Don t Originate in the Dark: Shine Some Light on Your Third-Party Senders and Their Originators
|
|
- Abner Bell
- 8 years ago
- Views:
Transcription
1 Don t Originate in the Dark: Shine Some Light on Your Third-Party Senders and Their Originators This ACH risk management white paper examines the risks related to ACH transactions processed by Third-Party Senders. It provides a general overview of how to evaluate and monitor both Third-Party Senders and their originator customers. By Steven M. Foster Founder and Chairman, Argos Risk
2 Executive Summary Financial institutions that process Automated Clearing House (ACH) transactions are faced with multiple levels of risk. Considered to be one of the safest payment systems in the world 1, the ACH Network provides an extremely reliable and efficient service for the electronic transfer of funds. Although the system itself is secure, the relationships between the parties involved in the processing of these types of transactions are inherently risky. Because an Originating Depository Financial Institution (ODFI) is responsible for all the entries it originates 2, it must be aware of and monitor the three levels of risk associated with its relationships with Third-Party Senders and the Third- Party Sender Originators. The Problem Serving as an intermediary between an ODFI and an Originator, the Third-Party Sender provides ACH origination services to its customers, the Originators. Third-Party Sender services were commonly utilized by payment processors in the mid-2000s, and in 2004, the Third-Party Sender role was officially recognized by NACHA. 3 NACHA s official rule change to the NACHA Operating Rules & Guidelines provided financial institutions and Third-Party Senders themselves with an established structure regarding the definition of these entities and their responsibilities as members of the ACH payments system. The Third-Party Sender is a rather unique entity because it is allowed to create ACH entries on behalf of its customers, the Originators. In this scenario, the Third-Party Sender enters into separate agreements with the ODFI and with the Originator. However, Figure 1. Knowing Third-Party Sender Originators 1 NACHA, History, (September 2013). 2 NACHA, NACHA Operating Rules & Guidelines, NACHA, The Third-Party Sender Case Studies: ODFI Best Practices to Close the Gap, 2012, com/wp-content/uploads/2012/08/thirdpartysenderwhitepaper.pdf, (September 2013). 1
3 the ODFI does not have an agreement with the Originator. As such, the Third-Party Sender creates an unintended barrier between the ODFI and the Originator. The separation caused by the Third-Party Sender between the ODFI and the Originator adds an additional element of risk to ACH entries because the ODFI does not have direct visibility as to who the Originator is or what type of business it is operating. In essence, when an ODFI enters into an agreement with a Third-Party Sender, it adds a third level of risk to its operations. Examiners and ACH auditors are focused on the risk management systems and processes associated with Third-Party Sender relationships. In essence, when an ODFI enters into an agreement with a Third-Party Sender, it adds a third level of risk to its operations. The first level is the Third-Party Sender Portfolio Risk. This level of risk focuses on the relationship between the ODFI and its Third-Party Sender customer group. For example, evaluating the aggregate risk associated with industry concentrations, geographic concentrations, and other risk factors occurring within the ODFI for the Third-Party Sender customer group. The second level of risk is the Third-Party Sender Risk. This level of risk focuses on the risks associated with each separate Third-Party Sender business and its ACH transaction activity. ODFIs need to perform initial due diligence and establish processes that will continually monitor Third-Party Sender performance. The third level of risk is the Third-Party Sender Originator Risk. Because an ODFI does not typically interact directly with the Third-Party Sender Originators, it must understand the Originator s business and monitor its ACH transaction activity. The NACHA Operating Rules state that, An ODFI is responsible for all Entries originated through the ODFI, whether by an Originator or through a Third-Party Sender. 4 All ACH entries that are processed by an ODFI regardless if the ODFI holds an agreement with the entity it is processing for are its responsibility. Furthermore, in September 2013, NACHA added the ACH Security Framework Amendment the NACHA Operating Rules. This amendment makes the verification of Third-Party Senders and Originators using a commercially reasonable method an obligation where before it was only warranty. 5 The amendment states: The Security Framework replaces [the former] warranty with a new prerequisite to origination that more broadly requires the ODFI to verify the identity of all Originators/Third-Party Senders, regardless of the manner in which the Origination Agreement was executed. The amendment makes the requirement an obligation rather than a warranty as previously used for transmissions over Unsecured Electronic Networks. 6 4 NACHA, NACHA Operating Rules & Guidelines, NACHA, Notice of Amendments to the 2012 Operating Rules Supplement #2-2012, Ibid. 2
4 Because of these requirements, it is imperative that the ODFI monitor all three levels of risk associated with its Third-Party Sender relationships. The challenge for all financial institutions is how to implement and manage these key risk processes without requiring resources disproportionate to the size of the organization. Three Levels of Risk ODFIs typically originate ACH transactions for multiple Third-Party Senders and each Third-Party Sender will originate transactions for several hundred customers, the Originators. Figure 2 diagrams the relationship between an ODFI and its Third-Party Senders and their Originators. In addition, this image identifies the different levels of risk present in the overall relationship hierarchy. Figure 2. Three Levels of Risk Level 1 Third-Party Sender Portfolio Risk Evaluating the Third-Party Sender Portfolio Risk requires the establishment of risk systems and controls within the ODFI where it can efficiently gather information on each of its Third-Party Sender relationships. The ODFI should evaluate its Third-Party Sender portfolio for the following risks: Understand which originators use multiple Third-Party Senders to initiate ACH transactions and review the Standard Entry Class (SEC) transaction codes and volume. Review ACH volume and returns by transaction type and by Third-Party Sender. 3
