Payment Systems and Funds Transfer Internal Control Questionnaire



Similar documents
Payment Systems and Funds Transfer Activities

ACH Internal Control Questionnaire

INTERNAL ACCOUNTING CONTROLS CHECKLIST FOR NTMA CHAPTERS

BANKOH BUSINESS CONNECTIONS WIRE TRANSFER GUIDE

Agency Escrow Accounting Standards.

Funds Transfer Agreement

Ithaca College Accepting Cash and Checks Procedures

What are the minimum internal control standards for lines of credit?

Online Banking Agreement

WEST CENTRAL BANK ONLINE BANKING AGREEMENT AND DISCLOSURE

BUSINESS ONLINE BANKING AGREEMENT

ACH GUIDE ACH PARTICIPATION

ENT FEDERAL CREDIT UNION FUNDS TRANSFER AGREEMENT AND NOTICE

PART 10 COMPUTER SYSTEMS

Service Agreement. UltraBranch Business Edition. alaskausa.org AKUSA R 05/15

Automated Clearing House

INTERNATIONAL BANK OF CHICAGO

MIDDLESEX SAVINGS BANK ONLINE BANKING AGREEMENT

Treasury Management Services Product Terms and Conditions

COUNTY OF TRINITY CASH HANDLING PROCEDURES

ONLINE BANKING APLICATION

Access Agreement. I. Introduction

DEBIT CARD & ELECTRONIC FUNDS TRANSFER DISCLOSURE

CHAPTER 11 COMPUTER SYSTEMS INFORMATION TECHNOLOGY SERVICES CONTROLS

Chapter 7 Trustee. Internal Control Questionnaire

Business Online Banking Client Setup Form

WIRE TRANSFER GUIDE. 1 Fedline Advantage/Fedline Web from Federal Reserve Bank 2 Autosolution from Bankers Bank 3 Telephone 4 Other (Internet)

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results

Broker-Dealer Concepts

APPLICANT PROPOSAL For Non-Emergency Medical Transportation (NEMT) Coordination Services

Electronic Funds Transfer Policy

Index #: Page 1 of 7

Federal Reserve Banks Operating Circular No. 4 AUTOMATED CLEARING HOUSE ITEMS

INFORMATION TECHNOLOGY CONTROLS

FORM 20A.9 SAMPLE AUDIT PROGRAM FOR TESTING IT CONTROLS. Date(s) Completed. Workpaper Reference

HORATIO STATE BANK ONLINE BANKING AGREEMENT AND DISCLOSURE

Online Access Agreement and Disclosure

SANGER BANK ONLINE BANKING AGREEMENT AND DISCLOSURE

CONSUMER ONLINE BANKING DISCLOSURE AND AGREEEMENT

Online Banking Agreement

ELECTRONIC FUNDS TRANSFER AGREEMENT and DISCLOSURE - REG E

PART I - PRELIMINARY...1 Objective...1 Applicability...2 Legal and Regulatory Provision...2

ONLINE BANKING AGREEMENT AND DISCLOSURE

Electronic Funds Transfer Agreement and Disclosures

Business Electronic Funds Transfer Disclosure Statement and Agreement

Old Dominion National Bank Consumer ebanking Access Agreement and Electronic Fund Transfer Act Disclosure

FIRST COMMERCIAL BANK. First Commercial Bank Internet Banking Agreement and Disclosure

General IT Controls Audit Program

"You" and "your" mean the account holder(s) and anyone else with authority to deposit, withdraw, or exercise control over the funds in the account.

