Knowing your customers and their customers and their customers and so on and so on
|
|
- Alexis Cameron
- 8 years ago
- Views:
Transcription
1 Knowing your customers and their customers and their customers and so on and so on Identifying your Third-Party s and their Nested s This ACH risk management white paper provides an overview of ACH relationships with Third-Party s and how to identify, evaluate and monitor Third-Party s and their originator customers. By Steven M. Foster Founder and Chairman, Argos Risk
2 Executive Summary Financial institutions that process Automated Clearing House (ACH) transactions are faced with multiple levels of risk. Considered to be one of the safest payment systems in the world, the ACH Network provides an extremely reliable and efficient service for the electronic transfer of funds. Although the system itself is secure, the relationships between the parties involved in the processing of these types of transactions are inherently risky. Because an Originating Depository Financial Institution (ODFI) is responsible for all the entries it originates, it must be aware of and monitor the multiple levels of risk associated with their relationships with Third-Party s and their originating customers and, potentially, their customers that act as intermediaries for an additional level of originating customer. The Problem Serving as an intermediary between an ODFI and an, the Third-Party provides ACH origination services to its customers, the s. Third-Party services were commonly utilized by payment processors in the mid-000s, and in 004, the Third-Party role was officially recognized by NACHA. 3 NACHA s official rule change to the NACHA Operating Rules & Guidelines provided financial institutions and Third-Party s with an established structure regarding the definition of these entities and their responsibilities as members of the ACH payments system. The Third-Party is a rather unique entity because it is allowed to create ACH entries on behalf of its customers, the s. In the illustration below, the Third- Figure. Knowing Third-Party s How do ODFIs efficiently and effectively know their Third-Party s and their s and, possibly, their Nested originators? Third-Party Nested Third-Party 3 Nested Nested 3Nested NACHA, History, (September 03). NACHA, NACHA Operating Rules & Guidelines, NACHA, The Third-Party Case Studies: ODFI Best Practices to Close the Gap, 0, com/wp-content/uploads/0/08/thirdpartysenderwhitepaper.pdf, (September 03).
3 In essence, when an ODFI enters into an agreement with a Third-Party, it adds a third level of risk to its operations. Party is required to enter into a separate agreement with the ODFI and also enters into separate agreements with each of its s. The ODFI does not have an agreement with each of the Third-Party s s but instead relies on the agreements between the Third-Party and its s. As such, the Third-Party creates an unintended barrier between the ODFI and the. Adding even more complexity to the ODFI-Third-Party / relationship is the possibility of an being an intermediary for another level of s or what is called a Nested or Layered Third-Party. The separation between the ODFI; the Third-Party ; the Nested and the adds additional elements of risk to the ACH transaction processing relationship. The nature of the multi-layered Third-Party and Nested Third-Party relationship makes it difficult for the ODFI to have direct visibility into the business operations of all their s. The ODFI is responsible for all the ACH entries of the and to ensure the has the capacity to perform the obligations required under the NACHA Operating Rules. In addition, the ODFI must assess the nature of the activity of each and the associated risks that may be present with their operations. Examiners and ACH auditors are focused on the risk management systems and processes associated with all Third-Party relationships. In essence, when an ODFI enters into an agreement with a Third-Party, it can add three or four more levels of risk to its operations: The first level is the Third-Party Portfolio Risk. This level of risk focuses on the ODFI s understanding and evaluation of working with Third-Party s. The ODFI should consider how working with Third-Party s will impact the ODFI s overall strategic goals, risk, and profitability objectives and establish guidelines for the specific types of Third-Party businesses it determines to be acceptable. In addition, the ODFI should understand what additional resources are necessary to effectively manage its Third-Party relationships specifically technology and staffing requirements. The second level of risk is the Third-Party Risk. This level of risk focuses on the relationship between the ODFI and its Third Party. ODFIs need to understand and monitor the origination activities of the Third-Party in addition to performing regular reviews of the financial condition of both the Third-Party business and its s. Risk evaluations should include reviews of the aggregate risk associated with industry concentrations, geographic concentrations, and other risk factors occurring within the ODFI for the Third-Party customer group. The third level of risk is the Third-Party Risk. As part of any Third-Party due diligence program, the ODFI must determine the adequacy of the Third-Party s know your customer ( KYC ) procedures, initial screening processes, and risk tolerance levels. The ODFI should also identify the types of ACH transactions and services the Third-Party intends to deliver to its s. Furthermore, it is imperative that the ODFI require the Third-Party to have an acceptable agreement with each of its s stating that they are bound by the
4 NACHA Operating Rules. The fourth level of risk is the Nested Third-Party Risk. Because an ODFI does not typically interact directly with the Third-Party s s, it must understand the s business and monitor its ACH transaction activity. Identifying a Nested Third-Party requires the existence of robust policies and procedures at each Third-Party risk level. ODFIs must have strong KYC policies and procedures to be able to adequately evaluate businesses and their recurring origination activity. The NACHA Operating Rules state that, An ODFI is responsible for all Entries originated through the ODFI, whether by an or through a Third-Party. 4 All ACH entries that are processed by an ODFI regardless if the ODFI holds an agreement with the entity it is processing for are its responsibility. Furthermore, in September 03, NACHA added the ACH Security Framework Amendment to the NACHA Operating Rules. This amendment makes the verification of Third-Party s and s using a commercially reasonable method an obligation where before it was only a warranty. 5 The amendment states: The Security Framework replaces [the former] warranty with a new prerequisite to origination that more broadly requires the ODFI to verify the identity of all s/third-party s, regardless of the manner in which the Origination Agreement was executed. The amendment makes the requirement an obligation rather than a warranty as previously used for transmissions over Unsecured Electronic Networks. 6 Because of these requirements, it is imperative that the ODFI monitor all four levels of risk associated with its Third-Party relationships. However, the challenge for all financial institutions is how to implement and manage these key risk processes without requiring resources disproportionate to the size of the organization. Four Levels of Risk ODFIs typically originate ACH transactions for multiple Third-Party s and each Third-Party will originate transactions for several hundred customers, their s. In addition, it is not uncommon for several of the Third-Party s s to act as intermediaries for their own customers, thus creating a Nested Third-Party relationship. Nested Third-Party relationships pose additional challenges to ODFIs because they are extremely difficult to monitor and control. 7 Some 4 NACHA, NACHA Operating Rules & Guidelines, NACHA, Notice of Amendments to the 0 Operating Rules Supplement #-0, 0. 6 Ibid. 7 Payment Processor Relationships Revised Guidance FIL-3-0, January 3, 0. 3