5 Establish a Third-Party Sender Portfolio aggregate scoring metric that will provide an easy way to identify changes in portfolio risk. Separate the Third-Party Sender Portfolio into high risk, moderate risk, and low risk classifications based upon calculated risk metrics. Evaluate Third-Party Sender geographic concentrations. Evaluate Third-Party Sender activities in other departments within the ODFI and evaluate overall entity exposure (i.e. cross channel risk). The ODFI should set up a regular review process that evaluates the Third-Party Sender Portfolio and analyzes the information gathered by the internal risk systems and controls. Level 2 Third-Party Sender Risk Historically, the Third-Party Sender Risk has been the primary focus of the ODFI. The OCC s Automated Clearing House Activities, Risk Management Guidance, describes in detail how an ODFI should approach these relationships: To effectively manage risk from Third-Party [Senders], bank management should establish procedures that allow the bank to monitor the Third- Party [Sender s] operations. The first step in this process is identifying and validating the third party and the type of business it conducts. Banks should check thoroughly the background of each Third-Party [Sender], including the principal owners, and also verify the organization s financial capacity to absorb losses. 7 The ODFI should execute a written agreement with each Third-Party Sender. Generally, these agreements should outline specific operational guidelines, such as: Detail the obligations and liabilities of the Third-Party Sender. Define the information to be provided before the Third-Party Sender can initiate transactions for a new Originator. Define who is an approved or disapproved Originator. Define what are approved and disapproved Standard Entry Class (SEC) transaction types. Determine ODFI access/audit frequency of Third-Party Sender Originator documentation. Confirm the ODFI liability for performance of the Third-Party Sender, binding the Third-Party Sender to the ACH Rules. Confirm the ODFI s right to terminate the agreement for breach of the ACH Rules. Set guidelines for risk tolerance, approval limits, permitted customer types (i.e. SIC/NACIS codes, permitted SEC transaction types). 7 Officer of the Comptroller of the Currency, OCC Automated Clearing House Activities, 2006, news-issuances/bulletins/2006/bulletin html#ftnote25, (August 2013). 4
6 Some of the key elements of the initial underwriting of Third-Party Sender entities should include:...an ODFI must investigate all Third-Party Senders as well as their Originators because the ODFI is ultimately responsible for any transaction it initiates. Background checks on the business and principals (using public databases such as Lexis Nexis, Merchants Information Services, etc.). Understanding the Third-Party Sender business and the length of time the business has been in existence. Utilize government provided high risk lists such as the Financial Crimes Enforcement Network ( FINCEN ) Money Service Business listing and the Office of Foreign Assets Control ( OFAC ) lists. Understand if the Third-Party Sender works with other areas of the bank (i.e. cross channel risk). Consider requiring that the Third-Party Sender use other services within the organization (i.e. require full banking relationships or require the Third-Party Sender be a borrowing customer and/or require minimum account balances). Determine if the Third-Party Sender processes transactions for highrisk Originators (such as telemarketing, gambling, payday lending, adult entertainment, etc.). Once the initial due diligence and underwriting process is complete for each of Third- Party Senders, an ODFI should establish credit-risk controls that set relevant peak ACH exposure limits and perform an ongoing credit analysis on each Third-Party Sender entity. Level 3 Third-Party Sender Originator Risk Originator relationships, when processing through a Third-Party Sender, are inherently more risky for an ODFI due to the struggle it faces when trying to gain a better understanding of the Originator s business. The third level of risk, Third-Party Sender Originator Risk, strongly encourages an ODFI to gather information about each Originator that processes through a Third-Party Sender. From due diligence and underwriting to monitoring and evaluating the Originator s business and ongoing creditworthiness, an ODFI must investigate all Third-Party Senders as well as their Originators because the ODFI is ultimately responsible for any transactions it initiates. The OCC has provided basic guidance regarding an ODFI s knowledge of its Third-Party Senders customers stating that: Banks that initiate ACH transactions for Third-Party Senders should know, at a minimum, for which originators they are initiating entries into the ACH network. Thus, banks should require Third-Party Senders to provide certain information on their Originator customers such as the Originator s name, taxpayer identification number, principal business activity, and geographic location. Also, before originating transactions, a bank should verify (directly or through a Third-Party Sender) that the Originator is operating a legitimate 5