POLICY & PROCEDURE DOCUMENT NUMBER: DIVISION: Finance & Administration. TITLE: Cash Operations Policy and Procedures. DATE: July 15, 2011

Online Banking Agreement

GREAT AMERICAN TITLE OF HOUSTON, LLC D/B/A GREAT AMERICAN TITLE COMPANY EXAMINATION REPORT NOVEMBER 24, 2015

5:31-7 Appendix B LOCAL AUTHORITIES - ACCOUNTING AND AUDITING IF ANY ARE NOT APPLICABLE, INSERT N/A AS YOUR ANSWER. FIRE DISTRICT YEAR UNDER AUDIT

Accounts Payable. Best Practices: Existing Control: Control Gap: Controls Evaluation and Gap Analysis. Purchasing

Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID MOS10

MOBILE DEPOSIT AGREEMENT AND DISCLOSURE ONLINE BANKING AGREEMENT ADDENDUM

Internet Banking Internal Control Questionnaire

Home State Bank Online Access Agreement

Bank of Kirksville Internet Banking Application

Fairport Savings Bank Online Banking Access Agreement

Arlington Community Federal Credit Union P.O. Box Arlington, VA (703)

Office 365 Data Processing Agreement with Model Clauses

Wire Transfer Agreement

ELECTRONIC FUNDS TRANSFERS AGREEMENT YOUR RIGHTS AND RESPONSIBILITIES

DirectNET Consumer Online Banking

Department of Sociology Cash Handling Procedures Fiscal Year 2016

PC Teller Consumer Agreement & Disclosures

Amendments and Modifications to Internal Procedure Rules of AS Talveaed.

FLORIDA HIGHWAY PATROL POLICY MANUAL

Online Banking - Terms and Conditions

CWBdirect Business Online Banking. User Guide

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

(unofficial English translation)

Online Service Agreement for Business Accounts

Internal Control Guidelines

Internal Controls: Best Practices for Political Campaigns in New York City

GREATER TEXAS FEDERAL CREDIT UNION RECORDS PRESERVATION PROGRAM

ONLINE BANKING DISCLOSURE/AGREEMENT

Online Banking Service Agreement

CREDIT CARD MERCHANT POLICY. All campuses served by Louisiana State University (LSU) Office of Accounting Services

7. You agree to grant MCB a security interest in all your property in our possession to secure payment of your obligations under this Addendum.

CITIZENS DEPOSIT BANK ONLINE BANKING AGREEMENT AND DISCLOSURE

Bill Payment Service

FIRST NIAGARA RETAIL ACCOUNT DISCLOSURE BOOKLET

Contact information for account assistance is listed on the last page of this brochure. Please read the following terms and conditions carefully.

REGULATION E DISCLOSURE

IT - General Controls Questionnaire

How To Pay A Bank Transfer At The University Of Central Florida

Transcription:

Payment Systems and Funds Transfer Internal Control Questionnaire Completed by: Date Completed: I. ORGANIZATION 1. Has a written wire transfer policy been approved by the board of directors? 2. Has a current organizational plan been developed that shows the structure of the funds transfer function? 3. Does senior management provide administrative direction for operation of the funds transfer function? 4. Does management regularly review staff compliance with credit and personnel procedures, operating instructions, and internal controls? 5. Does management receive and review activity and quality control reports? 6. Are those reports designed to show unusual activity or disclose system use without proper authorization? 7. Is management informed of new systems design and available hardware for the wire transfer system? II. PERSONNEL 1. Has the institution taken steps to ensure that screening procedures are applied to personnel hired for sensitive positions in the wire transfer area? 2. Does the institution prohibit new employees from working in sensitive areas of the wire transfer function? 3. Is special attention paid by supervisory staff to new employees assigned to work in the wire transfer function? 4. Are temporary employees excluded from working in sensitive areas? a. If not, is the number of such employees limited? 5. Are statements of indebtedness required of employees in sensitive positions of the wire transfer function? 6. Are employees subject to unannounced rotation of responsibilities regardless of the size of the institution? IT B5-1