5 examples of Nested Third-Party s include property management companies, payroll processors, payday lenders, and collection agencies. Figure diagrams the relationship between an ODFI, its Third-Party s and their s and their Nested Third-Party s. In addition, this diagram identifies the different levels of risk present in the overall relationship hierarchy. Figure. Four Levels of Risk LEVEL LEVEL LEVEL 3 Third-Party Nested Third-Party Third-Party Nested Third-Party 3 Nested Third-Party Third-Party 3 LEVEL 4 Nested Nested Nested Nested Nested Nested 3Nested 3Nested 4Nested Level Third-Party Portfolio Risk Evaluating the Third-Party Portfolio Risk requires the establishment of risk systems and controls within the ODFI where it can efficiently gather information on each of its Third-Party relationships. The ODFI should evaluate its Third-Party portfolio for the following risks: Understand which originators use multiple Third-Party s to initiate ACH transactions and review the Standard Entry Class (SEC) transaction codes and volume. Review ACH volume and returns by transaction type and by Third-Party. Establish a Third-Party Portfolio aggregate scoring metric that will provide an easy way to identify changes in portfolio risk. Separate the Third-Party Portfolio into high risk, moderate risk, and low risk classifications based upon calculated risk metrics. Evaluate Third-Party geographic concentrations. Evaluate Third-Party activities in other departments within the ODFI and evaluate overall entity exposure (i.e. cross channel risk). 4
6 The ODFI should set up a regular review process that evaluates the Third-Party Portfolio and analyzes the information gathered by the internal risk systems and controls....an ODFI must investigate all Third-Party s as well as their s because the ODFI is ultimately responsible for any transaction it initiates. Level Third-Party Risk Historically, the Third-Party Risk has been the primary focus of the ODFI. The OCC s Automated Clearing House Activities, Risk Management Guidance, describes in detail how an ODFI should approach these relationships: To effectively manage risk from Third-Party [s], bank management should establish procedures that allow the bank to monitor the Third- Party [ s] operations. The first step in this process is identifying and validating the third party and the type of business it conducts. Banks should check thoroughly the background of each Third-Party [], including the principal owners, and also verify the organization s financial capacity to absorb losses. 8 The ODFI should execute a written agreement with each Third-Party. Generally, these agreements should outline specific operational guidelines, such as: Detail the obligations and liabilities of the Third-Party. Define the information to be provided before the Third-Party can initiate transactions for a new. Define who is an approved or disapproved. Define what are approved and disapproved Standard Entry Class (SEC) transaction types. Determine ODFI access/audit frequency of Third-Party documentation. Confirm the ODFI liability for performance of the Third-Party, binding the Third-Party to the ACH Rules. Confirm the ODFI s right to terminate the agreement for breach of the ACH Rules. Set guidelines for risk tolerance, approval limits, and permitted customer types (i.e. SIC/NACIS codes, permitted SEC transaction types). Some of the key elements of the initial underwriting of Third-Party entities should include: Background checks on the business and principals (using public databases such as Lexis Nexis, Merchants Information Services, etc.). Understanding the Third-Party business and the length of time the business has been in existence. Utilize government provided high risk lists such as the Financial Crimes 8 Officer of the Comptroller of the Currency, OCC Automated Clearing House Activities, 006, news-issuances/bulletins/006/bulletin html#ftnote5, (August 03). 5
7 Ideally, ODFIs should be able to evaluate and monitor the risk associated with these entities on a real-time or near real-time basis through the use of ACH risk management technology solutions. Enforcement Network ( FinCEN ) Money Services Business listing and the Office of Foreign Assets Control ( OFAC ) lists. Understand if the Third-Party works with other areas of the bank (i.e. cross channel risk). Consider requiring that the Third-Party use other services within the organization (i.e. require full banking relationships or require the Third-Party be a borrowing customer and/or require minimum account balances). Determine if the Third-Party processes transactions for highrisk s (such as telemarketing, gambling, payday lending, adult entertainment, etc.). Once the initial due diligence and underwriting process is complete for each of the Third-Party s, an ODFI should establish credit-risk controls that set relevant peak ACH exposure limits and perform an ongoing credit analysis on each Third-Party entity. Level 3 Third-Party Risk relationships, when processing through a Third-Party, are inherently more risky for an ODFI due to the struggle it faces when trying to gain a better understanding of the s business. The third level of risk, Third-Party Risk, strongly encourages an ODFI to gather information about each that processes through a Third-Party. From due diligence and underwriting to monitoring and evaluating the s business and ongoing creditworthiness, an ODFI must investigate all Third-Party s as well as their s because the ODFI is ultimately responsible for any transactions it initiates. Level 4 Nested Third-Party Risk The fourth level of risk when originating on behalf of Third-Party s is identifying and working with Nested Third-Party s. In order to identify a Nested Third- Party, the ODFI must have robust controls and due diligence processes in place to determine those Third-Party s that may be intermediaries for other merchants. ODFIs should look for businesses that offer services or products that handle the cash of other organizations. Some examples of businesses that may be Nested Third-Party s include: Property management companies processing rental payments and HOA dues. Payroll processors working with small businesses. Accounting agencies who offer payroll processing services. Collection agencies processing recovered cash payments. Rental agencies processing rental payments for their customers. This list is not all-inclusive; however, any of these businesses could function as Third- Party s or Nested Third-Party s. The OCC has provided basic guidance regarding an ODFI s knowledge of its Third-Party s customers stating that: 6
