development Centrix Solutions Helen May SVP, Director of Operations Bank of Tampa www.centrixsolutions.com
More information2015 NACHA Rules, Same Day ACH and Regulation E Changes
2015 NACHA Rules, Same Day ACH and Regulation E Changes Recently Approved Amendments to Improve Quality and Reduce Risk in the ACH Network 2015 NYBA Technology, Compliance & Risk Management Forum DISCLAIMER
More informationGUIDANCE ON PAYMENT PROCESSOR RELATIONSHIPS (Revised July 2014)
Federal Deposit Insurance Corporation 550 17th Street NW, Washington, D.C. 20429-9990 Financial Institution Letter FIL-127-2008 November 7, 2008 GUIDANCE ON PAYMENT PROCESSOR RELATIONSHIPS (Revised July
More informationHealthcare & ACH Be Prepared for 2014. Kevin Olsen, AAP, MCSE Director of Education. 2013 EastPay. All Rights Reserved EASTPAY
Healthcare & ACH Be Prepared for 2014 Kevin Olsen, AAP, MCSE Director of Education Teamwork Respect Passion Integrity Trust EASTPAY Not-for-profit Regional Payments Association Educational Programs Member
More informationACH Operations Bulletin #1-2014
ACH Operations Bulletin #1-2014 Questionable ACH Debit Origination: Roles and Responsibilities of ODFIs and RDFIs September 30, 2014 Replaces ACH Operations Bulletin #2-2013 (Originally Issued March 14,
More informationACH Transactions
ACH Operations Bulletin #2-2014 ACH Transactions Involving Third-Party Senders and Other Payment Intermediaries December 30, 2014 EXECUTIVE SUMMARY In most ACH transactions, the roles of the various parties
More informationFederal Financial Institutions Examination Council FFIEC. Retail Payment Systems RPS. February 2010 IT EXAMINATION HANDBOOK
Federal Financial Institutions Examination Council FFIEC Retail Payment Systems February 2010 RPS IT EXAMINATION HANDBOOK RETAIL PAYMENT SYSTEMS RISK MANAGEMENT Action Summary Financial institutions engaged
More informationA Cautionary Tale Plus Cross-Channel Risk
Dan Tobin A Cautionary Tale Plus Cross-Channel Risk IT Examiner Supervision, Regulation & Credit Dan.tobin@bos.frb.org Agenda A Cautionary Tale Shames-Yeakel v. Citizens Financial Bank Cross-Channel Risk
More informationKnowing your customers and their customers and their customers and so on and so on
Knowing your customers and their customers and their customers and so on and so on Identifying your Third-Party s and their Nested s This ACH risk management white paper provides an overview of ACH relationships
More informationDon t Originate in the Dark: Shine Some Light on Your Third-Party Senders and Their Originators
Don t Originate in the Dark: Shine Some Light on Your Third-Party Senders and Their Originators This ACH risk management white paper examines the risks related to ACH transactions processed by Third-Party
More informationQ2: What return codes are included in the Unauthorized Return Rate Threshold?
Unauthorized Return Rate Threshold Q1: What is the new Unauthorized Return Rate Threshold? This rule reduces the return rate threshold for unauthorized debit entries from 1.0 percent to 0.5 percent. All
More informationVendor Management Compliance Top 10 Things Regulators Expect
Vendor Management Compliance Top 10 Things Regulators Expect Peter Davey, AAP VP & Director, Enterprise Payments, CapitalOne Pamela T. Rodriguez, AAP, CIA, CISA EVP, Risk Management & Education, EastPay
More informationACH Operations Bulletin #2-2013
ACH Operations Bulletin #2-2013 High-Risk Originators and Questionable Debit Activity March 14, 2013 EXECUTIVE SUMMARY Recent press reports have inaccurately stated that some Receiving Depository Financial
More informationEnterprise Risk Management Process Improvement. Secure Banking Solutions, LLC
Enterprise Risk Management Process Improvement 2 Contact Information Contact Information Chad Knutson Senior Information Security Consultant CISSP, CISA, CRISC Phone: 605-480-3366 chad.knutson@protectmybank.com
More informationPayment Processor Relationships Revised Guidance
Federal Deposit Insurance Corporation 550 17th Street NW, Washington, D.C. 20429-9990 Payment Processor Relationships Revised Guidance Financial Institution Letter FIL-3-2012 January 31, 2012 Summary:
More informationVendor Management: An Enterprise-wide Focus. Susan Orr, CISA CISM CRISC CRP Susan Orr Consulting, Ltd.