7. Are relatives of employees in the wire transfer function precluded from working in the same institution s bookkeeping or data processing departments? 8. Does the institution s policy require that employees take a minimum number of consecutive days as part of their annual vacation? 9. Is the institution s vacation policy being enforced? 10. Does management reassign employees who have given notice of resignation or been given termination notices from sensitive areas of the wire transfer function? 11. Upon termination or transfer: a. Is the employee s access to the wire transfer area treated as that of a visitor and controlled as such? b. Are changes made to all combinations, key locks, and card access systems to which the employee had access? c. Are all passwords and user IDs assigned to the employee changed and/or deleted? 12. Is a training program used to alert personnel to the current trends in wire transfer activities and to the necessity of adequate internal control? III. OPERATING PROCEDURES 1. Do written procedures exist for employees in the incoming, preparation, data entry, balance verification, transmission, accounting, reconciling, and security areas of the wire transfer function? 2. Do written procedures exist for employees in all areas of the wire transfer function, including: a. Incoming preparation? b. Data entry? c. Balance verification? d. Transmission? e. Accounting? f. Reconciling? g. Security? 3. Do the procedures cover: a. Access to the wire transfer area and user files? b. Terminal security and password control? c. Control over test words, signature lists, and opening and closing messages? B5-2 IT

d. Origination of wire transfer transactions and the modification and deletion of payment orders or messages? e. Review of rejected payment orders or messages? f. Verification of sequence numbers? g. End-of-day accounting for all transfer requests and message traffic? h. Control over messages or payment orders received too late to process the same day? i. Control over payment orders with future value dates? j. Retention of unbroken monitor roll? k. Supervisory review of all adjustments, reversals, reasons for reversals, and open items? l. Contingency planning? 4. Are those procedures periodically reviewed and updated? 5. Are standard wire transfer request forms used by all areas of the bank? 6. Are the standard forms sequentially numbered and do they require the following information: a. Type, number, and name on the account to be debited? b. Amount to be transferred? c. Execution date of the transfer? d. Name of the beneficiary? e. Account number of the beneficiary? f. Beneficiary s bank? g. Name of the originator? h. Name and department of the employee accepting the transfer? IV. AGREEMENTS 1. Are agreements concerning wire transfer operations between the financial institution and its hardware and software vendors, maintenance companies, customers, correspondent banks, and the Federal Reserve Bank in effect and current? (Note: Agreements with the Federal Reserve Bank should specifically refer to the operating circular(s) regarding wire transfer of funds pursuant to subpart B of Regulation J.) IT B5-3

2. Do wire transfer agreements include the following: a. A list of the individuals authorized to initiate and/or approve transfers, with limits and restrictions (if applicable)? b. Accounts (both debit and credit) to which the agreement applies? c. Authentication procedures for each type of transfer initiation (telephone, written, telex, fax, and electronic mail)? d. A provision that holds the bank harmless from losses arising from customer negligence when the bank has exercised due diligence by conformance with the agreement and internal bank policy? e. A statement informing the customer that all telephone initiations will be tape-recorded? f. Authority to establish repetitive transfer procedures for frequently executed types of transfers (where the only variable elements are the amount and date)? 3. Do the agreements fix responsibilities and accountability between the parties? 4. Do both the hardware and software vendors guarantee continuity of service in the event of a failure? a. If so, does the guarantee specify recovery time? 5. Are there agreements between the financial institution and vendors setting forth the vendors liability for actions performed by their employees? V. CONTINGENCY PLANS 1. Have written contingency plans been developed for partial or complete failure of the systems and/or communication lines between the financial institution and the New York Clearing House, Federal Reserve Bank, data centers, and/or service companies? 2. Are those contingency plans reviewed regularly? 3. Are those plans tested periodically? 4. Has management distributed those plans to all wire transfer personnel? 5. Are sensitive information and equipment adequately secured before evacuation in an emergency and is further access to the affected areas denied by security personnel? B5-4 IT