8 Banks that initiate ACH transactions for Third-Party s should know, at a minimum, for which originators they are initiating entries into the ACH network. Thus, banks should require Third-Party s to provide certain information on their customers such as the s name, taxpayer identification number, principal business activity, and geographic location. Also, before originating transactions, a bank should verify (directly or through a Third-Party ) that the is operating a legitimate business. 9 ODFIs should carefully review the validity and creditworthiness of all Third-Party s. When conducting the initial underwriting of an that is a customer of a Third-Party, an ODFI should employ a similar process to what it uses to evaluate a Third-Party. The ODFI should perform a detailed evaluation of each for which the Third-Party initiates entries for and understand its business and operations before agreeing to process transactions. The ODFI should pay particular attention to s that operate high-risk businesses such as telemarketing companies, credit-repair services, mail order and telephone order companies, online gambling operations, businesses located offshore, and adult entertainment businesses. These operations are typically riskier and incidents of unauthorized returns are more common with these businesses. ODFIs may consider establishing policies prohibiting transactions with certain high-risk s and Third- Party s. The Solution When it comes to managing Third-Party relationships, ODFIs are expected to understand and monitor the actions of multi-layered entities. This never-ending task requires the use of valuable employee resources and unique technologies. Ideally, ODFIs should be able to evaluate and monitor the risk associated with these entities on a real-time or near real-time basis through the use of ACH risk management technology solutions. By using these types of tools, ODFIs can more easily assess the risks associated with their originating customers. Through the simple process of entering basic information on its Third-Party s and their s such as the company s name, website address, and mailing address, ODFIs should be able to view specific information on their originating companies. These technology solutions would provide access to multiple data sources that generate analytical insight on the originating companies. In addition, these technology solutions, through the use of the gathered data, would allow for the continuous evaluation of a Third-Party s business and their originators, alerting ODFIs of any changes in the entity s financial health or operations. Furthermore, these technology solutions would also allow an ODFI to set specific risk tolerance levels and create measurable analytics for each business 9 Officer of the Comptroller of the Currency, OCC Automated Clearing House Activities, 006, news-issuances/bulletins/006/bulletin html#ftnote5, (August 03). 7
9 entity in order to more closely monitor its origination activities. Finally, these technology solutions would allow ODFIs to generate reports on any Third-Party or any of their s at any given time. Conclusion ODFIs are responsible for each ACH entry it initiates. As such, it must proactively manage the multiple levels of risk associated with its Third-Party s, their s, and their Nested s. However, in order to manage the risk according to suggested regulatory specifications, ODFIs need to invest a significant amount of time and resources to monitor these originating entities. ODFIs should evaluate the use of risk management technology solutions in order to efficiently and effectively gain broader visibility of the status and performance of its Third-Party s and their s. 8
10 About Argos Risk Argos Risk specializes in the development of web-based technology solutions that enable companies to proactively manage credit and financial risk and protect against business identity fraud. Argos Risk leverages its proprietary data analysis process Argonomics and its custom-built web portal the Technology Platform to deliver up-to-the-minute credit risk information and financial health scores to subscribers. Both of the company s products Argos Risk Online and Argos Risk Defender are fully-hosted, Software-as-a-Service, subscription-based solutions that allow companies to better manage the credit risk associated with doing business into today s economic climate. Argos Risk s flagship product, Argos Risk Online, is the first proprietary software service that provides affordable financial and business health credit risk information for small to medium-sized businesses. With access to information on over 8 million business entities, Argos Risk Online allows subscribers to continuously monitor a list of their customers, vendors, suppliers, prospects, and competitors for changes in their business and financial health. This web-based solution delivers credit updates and daily alerts via the company s secure Technology Platform. The solution s visual dashboard makes it quick and easy for a company of any size to spot upward or downward trends that may require attention. In today s fast-paced economy, Argos Risk Online enables businesses to find all the pertinent information they need in order to evaluate both old and new relationships and to stay on top of rapidly changing credit health W 77th Street, Suite 375 Edina, MN info@argosrisk.com P: 877-RISK-4 or
Don t Originate in the Dark: Shine Some Light on Your Third-Party Senders and Their Originators
Don t Originate in the Dark: Shine Some Light on Your Third-Party Senders and Their Originators This ACH risk management white paper examines the risks related to ACH transactions processed by Third-Party
More informationO OCC BULLETIN OCC 2006-39. Automated Clearing House Activities. Risk Management Guidance
O OCC BULLETIN Comptroller of the Currency Administrator of National Banks Subject: Automated Clearing House Activities Description: Risk Management Guidance TO: Chief Executive Officers, Chief Risk Officers,
More informationIdentifying Key Risk Indicator
PUERTO RICO PAYMENTS SYMPOSIUM Identifying Key Risk Indicator EPOCPR Services Agenda for Today Background History Regulators & Risk Management Let s have fun Regulators & Risk Assessment ACH Risks Categories
More informationKnow Your Customer & Know Your Customer s Customers (KYCC) BITS ACH Fraud Risk Subgroup Presented by George Thomas November 19, 2008
Know Your Customer & Know Your Customer s Customers (KYCC) BITS ACH Fraud Risk Subgroup Presented by George Thomas November 19, 2008 Agenda Theme and Issue Types of Third Party Processors Risk from Third
More informationGet In Tune With Third Parties: Finding the harmonies between Third Party Senders, Originators, and Customers.