Vendor Management: An Enterprise-wide Focus Susan Orr, CISA CISM CRISC CRP Susan Orr Consulting, Ltd. Why Focus on Vendor Management Increased financial regulatory scrutiny GLBA and Identity Theft Red
More informationValidating Third Party Software Erica M. Torres, CRCM
Validating Third Party Software Erica M. Torres, CRCM Michigan Bankers Association Risk Management & Compliance Institute September 29, 2014 MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT
More informationOutsourced Third Party Relationship Management/ Vendor Management. TTS Webinar July 15, 2015 Susan Orr CISA, CISM, CRISC, CRP
Outsourced Third Party Relationship Management/ Vendor Management TTS Webinar July 15, 2015 Susan Orr CISA, CISM, CRISC, CRP 1 Risk Management Guidance 2 3 Appendix J: 4 - Key Elements Third Party Management
More informationFFIEC Cybersecurity Assessment Tool
Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,
More informationACH Internal Control Questionnaire
ACH Internal Control Questionnaire AUTOMATED CLEARING HOUSE (ACH) Assessment of the Adequacy of Internal Controls Completed by: Date Completed: Quality of Management and Support for ACH Processing Activity
More informationACH and Third Party Payment Processors
ACH and Third Party Payment Processors Definition of Third-Party Relationship Entity with which financial institution has entered into a business relationship Facilitate customer access to bank services
More informationAny business relationship between a bank and another entity, by contract or otherwise
An Overview for Bank Directors Managing the Third Party Relationship Patrick Neuman Boardman & Clark LLP Madison, Wisconsin Any business relationship between a bank and another entity, by contract or otherwise
More informationGUIDANCE FOR MANAGING THIRD-PARTY RISK
GUIDANCE FOR MANAGING THIRD-PARTY RISK Introduction An institution s board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships,
More informationNational Check Payments Certification. Fraud, Risk, and Risk Mitigation Part II. Copyright 2015 by the Electronic Check Clearing House Organization
NCP 2016 Exam Cycle Core Training Series Session 11 National Check Payments Certification Fraud, Risk, and Risk Mitigation Part II Copyright 2015 by the Electronic Check Clearing House Organization NOTICES
More informationAutomated Clearing House
Automated Clearing House THE SERVICE Customer wishes to initiate credit and/or debit Entries as an Originator through Bank to Accounts maintained at Bank and in other depository financial institutions
More informationManaging TPPPs and TPSs in the Current Regulatory Environment
November 2015 Managing TPPPs and TPSs in the Current Regulatory Environment Prepared by: Jodie Ruby, Director Audience: This document is intended for managers, directors and executives who deal with business
More informationMobile Deposit Policy
Mobile Deposit Policy Mobile Deposit, a deposit transaction delivery system, allows the Credit Union to receive digital information from deposit documents captured at remote locations (i.e., the Credit
More informationThird-Party Sender Case Studies: ODFI Best Practices to Close the Gap An ACH Risk Management White Paper
Third-Party Sender Case Studies: ODFI Best Practices to Close the Gap An ACH Risk Management White Paper This ACH risk management white paper examines three case studies related to Third-Party Sender Risk.