7 business. 8 Ideally, ODFIs should be able to evaluate and monitor the risk associated with these entities on a real-time or near real-time basis through the use of ACH risk management technology solutions. ODFIs should carefully review the validity and creditworthiness of all Third-Party Sender Originators. When conducting the initial underwriting of an Originator that is a customer of a Third-Party Sender, an ODFI should employ a similar process to what it uses to evaluate a Third-Party Sender. The ODFI should perform a detailed evaluation of each Originator for which the Third-Party Sender initiates entries for and understand its business and operations before agreeing to process transactions. The ODFI should pay particular attention to Originators that operate high-risk businesses such as telemarketing companies, credit-repair services, mail order and telephone order companies, online gambling operations, businesses located offshore, and adult entertainment businesses. These operations are typically riskier and incidents of unauthorized returns are more common with these businesses. ODFIs may consider establishing policies prohibiting transactions with certain high-risk Originators and Third- Party Senders. The Solution When it comes to managing Third-Party Sender relationships, ODFIs are expected to understand and monitor the actions of multiple entities. This never-ending task requires the use of valuable employee and technology resources that most financial institutions cannot afford to spare. Ideally, ODFIs should be able to evaluate and monitor the risk associated with these entities on a real-time or near real-time basis through the use of ACH risk management technology solutions. Through the simple process of entering basic information on its Third-Party Senders and their Originators such as the company s name, website address, and mailing address, ODFIs should be able to view specific information on their originating companies. These technology solutions would provide access to multiple data sources that generate analytical insight on the originating companies. In addition, these technology solutions, through the use of the gathered data, would allow for the continuous evaluation of a Third-Party Sender s business and their originators, alerting ODFIs of any changes in the entity s financial health or operations. Furthermore, these technology solutions would also allow an ODFI to set specific risk tolerance levels and create measurable analytics for each business entity in order to more closely monitor its origination activities. Finally, these technology solutions would allow ODFIs to generate reports on any Third-Party Sender or any of their Originators at any given time. Conclusion ODFIs are responsible for each ACH entry it initiates. As such, it must proactively manage the multiple levels of risk associated with its Third-Party Senders and their Originators. However, in order to manage the risk according to suggested regulatory 8 Officer of the Comptroller of the Currency, OCC Automated Clearing House Activities, 2006, news-issuances/bulletins/2006/bulletin html#ftnote25, (August 2013). 6
8 specifications, ODFIs need to invest a significant amount of time and resources to monitor these originating entities. ODFIs should evaluate the use of risk management technology solutions in order to efficiently and effectively gain broader visibility of the status and performance of its Third-Party Senders and their Originators. 7
9 About Argos Risk Argos Risk specializes in the development of web-based technology solutions that enable companies to proactively manage credit and financial risk and protect against business identity fraud. Argos Risk leverages its proprietary data analysis process Argonomics and its custom-built web portal the Technology Platform to deliver up-to-the-minute credit risk information and financial health scores to subscribers. Both of the company s products Argos Risk Online and Argos Risk Defender are fully-hosted, Software-as-a-Service, subscription-based solutions that allow companies to better manage the credit risk associated with doing business into today s economic climate. Argos Risk s flagship product, Argos Risk Online, is the first proprietary software service that provides affordable financial and business health credit risk information for small to medium-sized businesses. With access to information on over 28 million business entities, Argos Risk Online allows subscribers to continuously monitor a list of their customers, vendors, suppliers, prospects, and competitors for changes in their business and financial health. This web-based solution delivers credit updates and daily alerts via the company s secure Technology Platform. The solution s visual dashboard makes it quick and easy for a company of any size to spot upward or downward trends that may require attention. In today s fast-paced economy, Argos Risk Online enables businesses to find all the pertinent information they need in order to evaluate both old and new relationships and to stay on top of rapidly changing credit health Parkdale Dr., Suite 100 Minneapolis, MN 5541 info@argosrisk.com P: 877-RISK-411 or
Knowing your customers and their customers and their customers and so on and so on
Knowing your customers and their customers and their customers and so on and so on Identifying your Third-Party s and their Nested s This ACH risk management white paper provides an overview of ACH relationships
More informationO OCC BULLETIN OCC 2006-39. Automated Clearing House Activities. Risk Management Guidance
O OCC BULLETIN Comptroller of the Currency Administrator of National Banks Subject: Automated Clearing House Activities Description: Risk Management Guidance TO: Chief Executive Officers, Chief Risk Officers,
More informationIdentifying Key Risk Indicator
PUERTO RICO PAYMENTS SYMPOSIUM Identifying Key Risk Indicator EPOCPR Services Agenda for Today Background History Regulators & Risk Management Let s have fun Regulators & Risk Assessment ACH Risks Categories
More informationThird-Party Senders Risks and Best Practices
Third-Party Senders Risks and Best Practices Please turn off all cell phones or mobile devices. Thank you to today s sponsors! This morning s refreshment break sponsored by The Royal Bank of Scotland EventMobile
More informationKnow Your Customer & Know Your Customer s Customers (KYCC) BITS ACH Fraud Risk Subgroup Presented by George Thomas November 19, 2008
Know Your Customer & Know Your Customer s Customers (KYCC) BITS ACH Fraud Risk Subgroup Presented by George Thomas November 19, 2008 Agenda Theme and Issue Types of Third Party Processors Risk from Third
More informationThird Party Payment Processors Job Aid
Third Party Payment Processors Job Aid This job aid is to be used by state institution examiners as a means to understand, identify, and assess the risks associated with institutions relationships with
More informationThird-Party Sender Case Studies: ODFI Best Practices to Close the Gap An ACH Risk Management White Paper
Third-Party Sender Case Studies: ODFI Best Practices to Close the Gap An ACH Risk Management White Paper This ACH risk management white paper examines three case studies related to Third-Party Sender Risk.