Get In Tune With Third Parties: Finding the harmonies between Third Party Senders, Originators, and Customers. Marsha Jones President TPPPA Brent Siegel Vice President Argos Risk 1 1 AGENDA/OUTLINE Third-Party
More informationThird-Party Senders Risks and Best Practices
Third-Party Senders Risks and Best Practices Please turn off all cell phones or mobile devices. Thank you to today s sponsors! This morning s refreshment break sponsored by The Royal Bank of Scotland EventMobile
More informationThird-Party Sender Case Studies: ODFI Best Practices to Close the Gap An ACH Risk Management White Paper
Third-Party Sender Case Studies: ODFI Best Practices to Close the Gap An ACH Risk Management White Paper This ACH risk management white paper examines three case studies related to Third-Party Sender Risk.
More informationGUIDANCE ON PAYMENT PROCESSOR RELATIONSHIPS (Revised July 2014)
Federal Deposit Insurance Corporation 550 17th Street NW, Washington, D.C. 20429-9990 Financial Institution Letter FIL-127-2008 November 7, 2008 GUIDANCE ON PAYMENT PROCESSOR RELATIONSHIPS (Revised July
More informationThird Party Payment Processors Job Aid
Third Party Payment Processors Job Aid This job aid is to be used by state institution examiners as a means to understand, identify, and assess the risks associated with institutions relationships with
More informationAIM for Success and Effectively Manage High Risk Originators
AIM for Success and Effectively Manage High Risk Originators Pamela T. Rodriguez, AAP, CIA, CISA EVP, Risk Management & Education, EastPay Brent Siegel Vice President, Argos Risk Disclaimer This presentation
More informationACH Operations Bulletin #2-2013
ACH Operations Bulletin #2-2013 High-Risk Originators and Questionable Debit Activity March 14, 2013 EXECUTIVE SUMMARY Recent press reports have inaccurately stated that some Receiving Depository Financial
More informationIncreasingly community banks are turning to
A system of ACH risk-management valves can help banks bypass the big loss By Jeanette A. Fox and Cary Whaley Increasingly community banks are turning to payments, specifically Automated Clearing House
More informationManaging your community bank s ACH and demand draft risk By George F. Thomas
Payment Protocols Managing your community bank s ACH and demand draft risk By George F. Thomas Would anyone in their right mind attempt to drive a car blindfolded? Well, the answer would be an emphatic
More informationAutomated Clearing House
Automated Clearing House THE SERVICE Customer wishes to initiate credit and/or debit Entries as an Originator through Bank to Accounts maintained at Bank and in other depository financial institutions
More informationPayment Processor Relationships Revised Guidance
Federal Deposit Insurance Corporation 550 17th Street NW, Washington, D.C. 20429-9990 Payment Processor Relationships Revised Guidance Financial Institution Letter FIL-3-2012 January 31, 2012 Summary:
More informationManaging TPPPs and TPSs in the Current Regulatory Environment
November 2015 Managing TPPPs and TPSs in the Current Regulatory Environment Prepared by: Jodie Ruby, Director Audience: This document is intended for managers, directors and executives who deal with business
More informationACH Operations Bulletin #1-2014
ACH Operations Bulletin #1-2014 Questionable ACH Debit Origination: Roles and Responsibilities of ODFIs and RDFIs September 30, 2014 Replaces ACH Operations Bulletin #2-2013 (Originally Issued March 14,
More informationBusiness Information Services. Product overview
Business Information Services Product overview Capabilities Quality data with an approach you can count on every step of the way Gain the distinctive edge you need to make better decisions throughout the
More informationACH Internal Control Questionnaire
ACH Internal Control Questionnaire AUTOMATED CLEARING HOUSE (ACH) Assessment of the Adequacy of Internal Controls Completed by: Date Completed: Quality of Management and Support for ACH Processing Activity
More informationRisk Management of Remote Deposit Capture
Federal Financial Institutions Examination Council 3501 FAIRFAX DRIVE ROOM 3086 ARLINGTON, VA 22226-3550 (703) 516-5487 http://www.ffiec.gov Background and Purpose Risk Management of Remote Deposit Capture
More informationBank Secrecy Act, Anti-Money Laundering, and Office of Foreign Assets Control
Bank Secrecy Act, Anti-Money Laundering, and Office of Foreign Assets Control Overview The Bank Secrecy Act (BSA) was created in 1970 to assist in criminal, tax, and regulatory investigations. The Financial
More informationTHIRD PARTY PAYMENT PROVIDERS
THIRD PARTY PAYMENT PROVIDERS BY DARLIA FOGARTY, DIRECTOR OF COMPLIANCE & COO KNOWLEDGE. CLARITY. RELIABILITY. www.compliancealliance.com (888) 353-3933 THIRD PARTY PAYMENT PROCESSORS Third Party Payment
More informationSelecting a Secure and Compliant Prepaid Reloadable Card Program
Selecting a Secure and Compliant Prepaid Reloadable Card Program Merchants and other distributors of prepaid general purpose reloadable (GPR) cards should review program compliance as an integral part
More informationACH and Third Party Payment Processors
ACH and Third Party Payment Processors Definition of Third-Party Relationship Entity with which financial institution has entered into a business relationship Facilitate customer access to bank services
More informationGoing All In on Board Reporting
Going All In on Board Reporting February 13, 2014 10:15 A.M to 11:15 A.M. Tony DaSilva, AAP, CISA Senior Examiner, Federal Reserve Bank of Atlanta Rajiv Donde President, Laru Technologies Peter Davey,
More informationACH Transactions
ACH Operations Bulletin #2-2014 ACH Transactions Involving Third-Party Senders and Other Payment Intermediaries December 30, 2014 EXECUTIVE SUMMARY In most ACH transactions, the roles of the various parties
More informationone admin. one tool. Providing instant access to hundreds of industry leading verification tools.