More informationACH GUIDE ACH PARTICIPATION
Materials needed: ACH policies (Audit and general), the last two ACH audits, security settings (Operator Reports) for the processing method the FI has chosen, Originator contracts and any reviews of Originator
More informationInformation Technology
Information Technology Information Technology Session Structure Board of director actions Significant and emerging IT risks Practical questions Resources Compensating Controls at the Directorate Level
More informationWHITE PAPER THIRD PARTY MANAGEMENT: FUNDAMENTALS
THIRD PARTY MANAGEMENT: FUNDAMENTALS by Linda Tuck Chapman Sponsored by Third Party Management Fundamentals Third Party Management isn t new, but its importance is growing in every industry and the financial
More informationOutsourcing Technology Services A Management Decision
Outsourcing Technology Services A Management Decision A Telephone Seminar for National Banks Tuesday, July 20, 2004 And again on Wednesday, July 21, 2004 Agenda Outsourcing activities and relationships
More informationThis presentation was originally given by:
This presentation was originally given by: Michael Alfonsi, Managing Director Analytic Results For questions about this material contact Michael at: 610-329-7980 ACH: Basics Michael Alfonsi AnalyticResults
More informationRemote Deposit Capture Customer Due Diligence FFIEC Tier II Exam Considerations Plus Mobile Capture! March 5, 2014. Topics of Discussion
Remote Deposit Capture Customer Due Diligence FFIEC Tier II Exam Considerations Plus Mobile Capture! March 5, 2014 Carolyn C. Dowdy, Speaker Bank Project Solutions does not guaranty by implementing criteria
More informationRegulatory Practice Letter February 2014 RPL 14-05
Regulatory Practice Letter February 2014 RPL 14-05 CFPB Nonbank Supervision of International Money Transfer Providers Proposed Rule Executive Summary The Consumer Financial Protection Bureau (CFPB or Bureau)
More informationTo: Our Clients and Friends March 25, 2014
Financial Services Group To: Our Clients and Friends March 25, 2014 A Significant Change Is Occurring Regarding Regulatory Oversight of Banks and Their Third Party Relationships. Both Banks and their Vendors
More informationCredit Union Liability with Third-Party Processors
World Council of Credit Unions Annual Conference Credit Union Liability with Third-Party Processors Andrew (Andy) Poprawa CEO, Deposit Insurance Corporation of Ontario Canada 1 Credit Union Liability with
More informationFDIC Updates Guidance on Payment Processor Relationships
February 2012 FDIC Updates Guidance on Payment Processor Relationships BY KEVIN L. PETRASIC In its recently issued Financial Institution Letter, FIL-3-2012, the Federal Deposit Insurance Corporation (
More informationIncreasingly community banks are turning to
A system of ACH risk-management valves can help banks bypass the big loss By Jeanette A. Fox and Cary Whaley Increasingly community banks are turning to payments, specifically Automated Clearing House
More informationAsset Management. Comptroller s Handbook. Comptroller of the Currency Administrator of National Banks
AM- Comptroller of the Currency Administrator of National Banks Comptroller s Handbook 20 AM Asset Management Asset Management UOperations and Controls Table of Contents Asset Management Operations and
More informationACH Network Risk and Enforcement Topics Request for Comment and Request for Information. Executive Summary and Rules Description November 11, 2013
ACH Network Risk and Enforcement Topics Request for Comment and Request for Information Executive Summary and Rules Description November 11, 2013 RESPONSES DUE BY MONDAY, JANUARY 13 2014 NACHA requests
More informationGovernance Guideline SEPTEMBER 2013 BC CREDIT UNIONS. www.fic.gov.bc.ca
Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS www.fic.gov.bc.ca INTRODUCTION The Financial Institutions Commission 1 (FICOM) holds the Board of Directors 2 (board) accountable for the stewardship
More informationTreasury Management Services Product Terms and Conditions
Treasury Management Services Product Thank you for choosing M&T Bank for your treasury management service needs. We appreciate the opportunity to serve you. If you have any questions about this Product
More informationQUICK GUIDE Automated Clearing House (ACH) Rules for ACH Originators
QUICK GUIDE To ensure compliance with current regulations, all ACH Originators must obtain a current copy of the National Automated Clearing House Association (NACHA) Operating Rules (Rules) and Guidelines
More informationthe evolving governance Model for CYBERSECURITY RISK By Gary owen, Director, Promontory Financial Group
the evolving governance Model for CYBERSECURITY RISK By Gary owen, Director, Promontory Financial Group 54 Banking PersPective Quarter 2, 2014 Responsibility for the oversight of information security and
More informationSupporting Effective Compliance Programs
October 2015 Supporting Effective Compliance Programs The Oversight Roles of the Board Audit and Risk Committees in Regulatory Compliance By Paul Osborne, CPA, CAMS, AMLP, and Peggy Sepp, CIA To be effective,