More informationIncreasingly community banks are turning to
A system of ACH risk-management valves can help banks bypass the big loss By Jeanette A. Fox and Cary Whaley Increasingly community banks are turning to payments, specifically Automated Clearing House
More informationACH Operations Bulletin #2-2013
ACH Operations Bulletin #2-2013 High-Risk Originators and Questionable Debit Activity March 14, 2013 EXECUTIVE SUMMARY Recent press reports have inaccurately stated that some Receiving Depository Financial
More informationAIM for Success and Effectively Manage High Risk Originators
AIM for Success and Effectively Manage High Risk Originators Pamela T. Rodriguez, AAP, CIA, CISA EVP, Risk Management & Education, EastPay Brent Siegel Vice President, Argos Risk Disclaimer This presentation
More informationGUIDANCE ON PAYMENT PROCESSOR RELATIONSHIPS (Revised July 2014)
Federal Deposit Insurance Corporation 550 17th Street NW, Washington, D.C. 20429-9990 Financial Institution Letter FIL-127-2008 November 7, 2008 GUIDANCE ON PAYMENT PROCESSOR RELATIONSHIPS (Revised July
More informationAutomated Clearing House
Automated Clearing House THE SERVICE Customer wishes to initiate credit and/or debit Entries as an Originator through Bank to Accounts maintained at Bank and in other depository financial institutions
More informationGet In Tune With Third Parties: Finding the harmonies between Third Party Senders, Originators, and Customers.
Get In Tune With Third Parties: Finding the harmonies between Third Party Senders, Originators, and Customers. Marsha Jones President TPPPA Brent Siegel Vice President Argos Risk 1 1 AGENDA/OUTLINE Third-Party
More informationManaging your community bank s ACH and demand draft risk By George F. Thomas
Payment Protocols Managing your community bank s ACH and demand draft risk By George F. Thomas Would anyone in their right mind attempt to drive a car blindfolded? Well, the answer would be an emphatic
More informationBusiness Information Services. Product overview
Business Information Services Product overview Capabilities Quality data with an approach you can count on every step of the way Gain the distinctive edge you need to make better decisions throughout the
More informationACH Operations Bulletin #1-2014
ACH Operations Bulletin #1-2014 Questionable ACH Debit Origination: Roles and Responsibilities of ODFIs and RDFIs September 30, 2014 Replaces ACH Operations Bulletin #2-2013 (Originally Issued March 14,
More informationManaging TPPPs and TPSs in the Current Regulatory Environment
November 2015 Managing TPPPs and TPSs in the Current Regulatory Environment Prepared by: Jodie Ruby, Director Audience: This document is intended for managers, directors and executives who deal with business
More informationRisk Management of Remote Deposit Capture
Federal Financial Institutions Examination Council 3501 FAIRFAX DRIVE ROOM 3086 ARLINGTON, VA 22226-3550 (703) 516-5487 http://www.ffiec.gov Background and Purpose Risk Management of Remote Deposit Capture
More informationACH Internal Control Questionnaire
ACH Internal Control Questionnaire AUTOMATED CLEARING HOUSE (ACH) Assessment of the Adequacy of Internal Controls Completed by: Date Completed: Quality of Management and Support for ACH Processing Activity
More informationGoing All In on Board Reporting
Going All In on Board Reporting February 13, 2014 10:15 A.M to 11:15 A.M. Tony DaSilva, AAP, CISA Senior Examiner, Federal Reserve Bank of Atlanta Rajiv Donde President, Laru Technologies Peter Davey,
More informationACH GUIDE ACH PARTICIPATION
Materials needed: ACH policies (Audit and general), the last two ACH audits, security settings (Operator Reports) for the processing method the FI has chosen, Originator contracts and any reviews of Originator
More informationUnlawful Internet Gambling Enforcement Act of 2006 Overview
Attachment A Unlawful Internet Gambling Enforcement Act of 2006 Overview This document provides an overview of the Unlawful Internet Gambling Enforcement Act of 2006 (UIGEA or Act), 31 USC 5361-5366, and
More informationSelecting a Secure and Compliant Prepaid Reloadable Card Program
Selecting a Secure and Compliant Prepaid Reloadable Card Program Merchants and other distributors of prepaid general purpose reloadable (GPR) cards should review program compliance as an integral part
More informationChief Executive Officers of All National Banks, Department and Division Heads, and All Examining Personnel.