2 7 12 14 11 15 8 16 10 41 40 42 19 49 45 44 50 48 47 51 46 52 53 55 54 56 57 67 68 1 5 39 43 58 71 81 82 69 70 88 25 29 23 26 22 3 21 28 4 6 32 30 38 33 31 37 34 35 36 63 59 64 60 62 61 65 72 73 66 74
More informationService Agreement. UltraBranch Business Edition. alaskausa.org AKUSA 02952 R 05/15
Service Agreement UltraBranch Business Edition Your savings federally insured to at least $250,000 and backed by the full faith and credit of the United States Government. National Credit Union Administration,
More informationUnlawful Internet Gambling Enforcement Act of 2006 Overview
Attachment A Unlawful Internet Gambling Enforcement Act of 2006 Overview This document provides an overview of the Unlawful Internet Gambling Enforcement Act of 2006 (UIGEA or Act), 31 USC 5361-5366, and
More informationACH GUIDE ACH PARTICIPATION
Materials needed: ACH policies (Audit and general), the last two ACH audits, security settings (Operator Reports) for the processing method the FI has chosen, Originator contracts and any reviews of Originator
More informationAttachment. OCC Guidance on Due Diligence Requirements in Determining Whether Securities Are Eligible for Investment
Attachment OCC Guidance on Due Diligence Requirements in Determining Whether Securities Are Eligible for Investment The guidance below was issued by the Office of the Comptroller of the Currency (OCC)
More informationChief Executive Officers of All National Banks, Department and Division Heads, and All Examining Personnel.
AL 2000 9 O OCC ADVISORY LETTER Comptroller of the Currency Administrator of National Banks Subject: Third-Party Risk TO: Chief Executive Officers of All National Banks, Department and Division Heads,
More informationInformation Technology
Information Technology Information Technology Session Structure Board of director actions Significant and emerging IT risks Practical questions Resources Compensating Controls at the Directorate Level
More informationNevada Registered Agents Association
Nevada Registered Agents Association Best Practices Recommendations to Prevent the Exploitation of Nevada Business Entities for Criminal Activities, and for the Protection of the Nevada Registered Agent
More informationExecutive Fraud Forum October 30, 2013
Executive Fraud Forum October 30, 2013 Payments Fraud Trends Mary Kepler, Director, Retail Payments Risk Forum, Federal Reserve Bank of Atlanta Judy Long, Executive Vice President, First Citizens National
More informationFFIEC Cybersecurity Assessment Tool
Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,
More informationBeyond Compliance: Building a Robust Ethics and Compliance Program
Beyond Compliance: Building a Robust Ethics and Compliance Program Overview Risks are increasing and organizations are called to develop effective compliance risk mitigation programs Today, the explosion
More informationAutomotive Services. Tools for dealers, lenders and industry service providers that drive profitable results in today s economy
CONSUMER INFORMATION SOLUTIONS Automotive Services Tools for dealers, lenders and industry service providers that drive profitable results in today s economy Reach the right prospects Automotive solutions
More informationMortgage Services > Today s mortgage lenders are faced with. constant challenges Equifax can help. CONSUMER INFORMATION SOLUTIONS
CONSUMER INFORMATION SOLUTIONS Mortgage Services > Today s mortgage lenders are faced with constant challenges Equifax can help. From quick access to tri-merge reports to independent third-party appraisals,
More informationNCUA LETTER TO CREDIT UNIONS
NCUA LETTER TO CREDIT UNIONS NATIONAL CREDIT UNION ADMINISTRATION 1775 Duke Street, Alexandria, VA 22314 DATE: August 2008 LETTER NO.: 08-CU-19 TO: SUBJ: Federally Insured Credit Unions Third-Party Relationships:
More informationValidating Third Party Software Erica M. Torres, CRCM
Validating Third Party Software Erica M. Torres, CRCM Michigan Bankers Association Risk Management & Compliance Institute September 29, 2014 MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT
More informationOCC 98-3 OCC BULLETIN
To: Chief Executive Officers and Chief Information Officers of all National Banks, General Managers of Federal Branches and Agencies, Deputy Comptrollers, Department and Division Heads, and Examining Personnel
More informationRISK MANAGEMENT UPDATE Lessons [To Be] Learned from Recent Enforcement Actions
RISK MANAGEMENT UPDATE Lessons [To Be] Learned from Recent Enforcement Actions Presented by: Dixie K. Hieb and Robb Schlimgen Davenport, Evans, Hurwitz & Smith, LLP www.dehs.com 2014 Davenport, Evans,
More informationMoney One Federal Credit Union Pocket 2 Pocket Service E-SIGNATURE AND ELECTRONIC DISCLOSURES AGREEMENT
Money One Federal Credit Union Pocket 2 Pocket Service E-SIGNATURE AND ELECTRONIC DISCLOSURES AGREEMENT You are signing up to use the Pocket 2 Pocket service powered by Acculynk that allows you to send
More informationTHE UH OH MOMENT. Financial Services Enterprises Focus on Governance, Transparency and Supply Chain Risk