More informationB o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing
B o a r d of Governors of the Federal Reserve System Supplemental Policy Statement on the Internal Audit Function and Its Outsourcing January 23, 2013 P U R P O S E This policy statement is being issued
More informationAnti-Money Laundering
Bank Secrecy Act and Anti-Money Laundering FDIC Atlanta Region s Regulatory Conference Call March 20, 2014 2 Speakers Assistant Regional Director Timothy Hubby Special Activities Case Manager Danielle
More informationFFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors
Overview for Chief Executive Officers and Boards of Directors In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed
More informationTHIRD PARTY PAYMENT PROVIDERS
THIRD PARTY PAYMENT PROVIDERS BY DARLIA FOGARTY, DIRECTOR OF COMPLIANCE & COO KNOWLEDGE. CLARITY. RELIABILITY. www.compliancealliance.com (888) 353-3933 THIRD PARTY PAYMENT PROCESSORS Third Party Payment
More informationUnlawful Internet Gambling Enforcement Act of 2006 Overview
Attachment A Unlawful Internet Gambling Enforcement Act of 2006 Overview This document provides an overview of the Unlawful Internet Gambling Enforcement Act of 2006 (UIGEA or Act), 31 USC 5361-5366, and
More informationOffice of the Comptroller of the Currency Board of Governors of the Federal Reserve System Federal Deposit Insurance Corporation
Office of the Comptroller of the Currency Board of Governors of the Federal Reserve System Federal Deposit Insurance Corporation Concentrations in Commercial Real Estate Lending, Sound Risk Management
More informationPreparing for an OFAC Review An Examiner s Perspective
Preparing for an OFAC Review An Examiner s Perspective John Reynolds Examining Officer and Team Leader, Legal and Consumer Compliance Risk Department Federal Reserve Bank of New York January 27, 2012 Disclaimer:
More informationNavigating Vendor Management Issues in Today s Regulatory Environment
Navigating Vendor Management Issues in Today s Regulatory Environment May 6, 2015 Elizabeth E. McGinn, Partner Moorari K. Shah, Counsel 1 Disclaimer The information contained herein is for informational
More informationExecutive Fraud Forum October 30, 2013
Executive Fraud Forum October 30, 2013 Payments Fraud Trends Mary Kepler, Director, Retail Payments Risk Forum, Federal Reserve Bank of Atlanta Judy Long, Executive Vice President, First Citizens National
More informationTO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel
AL 2000 12 O OCC ADVISORY LETTER Comptroller of the Currency Administrator of National Banks Subject: Risk Management of Outsourcing Technology Services TO: Chief Executive Officers of National Banks,
More informationACH Origination File System Changes
ACH Origination File System Changes Details Topic 1- Reducing the Unauthorized Return Rate Threshold The Rule will reduce the current return rate threshold for unauthorized debit Entries (Return Reason
More informationThe New Third-Party Oversight Framework: Trust but Verify kpmg.com
Financial Services Regulatory Point of View The New Third-Party Oversight Framework: Trust but Verify kpmg.com The New Third-Party Oversight Framework: Trust but Verify 1 Financial services regulatory
More informationManaging your community bank s ACH and demand draft risk By George F. Thomas
Payment Protocols Managing your community bank s ACH and demand draft risk By George F. Thomas Would anyone in their right mind attempt to drive a car blindfolded? Well, the answer would be an emphatic
More informationELECTRONIC FUNDS TRANSFERS YOUR RIGHTS AND RESPONSIBILITIES
ELECTRONIC FUNDS TRANSFERS YOUR RIGHTS AND RESPONSIBILITIES Indicated below are types of Electronic Fund Transfers we are capable of handling, some of which may not apply to your account. Please read this
More informationCFPB Consumer Laws and Regulations
General Principles and Introduction Supervised entities within the scope of CFPB s supervision and enforcement authority include both depository institutions and non-depository consumer financial services
More informationCASH AND DUE FROM BANKS Section 3.4
OVERVIEW...2 Cash...2 Clearings...2 Cash Items...2 Due From Banks...3 Deposit Notes...3 EXAMINATION OBJECTIVES...4 Primary Reserves...4 Interbank Liabilities...4 Compensating Balances...4 Correspondent
More informationPayment Systems. Version 1.0 July 2013. Introduction
Introduction This module applies to examinations of the Federal Home Loan Banks (FHLBanks), the Office of Finance; Fannie Mae and Freddie Mac. The module refers to these institutions collectively as the
More informationRegulatory Compliance - What You Need to Know. John Zasada Principal CliftonLarsonAllen 218 790 1086 John.zasada@claconnect.com
Regulatory Compliance - What You Need to Know John Zasada Principal CliftonLarsonAllen 218 790 1086 John.zasada@claconnect.com Compliance Risk Defense or move forward It exists for all FIs Identify, rank,
More informationChief Executive Officers of All National Banks, Department and Division Heads, and All Examining Personnel.