AL 2000 9 O OCC ADVISORY LETTER Comptroller of the Currency Administrator of National Banks Subject: Third-Party Risk TO: Chief Executive Officers of All National Banks, Department and Division Heads,
More informationInformation Technology
Information Technology Information Technology Session Structure Board of director actions Significant and emerging IT risks Practical questions Resources Compensating Controls at the Directorate Level
More informationACH and Third Party Payment Processors
ACH and Third Party Payment Processors Definition of Third-Party Relationship Entity with which financial institution has entered into a business relationship Facilitate customer access to bank services
More informationAttachment. OCC Guidance on Due Diligence Requirements in Determining Whether Securities Are Eligible for Investment
Attachment OCC Guidance on Due Diligence Requirements in Determining Whether Securities Are Eligible for Investment The guidance below was issued by the Office of the Comptroller of the Currency (OCC)
More informationACH Transactions
ACH Operations Bulletin #2-2014 ACH Transactions Involving Third-Party Senders and Other Payment Intermediaries December 30, 2014 EXECUTIVE SUMMARY In most ACH transactions, the roles of the various parties
More informationMoney One Federal Credit Union Pocket 2 Pocket Service E-SIGNATURE AND ELECTRONIC DISCLOSURES AGREEMENT
Money One Federal Credit Union Pocket 2 Pocket Service E-SIGNATURE AND ELECTRONIC DISCLOSURES AGREEMENT You are signing up to use the Pocket 2 Pocket service powered by Acculynk that allows you to send
More informationMortgage Services > Today s mortgage lenders are faced with. constant challenges Equifax can help. CONSUMER INFORMATION SOLUTIONS
CONSUMER INFORMATION SOLUTIONS Mortgage Services > Today s mortgage lenders are faced with constant challenges Equifax can help. From quick access to tri-merge reports to independent third-party appraisals,
More informationStrengthen security with intelligent identity and access management
Strengthen security with intelligent identity and access management IBM Security solutions help safeguard user access, boost compliance and mitigate insider threats Highlights Enable business managers
More informationService Agreement. UltraBranch Business Edition. alaskausa.org AKUSA 02952 R 05/15
Service Agreement UltraBranch Business Edition Your savings federally insured to at least $250,000 and backed by the full faith and credit of the United States Government. National Credit Union Administration,
More informationBank Secrecy Act, Anti-Money Laundering, and Office of Foreign Assets Control
Bank Secrecy Act, Anti-Money Laundering, and Office of Foreign Assets Control Overview The Bank Secrecy Act (BSA) was created in 1970 to assist in criminal, tax, and regulatory investigations. The Financial
More informationGovernment Crime Prevention Regulations. Richard Fraher VP & Counsel to the Retail Payments Office Federal Reserve Bank of Atlanta
Government Crime Prevention Regulations Richard Fraher VP & Counsel to the Retail Payments Office Federal Reserve Bank of Atlanta The Big Disclaimers The views expressed in this presentation are those
More informationBeyond Compliance: Building a Robust Ethics and Compliance Program
Beyond Compliance: Building a Robust Ethics and Compliance Program Overview Risks are increasing and organizations are called to develop effective compliance risk mitigation programs Today, the explosion
More informationPayment Processor Relationships Revised Guidance
Federal Deposit Insurance Corporation 550 17th Street NW, Washington, D.C. 20429-9990 Payment Processor Relationships Revised Guidance Financial Institution Letter FIL-3-2012 January 31, 2012 Summary:
More informationInternational ACH Transactions (IAT) Frequently Asked Questions Corporate Customers
Frequently Asked Questions Corporate Customers IAT changes were made for regulatory compliance The first step is to understand and recognize OFAC requirements - corporates must comply with OFAC requirements
More informationone admin. one tool. Providing instant access to hundreds of industry leading verification tools.
2 7 12 14 11 15 8 16 10 41 40 42 19 49 45 44 50 48 47 51 46 52 53 55 54 56 57 67 68 1 5 39 43 58 71 81 82 69 70 88 25 29 23 26 22 3 21 28 4 6 32 30 38 33 31 37 34 35 36 63 59 64 60 62 61 65 72 73 66 74
More informationIBM Financial Transaction Manager for ACH Services IBM Redbooks Solution Guide
IBM Financial Transaction Manager for ACH Services IBM Redbooks Solution Guide Automated Clearing House (ACH) payment volume is on the rise. NACHA, the electronic payments organization, estimates that
More informationThe rise of third party relationships means rise in risk and regulation. Non-compliance is risky business for financial institutions
The rise of third party relationships means rise in risk and regulation Non-compliance is risky business for financial institutions Increasing dependency on third parties by banks has resulted in mandatory
More informationNCUA LETTER TO CREDIT UNIONS
NCUA LETTER TO CREDIT UNIONS NATIONAL CREDIT UNION ADMINISTRATION 1775 Duke Street, Alexandria, VA 22314 DATE: August 2008 LETTER NO.: 08-CU-19 TO: SUBJ: Federally Insured Credit Unions Third-Party Relationships:
More informationIndustry Update & New Rules. Stephanie Schrickel, AAP Director, emarketing. 2014 EastPay. All Rights Reserved 1 EASTPAY
Industry Update & New Rules Stephanie Schrickel, AAP Director, emarketing EASTPAY Not-for-profit Regional Payments Association Educational Programs Member benefits Voice & Representation in National Rule
More informationIAT Scenarios Simplified
IAT Scenarios Simplified Several abbreviated scenarios are provided below to better understand when a specific payment transaction involving the U.S. ACH Network would be deemed an International ACH Transaction
More informationFFIEC Cybersecurity Assessment Tool
Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,
More informationTHIRD PARTY PAYMENT PROVIDERS
THIRD PARTY PAYMENT PROVIDERS BY DARLIA FOGARTY, DIRECTOR OF COMPLIANCE & COO KNOWLEDGE. CLARITY. RELIABILITY. www.compliancealliance.com (888) 353-3933 THIRD PARTY PAYMENT PROCESSORS Third Party Payment
More informationAutomotive Services. Tools for dealers, lenders and industry service providers that drive profitable results in today s economy
CONSUMER INFORMATION SOLUTIONS Automotive Services Tools for dealers, lenders and industry service providers that drive profitable results in today s economy Reach the right prospects Automotive solutions
More informationAn Oracle White Paper November 2011. Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime
An Oracle White Paper November 2011 Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime Disclaimer The following is intended to outline our general product direction.