THE UH OH MOMENT Financial Services Enterprises Focus on Governance, Transparency and Supply Chain Risk By Lois Coatney, Chuck Walker and Joseph Yacura, ISG Directors www.isg-one.com INTRODUCTION A top
More informationRemote Deposit Capture Customer Due Diligence FFIEC Tier II Exam Considerations Plus Mobile Capture! March 5, 2014. Topics of Discussion
Remote Deposit Capture Customer Due Diligence FFIEC Tier II Exam Considerations Plus Mobile Capture! March 5, 2014 Carolyn C. Dowdy, Speaker Bank Project Solutions does not guaranty by implementing criteria
More informationFDIC Updates Guidance on Payment Processor Relationships
February 2012 FDIC Updates Guidance on Payment Processor Relationships BY KEVIN L. PETRASIC In its recently issued Financial Institution Letter, FIL-3-2012, the Federal Deposit Insurance Corporation (
More informationRegulatory Practice Letter February 2014 RPL 14-05
Regulatory Practice Letter February 2014 RPL 14-05 CFPB Nonbank Supervision of International Money Transfer Providers Proposed Rule Executive Summary The Consumer Financial Protection Bureau (CFPB or Bureau)
More informationThe rise of third party relationships means rise in risk and regulation. Non-compliance is risky business for financial institutions
The rise of third party relationships means rise in risk and regulation Non-compliance is risky business for financial institutions Increasing dependency on third parties by banks has resulted in mandatory
More informationThird Party Relationships
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 A B D INTRODUCTION AND PURPOSE Background Yes/No Comments 1. Does the credit union maintain a list of the third party
More informationSound Business Practices for Businesses to Mitigate Corporate Account Takeover
Sound Business Practices for Businesses to Mitigate Corporate Account Takeover This white paper provides sound business practices for companies to implement to safeguard against Corporate Account Takeover.
More informationExecutive Summary. Guidelines on Merchant and ISO Underwriting and Risk Monitoring MARCH 2014 COUNSEL DEVELOPED BY
TM MARCH 2014 Guidelines on Merchant and ISO Underwriting and Risk Monitoring Executive Summary DEVELOPED BY www.deanarich.com COUNSEL Venable LLP Jeffrey D. Knowles Ellen Traupman Berge Leonard L. Gordon
More informationStrengthen security with intelligent identity and access management
Strengthen security with intelligent identity and access management IBM Security solutions help safeguard user access, boost compliance and mitigate insider threats Highlights Enable business managers
More informationGovernment Crime Prevention Regulations. Richard Fraher VP & Counsel to the Retail Payments Office Federal Reserve Bank of Atlanta
Government Crime Prevention Regulations Richard Fraher VP & Counsel to the Retail Payments Office Federal Reserve Bank of Atlanta The Big Disclaimers The views expressed in this presentation are those
More informationYou Can t Afford the Risks
Anti-Money Laundering You Can t Afford the Risks Audit Tax Advisory The Risks Associated With AML/Sanctions Compliance Are Just Too Great to Ignore Continued increases in regulatory scrutiny and rigorous
More informationAn Oracle White Paper November 2011. Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime
An Oracle White Paper November 2011 Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime Disclaimer The following is intended to outline our general product direction.
More information2014 Financial Services Industry Compliance Benchmark Study
2014 Financial Services Industry Compliance Benchmark Study Presented By: and Executive Summary Beginning in early December 2013, SAI Global Compliance conducted a survey among compliance professionals
More informationCOMMENTARY. occ and fdic Guidance on Supervisory Concerns and Expectations Regarding Deposit Advance Products JONES DAY
December 2013 JONES DAY COMMENTARY occ and fdic Guidance on Supervisory Concerns and Expectations Regarding Deposit Advance Products The Office of the Comptroller of the Currency ( OCC ) and the Federal
More informationBank Secrecy Act/ Anti-Money Laundering Examination Manual
Bank Secrecy Act/ Anti-Money Laundering Examination Manual Federal Financial Institutions Examination Council Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, National
More informationSupporting Effective Compliance Programs
October 2015 Supporting Effective Compliance Programs The Oversight Roles of the Board Audit and Risk Committees in Regulatory Compliance By Paul Osborne, CPA, CAMS, AMLP, and Peggy Sepp, CIA To be effective,
More informationWEB ACH Primer. Receiver The person (for WEB transactions this must be a human being) who owns the bank account being debited.
The WEB ACH transaction type was introduced in March 2001. It is defined as a debit entry to a consumer bank account, for which the authorization was obtained from the Receiver (the consumer who owns the
More informationBlind spot Banks are increasingly outsourcing more activities to third parties. But they can t outsource the risks.