VI. OPERATIONS PROCESSING 1. Are all incoming and outgoing payment orders and message requests received in the wire transfer area, and are payment orders: a. Time-stamped or sequentially numbered for control? b. Logged? Reviewed for signature authenticity? Reviewed for test verification, if applicable? Reviewed to determine whether personnel who initiate fund transfer requests have the authority to do so? 2. Are call-back procedures used when transfer requests are made: a. For nonrepetitive transfers of funds to a third party? b. When the amount is above a predetermined monetary limit stipulated in a wire transfer agreement? c. For PUPID (pay upon proper ID) requests or for payments in cash? 3. Are call backs made to an individual on the authorization list other than the individual who initiated the transaction? 4. Are current lists of authorized signatures maintained in the wire transfer area? 5. Do those lists indicate the amount of funds which the individuals are authorized to release? 6. Are lists of authorized signers updated as soon as possible when authorized employees terminate their employment? 7. Are payment orders and message requests reviewed by someone other than the receipt clerk for: a. Propriety of the transactions? b. Future dates, especially for multiple transaction requests? 8. Are the receipt, data entry, and authentication functions in the wire transfer area adequately segregated? 9. Are all transactions checked by a supervisor prior to release of the payments? IT B5-5

10. Are all payment orders and message requests accounted for in an end-of-day proof to ensure that all requests have been processed? 11. Are all prenumbered forms, including cancellations, accounted for in the end-of-day proof? 12. Does the wire transfer department prepare a daily reconcilement of funds sent and received over the system (CHIPS and Fedwire) indicating the dollar amount and number of transaction? 13. Is the daily reconcilement of fund transfer and message request activity reviewed by supervisory personnel? 14. Are customer transfers and message requests that have been rejected by an in-house terminal carefully controlled and assigned a sequence number for accountability? 15. Are as of adjustments, open items, and reversals reviewed and approved by an officer? 16. Do records of fund transfer message requests contain: a. A sequence number? b. An amount, if funds are to be paid? c. The name of the customer making the request? d. A date? e. A test code authentication, if funds are to be paid? f. Paying instructions? g. Authorizing signatures for certain types and dollar amounts of transfers? 17. Does the flow of work proceed in a one-way direction to provide an adequate internal control environment? 18. Are all rejects and/or exceptions reviewed by someone not involved in the receipt, preparation, or transmittal of funds? 19. Is the individual who performs end of day balancing prohibited from executing wire transfers? 20. If the institution accepts transfer requests after the close of business or transfer requests with a future value date, are they properly controlled and processed? 21. Does the institution maintain adequate records as required by the Currency and Foreign Transactions Reporting Act of 1970 (also known as the Bank Secrecy Act)? B5-6 IT

VII. OPERATIONS TESTING 1. Are test codes used for telephone requests for wire transfer transactions? 2. Are test codes used for transactions verified by someone other than the person who receives the request? 3. Are those codes restricted to authorized personnel? 4. Are those test codes maintained in a secure environment when not in use? 5. Is the testing area physically separated from the remainder of the operation? VIII. OPERATIONS PHYSICAL SECURITY 1. Is access to the wire transfer area restricted to authorized personnel? 2. Are visitors to the wire transfer area required to: a. Be identified? b. Sign in? c. Continuously display identification? d. Be accompanied at all times? 3. Are personnel who are permitted entry to the operating area properly identified and required to continuously display identification? 4. Is written authorization given to those employees who remain in the wire transfer area after normal working hours? a. Do specific guidelines detail who gives such authority? b. Are security guards informed? 5. After a specified number of unsuccessful log-on attempts: a. Is the session terminated? b. Are both an audit trail and a message on the operator s console displayed? 6. Are the terminals controlled by key lock or passwordprotected to prevent unauthorized access? 7. Are terminals in the wire transfer area regulated by: a. Automatic time-out controls? b. Time-of-day controls? IT B5-7