More informationORACLE PROJECT MANAGEMENT
ORACLE PROJECT MANAGEMENT KEY FEATURES Oracle Project Management provides project managers the WORK MANAGEMENT Define the workplan and associated resources; publish and maintain versions View your schedule,
More informationCORL Dodging Breaches from Dodgy Vendors
CORL Dodging Breaches from Dodgy Vendors Tackling Vendor Security Risk Management in Healthcare Introductions Cliff Baker 20 Years of Healthcare Security experience PricewaterhouseCoopers, HITRUST, Meditology
More informationNevada Registered Agents Association
Nevada Registered Agents Association Best Practices Recommendations to Prevent the Exploitation of Nevada Business Entities for Criminal Activities, and for the Protection of the Nevada Registered Agent
More informationAccount-to-Account Transfer Services Risk
Account-to-Account Transfer Services Risk This white paper is part of the Risk Management White Paper Series, which CUNA Mutual Group provides exclusively to its Bond policyholders. TABLE OF CONTENTS Table
More informationPayment Systems. Version 1.0 July 2013. Introduction
Introduction This module applies to examinations of the Federal Home Loan Banks (FHLBanks), the Office of Finance; Fannie Mae and Freddie Mac. The module refers to these institutions collectively as the
More informationGetting Started with Commercial Credit and Collections Scoring cortera.com
past due Getting Started with Commercial Credit and Collections Scoring cortera.com Why Commercial Credit Scoring Has Been Slow to Take off When one looks at credit and collections scoring and its adoption
More informationSIEBEL HEALTHCARE SOLUTIONS
SIEBEL HEALTHCARE SOLUTIONS Oracle s Siebel Healthcare offers rich relationship management solutions designed specifically for health insurance, employee benefits, and care delivery organizations. It enables
More informationSupporting Effective Compliance Programs
October 2015 Supporting Effective Compliance Programs The Oversight Roles of the Board Audit and Risk Committees in Regulatory Compliance By Paul Osborne, CPA, CAMS, AMLP, and Peggy Sepp, CIA To be effective,
More informationRISK MANAGEMENT UPDATE Lessons [To Be] Learned from Recent Enforcement Actions
RISK MANAGEMENT UPDATE Lessons [To Be] Learned from Recent Enforcement Actions Presented by: Dixie K. Hieb and Robb Schlimgen Davenport, Evans, Hurwitz & Smith, LLP www.dehs.com 2014 Davenport, Evans,
More informationTHE UH OH MOMENT. Financial Services Enterprises Focus on Governance, Transparency and Supply Chain Risk
THE UH OH MOMENT Financial Services Enterprises Focus on Governance, Transparency and Supply Chain Risk By Lois Coatney, Chuck Walker and Joseph Yacura, ISG Directors www.isg-one.com INTRODUCTION A top
More informationThird-Party Payment Processing and Financial Crimes March 14, 2012
Third-Party Payment Processing and Financial Crimes March 14, 2012 Michael Benardo Chief, Cyber Fraud & Financial Crimes Section Division of Risk Management Supervision Federal Deposit Insurance Corporation
More information2014 Financial Services Industry Compliance Benchmark Study
2014 Financial Services Industry Compliance Benchmark Study Presented By: and Executive Summary Beginning in early December 2013, SAI Global Compliance conducted a survey among compliance professionals
More informationService. ACH Processing Services Outsourced ACH Solutions Tailored to Your Requirements and Budget
Service ACH Processing Services Outsourced ACH Solutions Tailored to Your Requirements and Budget originating and receiving ACH electronic funds transfers with speed and efficiency. A comprehensive range
More information2015 NACHA Rules, Same Day ACH and Regulation E Changes
2015 NACHA Rules, Same Day ACH and Regulation E Changes Recently Approved Amendments to Improve Quality and Reduce Risk in the ACH Network 2015 NYBA Technology, Compliance & Risk Management Forum DISCLAIMER
More informationA Privacy and Data Security Checklist for All
July 2015 Many companies know they have to follow privacy and data security rules. Companies in the health care industry know about Health Insurance Portability and Accountability Act (HIPAA). Financial
More informationBanking on Business Intelligence (BI)
Banking on Business Intelligence (BI) Building a business case for the Kenyan Banking Sector The new banking environment in Kenya is all about differentiating banking products, increased choices, security
More informationPayment Systems Today: Latest Legal and Regulatory Challenges
Payment Systems Today: Latest Legal and Regulatory Challenges October 14, 2014 Jon Genovese, Vantiv Ellen T. Berge, Esq., Venable LLP Ed Wilson, Esq., Venable LLP Andrew E. Bigart, Esq., Venable LLP 1
More informationValidating Third Party Software Erica M. Torres, CRCM
Validating Third Party Software Erica M. Torres, CRCM Michigan Bankers Association Risk Management & Compliance Institute September 29, 2014 MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT
More informationACH Network Risk and Enforcement Topics Request for Comment and Request for Information. Executive Summary and Rules Description November 11, 2013
ACH Network Risk and Enforcement Topics Request for Comment and Request for Information Executive Summary and Rules Description November 11, 2013 RESPONSES DUE BY MONDAY, JANUARY 13 2014 NACHA requests
More informationORACLE CRM ON DEMAND INSURANCE DISTRIBUTION MANAGEMENT SOLUTION
ORACLE CRM ON DEMAND INSURANCE DISTRIBUTION MANAGEMENT SOLUTION For many insurance carriers, sales through indirect channels form the largest proportion of their business. However, most carriers do not
More informationQ2: What return codes are included in the Unauthorized Return Rate Threshold?