Blind spot Banks are increasingly outsourcing more activities to third parties. But they can t outsource the risks. For anyone familiar with the banking industry, it comes as no surprise that banks are
More informationAssessing Credit Risk
Assessing Credit Risk Objectives Discuss the following: Inherent Risk Quality of Risk Management Residual or Composite Risk Risk Trend 2 Inherent Risk Define the risk Identify sources of risk Quantify
More informationManaging Small Business Banking Regulatory and Class Action Risk. Scott M. Pearson Cory Kampfer Chief Legal Officer Ballard Spahr LLP OnDeck
Managing Small Business Banking Regulatory and Class Action Risk Scott M. Pearson Cory Kampfer Partner Chief Legal Officer Ballard Spahr LLP OnDeck Overview Regulation of traditional small business lending
More informationThird-Party Payment Processing and Financial Crimes March 14, 2012
Third-Party Payment Processing and Financial Crimes March 14, 2012 Michael Benardo Chief, Cyber Fraud & Financial Crimes Section Division of Risk Management Supervision Federal Deposit Insurance Corporation
More informationHIGH-RISK COUNTRIES IN AML MONITORING
HIGH-RISK COUNTRIES IN AML MONITORING ALICIA CORTEZ TABLE OF CONTENTS I. Introduction 3 II. High-Risk Countries 3 Customers 4 Products 7 Monitoring 8 Audit Considerations 8 III. Conclusion 10 IV. References
More information1 Copyright 2011, Oracle and/or its affiliates. All rights reserved.
1 Copyright 2011, Oracle and/or its affiliates. All rights Challenges in Implementing the Financial Action Task Force (FATF) recommendations on Risk Based Approach by R. Suresha CAMS 2 Copyright 2011,
More informationAML Topics Using analytics to get the most from your transaction monitoring system
www.pwc.com AML Topics Using analytics to get the most from your transaction monitoring system March 2011 Contents Components of the AML Compliance Program... 1 Transaction Monitoring... 1 Transaction
More informationIAT Scenarios Simplified
IAT Scenarios Simplified Several abbreviated scenarios are provided below to better understand when a specific payment transaction involving the U.S. ACH Network would be deemed an International ACH Transaction
More informationIBM Financial Transaction Manager for ACH Services IBM Redbooks Solution Guide
IBM Financial Transaction Manager for ACH Services IBM Redbooks Solution Guide Automated Clearing House (ACH) payment volume is on the rise. NACHA, the electronic payments organization, estimates that
More informationPayment Systems: Regulatory Interest in Payment Processors, Faster Payments, and Related Consumer Protections
July 2015 RPL15-04 Payment Systems: Regulatory Interest in Payment Processors, Faster Payments, and Related Consumer Protections Executive Summary The expansion of the Internet and the growth in electronic
More informationUnderstanding & Managing Third Party Relationships in the ACH Network. PAYMENTS 2008 May 18, 2008 Las Vegas, NV
Understanding & Managing Third Party Relationships in the ACH Network PAYMENTS 2008 May 18, 2008 Las Vegas, NV 1 Your Presenters Stuart Williams Director, CheckFree Payment Services CheckFree now part
More informationGUIDANCE FOR MANAGING THIRD-PARTY RISK
GUIDANCE FOR MANAGING THIRD-PARTY RISK Introduction An institution s board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships,
More informationTHE KEYS TO SMART (AND PROFITABLE) BUSINESS CREDIT MANAGEMENT
HOW STRONG BUSINESS CREDIT BUILDS YOUR COMPANY LENDERS YOUR BUSINESS CREDIT PROFILE Access better credit terms with key suppliers. Negotiate lower rates with lenders, and grow your business more quickly.
More informationFIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES
FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES The implications for privacy and security in the emergence of HIEs The emergence of health information exchanges (HIE) is widely
More informationFederal Financial Institutions Examination Council FFIEC. Retail Payment Systems RPS. February 2010 IT EXAMINATION HANDBOOK
Federal Financial Institutions Examination Council FFIEC Retail Payment Systems February 2010 RPS IT EXAMINATION HANDBOOK RETAIL PAYMENT SYSTEMS RISK MANAGEMENT Action Summary Financial institutions engaged
More informationWhite Paper on Financial Institution Vendor Management
White Paper on Financial Institution Vendor Management Virtually every organization in the modern economy relies to some extent on third-party vendors that facilitate business operations in a wide variety
More informationThe 2006 FFIEC Bank Secrecy Act/Anti-Money Laundering Examination Manual:
The 2006 FFIEC Bank Secrecy Act/Anti-Money Laundering Examination Manual: Knowing the Risks Is It Possible to Keep Pace and Manage Them All? By: Carmina Hughes, Executive Director and Patricia McKeown,
More informationComptroller s Handbook for National Bank Examiners April 1992 - Temporary Insert. Merchant Processing Introduction Section 212A.1
Comptroller s Handbook for National Bank Examiners April 1992 - Temporary Insert Merchant Processing Introduction Section 212A.1 Merchant processing is the settlement of credit card sales transactions
More informationSIEBEL HEALTHCARE SOLUTIONS
SIEBEL HEALTHCARE SOLUTIONS Oracle s Siebel Healthcare offers rich relationship management solutions designed specifically for health insurance, employee benefits, and care delivery organizations. It enables
More informationAML & Mortgage Fraud Compliance Program v. 08.2013 ANTI-MONEY LAUNDERING & MORTGAGE FRAUD COMPLIANCE PROGRAM
ANTI-MONEY LAUNDERING & MORTGAGE FRAUD COMPLIANCE PROGRAM Version: 2.0 dated 08.2013 TABLE OF CONTENTS AML & Mortgage Fraud Compliance Program 1.0 PURPOSE AND SCOPE... 3 2.0 APPLICABLE REGULATIONS AND