AL 2000 9 O OCC ADVISORY LETTER Comptroller of the Currency Administrator of National Banks Subject: Third-Party Risk TO: Chief Executive Officers of All National Banks, Department and Division Heads,
More information250 E Street, SW 20 th Street & Constitution Avenue, NW Washington, DC 20219 Washington, DC 20551
James Chessen, Ph.D. Chief Economist (202) 663-5130 jchessen@aba.com May 16, 2011 Communications Division Ms. Jennifer J. Johnson Office of the Comptroller of the Currency Secretary Mail Stop 2-3 Board
More informationOCC 98-3 OCC BULLETIN
To: Chief Executive Officers and Chief Information Officers of all National Banks, General Managers of Federal Branches and Agencies, Deputy Comptrollers, Department and Division Heads, and Examining Personnel
More informationNACHA and the ACH Network: What You May Not Know
NACHA and the ACH Network: What You May Not Know February 27, 2014 2014 NACHA The Electronic Payments Associa
More information5500 Brooktree Road, Suite 104 Wexford, PA 15090 888-436-5101 www.profituity.com AN OVERVIEW OF ACH COPYRIGHT 2013, PROFITUITY, LLC
5500 Brooktree Road, Suite 104 Wexford, PA 15090 888-436-5101 www.profituity.com AN OVERVIEW OF ACH COPYRIGHT 2013, PROFITUITY, LLC Page 2 of 11 Contents Automated Clearing House... 3 The Role of NACHA...
More informationThe U.S. REGULATORY LANDSCAPE for MOBILE PAYMENTS
The U.S. REGULATORY LANDSCAPE for MOBILE PAYMENTS Summary Report of Meeting between Mobile Payments Industry Workgroup and Federal and State Regulators on April 24, 2012 Marianne Crowe, Federal Reserve
More informationHUMAN RESOURCES COMMITTEE OF THE BOARD OF DIRECTORS OF THE TORONTO-DOMINION BANK CHARTER
HUMAN RESOURCES COMMITTEE OF THE BOARD OF DIRECTORS OF THE TORONTO-DOMINION BANK Main Responsibilities: CHARTER ~~ Responsible for Management s Performance Evaluation, Compensation and Succession Planning
More informationFrontier State Bank ELECTRONIC FUNDS TRANSFER
Frontier State Bank ELECTRONIC FUNDS TRANSFER YOUR DEISCLOSURE STATEMENT AND AGREEMENT FOR TRANSFUND CARD, DEBIT CARD AND OTHER ELECTRONIC FUND TRANSFER SERVICES This is a Disclosure Statement and Agreement
More informationVendor Management Best Practices
Vendor Management Best Practices Presented by: Raji Sathappan, MBA, CRCM, CISA, CAMS FMS East Coast Regional Conference September 2015 Certified Public Accountants Consultants Wealth Management Technology
More informationUnderstanding & Managing Third Party Relationships in the ACH Network. PAYMENTS 2008 May 18, 2008 Las Vegas, NV
Understanding & Managing Third Party Relationships in the ACH Network PAYMENTS 2008 May 18, 2008 Las Vegas, NV 1 Your Presenters Stuart Williams Director, CheckFree Payment Services CheckFree now part
More informationGet In Tune With Third Parties: Finding the harmonies between Third Party Senders, Originators, and Customers.
Get In Tune With Third Parties: Finding the harmonies between Third Party Senders, Originators, and Customers. Marsha Jones President TPPPA Brent Siegel Vice President Argos Risk 1 1 AGENDA/OUTLINE Third-Party
More informationBoard of Directors and Senior Management 2. Audit Management 4. Internal IT Audit Staff 5. Operating Management 5. External Auditors 5.
