Division of Depositor and Consumer Protection Banker Teleconference Series Third-Party Compliance Risk Management Tuesday, June 5, 2012
FEDERAL DEPOSIT INSURANCE CORPORATION 2 Presenters Luke Brown, Associate Director DCP Supervisory Policy Victoria Pawelski, Senior Policy Analyst DCP Supervisory Policy John Bowman, Senior Review Examiner DCP Office of CRA and Compliance Examinations Julie Tupper, Senior Compliance Examiner DCP Dallas Regional Office
FEDERAL DEPOSIT INSURANCE CORPORATION 3 Agenda Introduction 2008 FDIC Guidance on Managing Third- Party Risk (FIL ) Third-Party Relationships: Compliance Risk Management Examples 2012 FDIC Revised Guidance on Payment Processor Relationships (FIL ) Questions and Answers
FEDERAL DEPOSIT INSURANCE CORPORATION FDIC Guidance on Managing Third-Party Risk
FEDERAL DEPOSIT INSURANCE CORPORATION 5 Definition of Third-Party Relationship Entity with which financial institution has entered into a business relationship Facilitate customer access to bank services or products Perform functions on the bank’s behalf Bank or non-bank, affiliated or non- affiliated, regulated or non-regulated, domestic or foreign
FEDERAL DEPOSIT INSURANCE CORPORATION 6 Benefits/Risks Benefits Strategic Objectives Revenue Expertise Efficiencies Resources Access Risks Legal Regulatory Financial Loss Reputation Loss of Customers
FEDERAL DEPOSIT INSURANCE CORPORATION 7 Financial Institution Responsibility Board and management oversight tailored depending on the relationship The institution, and its Board and management, are responsible for managing activities conducted through third parties as if the activity were conducted directly by the institution Indemnity agreement not enough
FEDERAL DEPOSIT INSURANCE CORPORATION 8 Types of Risk Strategic Risk Reputation Risk Operational Risk Transaction Risk Credit Risk Liquidity Risk Compliance Risk Legal Risk Other Risks
FEDERAL DEPOSIT INSURANCE CORPORATION 9 Risk Management Process Is this a significant third-party relationship? Process tailored depending on the risks identified, nature & significance of the relationship, scope & magnitude of the activity Effective risk management process
FEDERAL DEPOSIT INSURANCE CORPORATION 10 Risk Management Framework Four Key Elements Risk Assessment Due Diligence Contract Structuring and Review Oversight
FEDERAL DEPOSIT INSURANCE CORPORATION 11 Third-Party Relationships: Compliance Risk Management Examples
FEDERAL DEPOSIT INSURANCE CORPORATION 12 Compliance Risk Management Examples Rent-A-BIN Debt Collection Prepaid Cards RESPA Section 8 Identity Theft Protection Programs Privacy
FEDERAL DEPOSIT INSURANCE CORPORATION FDIC Revised Guidance on Payment Processor Relationships
FEDERAL DEPOSIT INSURANCE CORPORATION 14 FDIC Financial Institution Letter FIL January 31, 2012 FDIC releases Revised Guidance on Payment Processor Relationships Replaces & updates 2008 Guidance on Payment Processor Relationships (FIL )
FEDERAL DEPOSIT INSURANCE CORPORATION 15 Definition of Third-Party Payment Processor What is a Third-Party Payment Processor or “Processor”? Depositor that uses its banking relationship to process payments for its merchant clients Benefits: Fee income Large deposit balances Capital injections Concerns: Merchant clients several entities removed Nested or aggregator relationships Merchant client activities
FEDERAL DEPOSIT INSURANCE CORPORATION 16 Main Risks of Processors Credit Risks Charge-backs from unauthorized transactions Regulation CC warranty Compliance Risks Reputational Risks Financial institution tied to merchant clients Legal Risk Class action lawsuits
FEDERAL DEPOSIT INSURANCE CORPORATION 17 Processor Red Flags Targeting problem financial institutions in need of capital/earnings Smaller financial institutions with limited resources for proper monitoring Processors with relationships at multiple financial institutions at the same time Consumer complaints High Unauthorized Return Rates (URRs) or returns/charge-backs
FEDERAL DEPOSIT INSURANCE CORPORATION 18 Financial Institution Protections Due diligence (initially & ongoing) – Know Your Customer Policies & procedures for monitoring (URRs/Returns, complaints, etc.) Be aware of potential Compliance Risks
FEDERAL DEPOSIT INSURANCE CORPORATION 19 Types of Payments Types of Payments Remotely Created Checks (RCCs) Automated Clearinghouse Items (ACHs) Network-related payments
FEDERAL DEPOSIT INSURANCE CORPORATION 20 Remotely Created Checks What are RCCs? Regular paper check that the Merchant creates No consumer signature Consumer provides account number & bank routing number, and merchant prints check Merchant submits for regular check processing
FEDERAL DEPOSIT INSURANCE CORPORATION 21 Risks of RCCs Merchant client can continue to draft checks Depository financial institution responsible to paying financial institution under Regulation CC Section (d) Consumer complaints regarding unauthorized withdrawals from account High volume – difficult to monitor High URRs and returns/charge-backs Unregulated environment
FEDERAL DEPOSIT INSURANCE CORPORATION 22 ACH Use & Risks How do processors use ACHs & what are the risks? Merchant uses account number to initiate an electronic debit Visa/MasterCard & NACHA rules Unauthorized debits & charge-backs
FEDERAL DEPOSIT INSURANCE CORPORATION 23 Themes and Trends No Board-approved policies/procedures Growth beyond financial institution’s resources/abilities Increase in fee income short-lived due to charge-backs Underestimate potential reputation risks
FEDERAL DEPOSIT INSURANCE CORPORATION 24 Questions and Answers
FEDERAL DEPOSIT INSURANCE CORPORATION 25 Thank You The information contained in this presentation is for informational purposes only and is provided as a public service and in an effort to enhance understanding of the statutes and regulations administered by the FDIC. It expresses the views and opinions of FDIC staff and is not binding on the FDIC, its Board of Directors, or any Board member, and any representation to the contrary is expressly disclaimed.