More informationPayment Systems Today: Latest Legal and Regulatory Challenges
Payment Systems Today: Latest Legal and Regulatory Challenges October 14, 2014 Jon Genovese, Vantiv Ellen T. Berge, Esq., Venable LLP Ed Wilson, Esq., Venable LLP Andrew E. Bigart, Esq., Venable LLP 1
More informationAn Oracle White Paper October 2009. An Integrated Approach to Fighting Financial Crime: Leveraging Investments in AML and Fraud Solutions
An Oracle White Paper October 2009 An Integrated Approach to Fighting Financial Crime: Leveraging Investments in AML and Fraud Solutions Executive Overview Today s complex financial crime schemes pose
More information360 Degrees: Regulating Payday Lending from All Angles By Christopher Dye, Senior Compliance Counsel, Harland Financial Solutions
360 Degrees: Regulating Payday Lending from All Angles By Christopher Dye, Senior Compliance Counsel, Harland Financial Solutions There s a scene in almost every old cop movie where the hero strongly suggests
More informationElectronic Transactions Association Guidelines on Merchant and ISO Underwriting and Risk Monitoring
TM MARCH 2014 Electronic Transactions Association Guidelines on Merchant and ISO Underwriting and Risk Monitoring DEVELOPED BY www.deanarich.com COUNSEL Venable LLP Jeffrey D. Knowles Ellen Traupman Berge
More informationService. ACH Processing Services Outsourced ACH Solutions Tailored to Your Requirements and Budget
Service ACH Processing Services Outsourced ACH Solutions Tailored to Your Requirements and Budget originating and receiving ACH electronic funds transfers with speed and efficiency. A comprehensive range
More informationRisks and Precautions with Title Lending
AL 2000 11 O OCC ADVISORY LETTER Comptroller of the Currency Administrator of National Banks Subject: Title Loan Programs TO: Chief Executive Officers of All National Banks, Department and Division Heads,
More informationSponsors & Exhibitors Listing
Sponsors & s Listing ACH Alert, LLC Vendor Showcase Increase revenue while decreasing fraud, with ACH Alert s patented, highly automated and effective customer engaging fraud prevention SaaS solutions.
More informationORACLE PROJECT MANAGEMENT
ORACLE PROJECT MANAGEMENT KEY FEATURES Oracle Project Management provides project managers the WORK MANAGEMENT Define the workplan and associated resources; publish and maintain versions View your schedule,
More informationDCU BULLETIN Division of Credit Unions Washington State Department of Financial Institutions Phone: (360) 902-8701 FAX: (360) 704-6901
DCU BULLETIN Division of Credit Unions Washington State Department of Financial Institutions Phone: (360) 902-8701 FAX: (360) 704-6901 December 19, 2007 No. B-07-13 Structuring a Member Business Lending
More informationFunds Transfer Agreement
Funds Transfer Agreement Your Lifetime Financial Partner This Funds Transfer Authorization Agreement & Notice ( Agreement ) applies to all domestic or international Wire Transfers and Automated Clearing
More informationInternational ACH Transactions (IAT) Frequently Asked Questions Corporate Customers
Frequently Asked Questions Corporate Customers IAT changes were made for regulatory compliance The first step is to understand and recognize OFAC requirements - corporates must comply with OFAC requirements
More informationOCC 97-24 OCC BULLETIN
OCC 97-24 OCC BULLETIN Comptroller of the Currency Administrator of National Banks Subject: Credit Scoring Models Description: Examination Guidance TO: Chief Executive Officers of all National Banks, Department
More information2015 NACHA Rules, Same Day ACH and Regulation E Changes
2015 NACHA Rules, Same Day ACH and Regulation E Changes Recently Approved Amendments to Improve Quality and Reduce Risk in the ACH Network 2015 NYBA Technology, Compliance & Risk Management Forum DISCLAIMER
More informationMODEL SCHEDULE OF WTO COMMITMENTS FOR INVESTMENT BANKING, TRADING, AND ASSET MANAGEMENT Explanatory Memorandum
March 8, 2005 MODEL SCHEDULE OF WTO COMMITMENTS FOR INVESTMENT BANKING, TRADING, AND ASSET MANAGEMENT Explanatory Memorandum I. INTRODUCTION Internationally active securities companies are working together
More informationCORL Dodging Breaches from Dodgy Vendors
CORL Dodging Breaches from Dodgy Vendors Tackling Vendor Security Risk Management in Healthcare Introductions Cliff Baker 20 Years of Healthcare Security experience PricewaterhouseCoopers, HITRUST, Meditology
More informationRe: Docket No. R-1298 Prohibition on Funding of Unlawful Internet Gambling
JkRADIX jgg ^CONSULTING tf INCORPORATION V H ^^^^^r 1hf scowfc* y*ti pj^mtnb n«di PO Box 584 Oakdale, NY 11769 December 6, 2007 Board of Governors of the Federal Reserve System 20th and C Streets, N.W.
More informationQuick Reference Guide
Quick Reference Guide Visa DPS Prepaid Processing Frequently Asked Questions XX Thank you for your interest in Visa DPS prepaid processing. When you start looking for ways to enter or expand your presence
More informationWhite Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management
White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK By James Christiansen, VP, Information Management Executive Summary The Common Story of a Third-Party Data Breach It begins with a story in the newspaper.
More informationEnterprise Risk Management Process Improvement. Secure Banking Solutions, LLC
Enterprise Risk Management Process Improvement 2 Contact Information Contact Information Chad Knutson Senior Information Security Consultant CISSP, CISA, CRISC Phone: 605-480-3366 chad.knutson@protectmybank.com
More information