Sample Management System For a Network Marketing Scheme

Transcription

1 Annex 3 Information Required to be Submitted on Application for Approval to Issue Multi-purpose Stored Value Cards The structure of the Scheme 1. Which company is the issuer of the card? 2. What is the name of the card scheme ( the Scheme )? 3. Please provide a short summary of the structure of the Scheme in addition to answering the detailed questions set out below. 4. Please describe the proposed range of uses of the card, including the principal ( core ) use (if any). 5. Please describe the locations in which it is intended that the card will be used. 6. Please list all the parties involved in the Scheme, and describe their respective roles and responsibilities and any inter-relationship between them (e.g. whether the companies concerned are parent, subsidiary or sister companies of one another). 7. Please state whether the card is disposable or reloadable, and whether or not card to card transfer of value is allowed. Contractual arrangements 8. Please provide copies of all contractual documents and agreements which describe the terms and conditions of the Scheme and the rights and obligations of the various parties listed in question Please describe how the terms and conditions of the Scheme define the rights and obligations of the various parties (such as cardholders) in relation to such situations as: (e) (f) (g) lost or stolen cards; disputes over the amount of value stored on a card; damaged cards; counterfeit cards; counterfeit value stored on genuine cards; cardholders liability and service providers rights in respect of unauthorized transactions; and any charge back arrangements. 1

2 10. Please describe the procedures that would be used to resolve disputes arising out of the above situations. 11. Please describe how the rights of cardholders would be protected in the event of the default of the various participating parties in the Scheme (including particularly the issuer and service provider(s)). 12. Please describe the circumstances under which cardholders may obtain repayment or cash refund in respect of value stored on the card. 13. Please provide information about any regular or one-off fees or charges which will apply to the various parties involved in the Scheme. Risk management and internal controls 14. In addition to answering the detailed questions set out below, please provide your own short assessment of the major risks to which the Scheme may be exposed and how these risks will be managed. 15. Please describe the arrangements and internal controls relating to the manufacture of the cards and the microchip, and the delivery to, and storage of, the cards by the issuer. 16. Please describe the arrangements and internal controls relating to the following: the creation of value to be stored on cards; the downloading of value onto cards; the transfer of value among participants in the Scheme; and the redemption of value. 17. Please describe the arrangements and internal controls relating to the issuance of cards, including: whether checks are made on the identity of cardholders; whether a register of cardholders is maintained; and whether the card is linked to a particular bank account. 18. Please describe the software and hardware protection incorporated in the microchip, including the extent to which it is resistant to tampering and reverse-engineering. 19. Please describe the encryption and authentication techniques used to protect the confidentiality and integrity of data during transmission and while stored on the card. 20. What arrangements have been put in place to guard against collusion among employees who have access to key security information? 2

3 21. Please describe the circumstances in which on-line authorization and PIN numbers are required to be used in making transactions with the card. 22. Please describe the arrangements for maintaining records for transactions made with the card. To what extent is there an audit trail for transfers of value, (including between cards (if permitted))? 23. Please describe any limits which apply to the amount of value that may be stored on the card or on the size of individual transactions that may be made with the card. 24. Please describe any safeguards, not already mentioned above, to protect against the use of the card for money laundering. 25. Please describe the arrangements for the monitoring of unusual transactions and for the detection and investigation of possible fraud. 26. Have the various security aspects of the Scheme (including chip security and the encryption/authentication techniques) been reviewed by independent consultants? If yes, please provide us with copies of the reports. If not, please describe what other steps you have taken to review the security of the Scheme and provide any written material arising from such review. 27. What arrangements are in place to ensure that the risk management systems and internal controls are reviewed on a regular basis (e.g. by external or internal auditors)? 28. Please describe the arrangements for preserving the confidentiality of customer information, including compliance with the Personal Data (Privacy) Ordinance. 29. Please describe how to meet the relevant best practices set out in the Code of Banking Practice, particularly those specific to stored valued cards. Contingency plans 30. Please describe the disaster recovery plan (e.g. in the event of major computer failure) and the back-up systems that are in place. 31. Please describe the action that would be taken in the event of a major compromise of the Scheme (e.g. as a result of substantial forgery). If there is provision to close down the Scheme, please describe how that would be done and how the interests of cardholders would be protected. 3

4 Clearing and settlement arrangements 32. Please describe the timetable and the arrangements for settling payments due between participants in the Scheme (e.g. between the issuer and service providers or between issuing banks which are members of the same Scheme). Accounting arrangements and management of the float 33. Please describe the principal accounting policies that will apply in relation to the Scheme, including how the liability in respect of value stored on the card will be reflected in the balance sheet of the issuer. 34. Please describe the arrangement for holding, managing and investing the float (i.e. the funds which back the value stored on the cards). 35. Please describe the extent to which the assets representing the float will be held separate from the other assets of the holder of the float. 36. In which type of assets will the float be invested? 37. Please describe how the liquidity needs of the Scheme will be determined, and how these needs are reflected in the investment policy described in the previous question. In particular, how will you ensure that the Scheme has sufficient liquid assets to meet its obligations to service providers and to cardholders? 38. Please describe how the various other risks associated with the float (e.g. credit risk and market risk in its investments) will be managed. 39. Please describe how the management of the float will be monitored and controlled (e.g. by internal audit). Business plan 40. When will the Scheme be launched? If it will be launched in stages, please provide the proposed timetable for these. 41. Where a card is to have a core use (see question 4 above) and various ancillary or incidental uses, please explain the business case for such ancillary/incidental uses and describe the extent to which they relate to the core use. 42. Please provide projections of the following for each of the first three years of operation: the number of cards expected to be in circulation at the end of each year; 4

5 (e) (f) (g) the aggregate amount of outstanding value on cards at the end of each year; the average amount of outstanding value per card during each year; the average value per transaction; the aggregate annual value of transactions broken down by core and non-core uses (each such use to be separately identified if possible); the balance sheet for the Scheme at the end of each year (i.e. the liabilities and associated assets arising from the Scheme); and the profit/loss arising from the Scheme for each year. 43. Please describe the arrangements for monitoring the various uses of the card and the ability to restrict the volume of non-core uses if these become substantial in relation to the core use. 5