Enforcement via Policies and Procedures
Processes and Procedures These are boring, tedious, time consuming…… BUT THEY ARE ESSENTIAL They must be written and updated regularly Every member of staff must Be trained in their use Read them as part of their job Keep up to date on changes
What are They Operational procedures are documents that describe the way in which the Issuer or Acquirer operates throughout their operation. They cover every aspect of the process of cards and every interface inwards and outwards. To card schemes, bank systems, partner systems, central banks etc:
Why do you need them They are needed to ensure that the card processes always operate in the same way, regardless of when, were or what the situation is. They become base documents for: Training new staff Upgrading existing systems Introducing new systems
What Areas are Covered They cover every single area of the Issuer or Acquirer process within the bank and outside it.
Security and Access Who can access, see and update data and what they can do with it Directors Managers Supervisors Operators
Risk Processes KYC (Know Your Customer) Profiling for Risk exposure of: Applications Authorisations and Limits Collections Fraud New Products
Authorisations Who can authorise what How far can a limit be exceeded Criteria around breaking limits Reporting processes
Account Management Application Processing Account Maintenance Account Opening Account Closure Detail Changes Statement Production
Settlement Settlement processes: Internally Externally to Card Schemes Partners Customers
Disputes Stages involved in a dispute process: Copy of the voucher, till roll, signature or any other acceptable proof Chargeback Representment Arbitration
Collections Process to be followed on non-payment 30 days, 60 days, 90 days, and so on Collections Agencies Litigation Dunning Letters Write Offs
Fraud Process to be followed: Identification of where the faulty lies Chargeback if appropriate Notification of authorities Reporting to card schemes / central banks Write Offs
Customer Service Who can you talk to What can you say How do you follow up What are the limits of your job
Security Key Management System Security Access Passwords
Audit What data to be recorded on each transaction: Date Time Operator / workstation ID Details of changes Before image After image
Compliance Compliance with: Central Banking Regulations National Regulations Anti-Money Laundering Rules OFAC Card Scheme mandates and regulations Any other specific compliance issue e.g. move to EMV, use of fraud checking etc:
Contract Must Haves Contracts with Who Schemes Partners Suppliers Customers
Contract Must Haves Contracts are as boring as anything can be: But Make sure that the legal eagles have actually written in what you want It actually does do what you need to do Never be afraid to question anything If its not right nor will your business be right Goldfish
Scheme Business Interfaces Compliance with scheme rules Submission of waivers Settlement and reconciliation Disputes and Chargebacks Rules agreement Product launches Brand enhancement
Scheme Technical Interfaces Online authorisations Offline Clearing and Settlement Certifications Online Offline Chip card certification New Product Launch
Licences and Approvals Scheme Certifications Banking Licences EMoney Licences FSA Approvals Central Bank Agreements