8. Are terminals and other hardware in the wire transfer area shut down after normal working hours? 9. Is terminal operator training conducted in a manner that will not jeopardize the integrity of live data or memo files? 10. Are passwords suppressed when entered in terminals? 11. Are operator passwords frequently changed? (Note how often: ) 12. Do correcting and reversing entries, as well as overrides, require supervisory approval? 13. Is supervisory approval required for terminal access made at other than authorized times? 14. Are passwords restricted to different levels of access, such as data files and transactions that can be initiated? 15. Are employees prohibited from taking keys for sensitive equipment out of the wire transfer area? IX. SUPERVISION OF DIRECTORS AND SENIOR MANAGEMENT 1. Are the directors and senior management kept informed about the nature and magnitude of the risks in the fund transfer activity? 2. Has the board of directors and/or senior management reviewed and approved any limits relating to the risks in the fund transfer activities? a. If so, when were the limits last reviewed? 3. Is senior management and/or the board of directors advised of customers with: a. Large intraday and overnight overdrafts? If so, are other extensions of credit to the same customers combined to show the total credit exposures? b. Large drawings against uncollected funds? 4. Is senior management and/or the board of directors, under established policies and procedures, required to review at predetermined frequencies: a. The volume of transactions, the creditworthiness of customers, and the risks involved in the fund transfer activity? b. Credit and other exposures related to safe and sound banking practices? c. The capabilities of the staff and the adequacy of the equipment relative to current expected volume? B5-8 IT

5. Are there periodic credit reviews of fund transfer customers? 6. Are the reviews adequately documented? 7. Are the reviews conducted by competent credit personnel independent of account and operations officers? 8. Does the institution make payments in anticipation of the receipt of covering funds? If so, are such payments approved by officers with appropriate credit authority? 9. Are intraday exposures limited to amounts expected to be received the same day? 10. Have customer limits been established for Fedwire and CHIPS exposure which include consideration of intraday and overnight overdrafts? 11. Are groups of affiliated customers included in such limits? 12. Do the limits appear to be reasonable in view of the institution s capital position and the creditworthiness of the respective customers? 13. How often are the limits reviewed and updated? 14. Are the customer limits reviewed by senior management? (Note how frequently: ) 15. Are intraday overdraft limits established in consideration of other types of credit facilities for the same customer? 16. Are payments in excess of established limits approved on the basis of information indicating that covering funds are in transit to the financial institution? If so, who is authorized to make such approvals? 17. Are payments against uncollected funds and intraday overdrafts in excess of established limits referred to a person with appropriate credit authority for approval before releasing payments? 18. If payments exceed the established limits, are steps taken promptly to obtain covering funds? X. ACCOUNTING, RECORDS, AND CONTROLS 1. Does the institution receive cables or other advice from its customers indicating amounts to be paid and received and the source of covering funds? 2. If the detail of receipts is not received, is the institution advised by its customers of the total amount to be received for the day? IT B5-9

3. Is this information maintained and followed for exceptions? 4. Is an intraday posting record kept for each customer showing opening collected and uncollected balances, transfers in, transfers out, and the collected balance at the time payments are released? 5. Are significant CHIPS or Fedwire payments and receipts by other departments of the institution on behalf of a customer communicated to a monitoring unit promptly during the day to provide adequate information on each customer s overall exposure? 6. Does the demand deposit accounting system give an accurate collected funds position? 7. Are adequate controls in place to prevent daylight overdrafts? 8. Have limits been established within which a designated person may authorize release of payments after reviewing the activity of the customer? a. Is a record of approvals of such releases maintained by the institution? 9. When an overnight overdraft occurs, is a determination made as to whether a fail caused the overdraft? a. If so, is this properly documented? b. Is adequate follow-up made to obtain the covering funds in a timely manner? 10. Does the institution have a record of payments it failed to make promptly? 11. Is the record reviewed to evaluate the efficiency of the department? 12. Is corrective action initiated when appropriate? 13. Are investigations and follow-ups for failed payments conducted by personnel independent of the operating unit? 14. Do credit advices sent to customers clearly indicate that credits to their accounts received through CHIPS are conditional upon final settlement at the end of the day? 15. For the settling institutions on CHIPS, are the net debit positions of the non-settling participants relayed to appropriate personnel as soon as they become known? 16. Is an individual responsible for verifying that respondents net debit positions are covered the same day? 17. Are the follow-up procedures adequate to facilitate the receipt of funds? B5-10 IT

18. Is senior management required to make decisions to refuse to cover a net debit settlement position of a respondent? 19. Has the institution devised and maintained an adequate system of internal accounting controls as required by the Foreign Corrupt Practices Act of 1977? IT B5-11

B5-12 IT

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information