Unauthorized Return Rate Threshold Q1: What is the new Unauthorized Return Rate Threshold? This rule reduces the return rate threshold for unauthorized debit entries from 1.0 percent to 0.5 percent. All
More informationThird Party Relationships
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 A B D INTRODUCTION AND PURPOSE Background Yes/No Comments 1. Does the credit union maintain a list of the third party
More informationEnterprise Risk Management Process Improvement. Secure Banking Solutions, LLC
Enterprise Risk Management Process Improvement 2 Contact Information Contact Information Chad Knutson Senior Information Security Consultant CISSP, CISA, CRISC Phone: 605-480-3366 chad.knutson@protectmybank.com
More informationFIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES
FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES The implications for privacy and security in the emergence of HIEs The emergence of health information exchanges (HIE) is widely
More informationFunds Transfer Agreement
Funds Transfer Agreement Your Lifetime Financial Partner This Funds Transfer Authorization Agreement & Notice ( Agreement ) applies to all domestic or international Wire Transfers and Automated Clearing
More informationThe Future of Investment Compliance for Asset Owners: The Next Great Transformation
The Future of Investment Compliance for Asset Owners: The Next Great Transformation By: State Street Global Services Performance Services December 2014 STATE STREET CORPORATION 1 Contents Introduction
More informationOCC 98-3 OCC BULLETIN
To: Chief Executive Officers and Chief Information Officers of all National Banks, General Managers of Federal Branches and Agencies, Deputy Comptrollers, Department and Division Heads, and Examining Personnel
More informationThe Hottest Trends in Payments Taking Place in the ACH Now!
The Hottest Trends in Payments Taking Place in the ACH Now! Sean Carter SVP Payments Strategies Joe Casali SVP Operations& IT 2015 NEACH. All rights reserved. NEACH, as a Direct Member of NACHA, is a specially
More informationProduct Lifecycle Management in the Medical Device Industry. An Oracle White Paper Updated January 2008
Product Lifecycle Management in the Medical Device Industry An Oracle White Paper Updated January 2008 Product Lifecycle Management in the Medical Device Industry PLM technology ensures FDA compliance
More informationFDIC Updates Guidance on Payment Processor Relationships
February 2012 FDIC Updates Guidance on Payment Processor Relationships BY KEVIN L. PETRASIC In its recently issued Financial Institution Letter, FIL-3-2012, the Federal Deposit Insurance Corporation (
More informationAutomated valuation models: Changes in the housing market require additional risk management considerations
Automated valuation models: Changes in the housing market require additional risk management considerations Overview From 2003 to 2006, the US residential real estate market experienced an unprecedented
More informationWhite Paper on Financial Institution Vendor Management
White Paper on Financial Institution Vendor Management Virtually every organization in the modern economy relies to some extent on third-party vendors that facilitate business operations in a wide variety
More informationInternational ACH Transactions (IAT) Frequently Asked Questions Corporate Customers. Contents
International ACH Transactions (IAT) Frequently Asked Questions Corporate Customers IAT changes were made for regulatory compliance The first step is to understand and recognize OFAC requirements - corporates
More informationExecutive Summary. Guidelines on Merchant and ISO Underwriting and Risk Monitoring MARCH 2014 COUNSEL DEVELOPED BY
TM MARCH 2014 Guidelines on Merchant and ISO Underwriting and Risk Monitoring Executive Summary DEVELOPED BY www.deanarich.com COUNSEL Venable LLP Jeffrey D. Knowles Ellen Traupman Berge Leonard L. Gordon
More informationWEB ACH Primer. Receiver The person (for WEB transactions this must be a human being) who owns the bank account being debited.
The WEB ACH transaction type was introduced in March 2001. It is defined as a debit entry to a consumer bank account, for which the authorization was obtained from the Receiver (the consumer who owns the
More informationRESEARCH UPDATE. Global Ad Agency Publicis Groupe BBB+ Rating Still On CreditWatch Negative After Announcement Of Razorfish Acquisition.