Table of Contents Introduction 1 IT Audit Roles and Responsibilities 2 Board of Directors and Senior Management 2 Audit Management 4 Internal IT Audit Staff 5 Operating Management 5 External Auditors 5
More information2015, EPCOR. All Rights Reserved. 1
s Risks Regional Payments Associations, through their Direct Membership in NA, are specially recognized and licensed providers of education, publications and support. Regional Payments Associations are
More informationInternational ACH IAT and the Corporate Practitioner
International ACH IAT and the Corporate Practitioner Priscilla C. Holland, AAP, CCM NACHA, The Electronic Payments Association Mark K. Webster, CPA, CCM, Partner Treasury Alliance Group LLC You might need
More informationDEBIT MASTERCARD AGREEMENT Revision 10-27-10
Please read this disclosure carefully because it tells you your rights and obligation concerning Electronic Fund Transfers and your Debit MasterCard. You should keep this disclosure for further reference.
More informationSupervisory Guidance on Operational Risk Advanced Measurement Approaches for Regulatory Capital
Supervisory Guidance on Operational Risk Advanced Measurement Approaches for Regulatory Capital Draft Date: July 2, 2003 Table of Contents I. Purpose II. Background III. Definitions IV. Banking Activities
More informationQuestions You Should be Asking NOW to Protect Your Business!
Questions You Should be Asking NOW to Protect Your Business! Angi Farren, AAP Senior Director Jen Wasmund, AAP Compliance Services Specialist 31 st Annual Conference SHAPE YOUR FUTURE April 23, 2013 Regional
More informationM-Aud. Comptroller of the Currency Administrator of National Banks. Internal and External Audits. Comptroller s Handbook. April 2003.
M-Aud Comptroller of the Currency Administrator of National Banks Internal and External Audits Comptroller s Handbook April 2003 M Management Internal and External Audits Table of Contents Introduction...1
More informationRisk Management of Outsourced Technology Services. November 28, 2000
Risk Management of Outsourced Technology Services November 28, 2000 Purpose and Background This statement focuses on the risk management process of identifying, measuring, monitoring, and controlling the
More informationThe Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant
THE MARKET LEADER IN IT, SECURITY AND COMPLIANCE SERVICES FOR COMMUNITY FINANCIAL INSTITUTIONS The Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant Agenda
More informationICBA Summary of FFIEC Cybersecurity Assessment Tool
ICBA Summary of FFIEC Cybersecurity Assessment Tool July 2015 Contact: Jeremy Dalpiaz Assistant Vice President Cyber Security and Data Security Policy Jeremy.Dalpiaz@icba.org www.icba.org ICBA Summary
More informationIntegrating Payables and Receivables to Unlock Working Capital
Integrating Payables and Receivables to Unlock Working Capital Approved for 1 CTP / CCM recertification credit by the Association of Financial Professionals May 2009 Introductions David Kunz Treasury Management
More informationWho s Regulating Whom & What are the Requirements: Banks As Payment Services Providers
Who s Regulating Whom & What are the Requirements: Banks As Payment Services Providers Tony DaSilva, AAP, CISA S&R Senior Technical Expert Federal Reserve Bank of Atlanta Disclaimer The opinions expressed
More informationInternational ACH Transactions (IAT): What is it & How Does It Affect Your Organization?
International ACH Transactions (IAT): What is it & How Does It Affect Your Organization? Priscilla C. Holland, AAP, CCM NACHA, The Electronic Payments Association January 27, 2009 Agenda What is IAT? Reasons
More informationOperational Risk Management Policy
Operational Risk Management Policy Operational Risk Definition A bank, including a development bank, is influenced by the developments of the external environment in which it is called to operate, as well
More informationThe Hottest Trends in Payments Taking Place in the ACH Now!
The Hottest Trends in Payments Taking Place in the ACH Now! Sean Carter SVP Payments Strategies Joe Casali SVP Operations& IT 2015 NEACH. All rights reserved. NEACH, as a Direct Member of NACHA, is a specially
More informationACH Training. Automated Clearing House
ACH Training Automated Clearing House 2014 Information included in this training: General Information What is NACHA Standard Entry Class Codes ACH Services offered by Peoples Bank Originator Requirements
More information