RESEARCH UPDATE Global Ad Agency Publicis Groupe BBB+ Rating Still On CreditWatch Negative After Announcement Of Razorfish Acquisition Primary Credit Analysts: Raam Ratnam London (44) 207-176-7066 raam_ratnam@
More information2016 The global ABB integrity program. www.abb.com/integrity
2016 The global ABB integrity program www.abb.com/integrity Tone from the Top Don t Look the Other Way A culture of integrity is a prerequisite for a world-class business. Many valuable customers choose
More informationOutsourcing Technology Services A Management Decision
Outsourcing Technology Services A Management Decision A Telephone Seminar for National Banks Tuesday, July 20, 2004 And again on Wednesday, July 21, 2004 Agenda Outsourcing activities and relationships
More informationAppendix D Fundamentals of the
Appendix D Fundamentals of the Funds Transfer Process Essentially, an electronic funds transfer is a transaction by which funds move from one institution to another or one account to another at the direction
More informationACH Welcome Kit. Rev. 10/2014. Member FDIC Page 1 of 8
ACH Welcome Kit Rev. 10/2014 Member FDIC Page 1 of 8 Dear Customer, Thank you for utilizing FirstMerit s ACH services. We have finalized the setup of your ACH product and you may now begin processing ACH
More informationRe: Docket No. R-1298 Prohibition on Funding of Unlawful Internet Gambling
JkRADIX jgg ^CONSULTING tf INCORPORATION V H ^^^^^r 1hf scowfc* y*ti pj^mtnb n«di PO Box 584 Oakdale, NY 11769 December 6, 2007 Board of Governors of the Federal Reserve System 20th and C Streets, N.W.
More informationOptimizing the Value of the Commercial Web Channel
Optimizing the Value of the Commercial Web Channel April 13, 2011 PRESENTED BY: Jacob Nygren, CTP 2011 Treasury Strategies, Inc. All rights reserved. Agenda 1. Assessing the Landscape 2. Three Key Ideas
More informationBlind spot Banks are increasingly outsourcing more activities to third parties. But they can t outsource the risks.
Blind spot Banks are increasingly outsourcing more activities to third parties. But they can t outsource the risks. For anyone familiar with the banking industry, it comes as no surprise that banks are
More informationDOUBLECHECK VENDOR MANAGEMENT
August 2014 DOUBLECHECK VENDOR MANAGEMENT Managing Risk & Compliance Across 3rd Party Relationships SOLUTION VIEWPOINT Governance, Risk Management & Compliance Insight 2014 GRC 20/20 Research, LLC. All
More informationTreasury Management Services Product Terms and Conditions
Treasury Management Services Product Thank you for choosing M&T Bank for your treasury management service needs. We appreciate the opportunity to serve you. If you have any questions about this Product
More information- 0 - Terms and Conditions for BUSINESS INTERNET BANKING SERVICES
- 0 - Terms and Conditions for BUSINESS INTERNET BANKING SERVICES TABLE OF CONTENTS I. INTRODUCTION... 2 II. BUSINESS INTERNET BANKING SERVICES.. 2 A. Automated Clearing House (Ach)... 2 1. Compliance
More informationFederal Financial Institutions Examination Council FFIEC. Retail Payment Systems RPS. February 2010 IT EXAMINATION HANDBOOK
Federal Financial Institutions Examination Council FFIEC Retail Payment Systems February 2010 RPS IT EXAMINATION HANDBOOK RETAIL PAYMENT SYSTEMS RISK MANAGEMENT Action Summary Financial institutions engaged
More informationOCC 97-24 OCC BULLETIN
OCC 97-24 OCC BULLETIN Comptroller of the Currency Administrator of National Banks Subject: Credit Scoring Models Description: Examination Guidance TO: Chief Executive Officers of all National Banks, Department
More informationBank Secrecy Act/ Anti-Money Laundering Examination Manual
Bank Secrecy Act/ Anti-Money Laundering Examination Manual Federal Financial Institutions Examination Council Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, National
More informationSPRING 2005 Volume 7.2 STATE CORPORATION COMMISSION BUREAU OF FINANCIAL INSTITUTIONS. Lending Draws Regulatory Attention
SPRING 2005 Volume 7.2 STATE CORPORATION COMMISSION BUREAU OF FINANCIAL INSTITUTIONS Quarterly Newsletter Highlights Risk Assessment First Step in BSA Compliance Inside Growth in Member Business Lending
More information1 Copyright 2011, Oracle and/or its affiliates. All rights reserved.
1 Copyright 2011, Oracle and/or its affiliates. All rights Challenges in Implementing the Financial Action Task Force (FATF) recommendations on Risk Based Approach by R. Suresha CAMS 2 Copyright 2011,
More informationDEVELOPING AN AML (ANTI-MONEY LAUNDERING) PROGRAM:
DEVELOPING AN AML (ANTI-MONEY LAUNDERING) PROGRAM: Although the Department of the Treasury has not issued specific rules for hedge funds and hedge fund managers, hedge fund managers should adopt and implement
More informationSound Business Practices for Businesses to Mitigate Corporate Account Takeover
Sound Business Practices for Businesses to Mitigate Corporate Account Takeover This white paper provides sound business practices for companies to implement to safeguard against Corporate Account Takeover.
More information