Presentation is loading. Please wait.

Presentation is loading. Please wait.

Division of Depositor and Consumer Protection Banker Teleconference Series Third-Party Compliance Risk Management Tuesday, June 5, 2012.

Published byToby Ford Modified over 9 years ago

Similar presentations

Presentation on theme: "Division of Depositor and Consumer Protection Banker Teleconference Series Third-Party Compliance Risk Management Tuesday, June 5, 2012."— Presentation transcript:

1 Division of Depositor and Consumer Protection Banker Teleconference Series Third-Party Compliance Risk Management Tuesday, June 5, 2012

2 FEDERAL DEPOSIT INSURANCE CORPORATION 2 Presenters  Luke Brown, Associate Director DCP Supervisory Policy  Victoria Pawelski, Senior Policy Analyst DCP Supervisory Policy  John Bowman, Senior Review Examiner DCP Office of CRA and Compliance Examinations  Julie Tupper, Senior Compliance Examiner DCP Dallas Regional Office

3 FEDERAL DEPOSIT INSURANCE CORPORATION 3 Agenda  Introduction  2008 FDIC Guidance on Managing Third- Party Risk (FIL-44-2008)  Third-Party Relationships: Compliance Risk Management Examples  2012 FDIC Revised Guidance on Payment Processor Relationships (FIL-3-2012)  Questions and Answers

4 FEDERAL DEPOSIT INSURANCE CORPORATION 4 2008 FDIC Guidance on Managing Third-Party Risk

5 FEDERAL DEPOSIT INSURANCE CORPORATION 5 Definition of Third-Party Relationship  Entity with which financial institution has entered into a business relationship  Facilitate customer access to bank services or products  Perform functions on the bank’s behalf  Bank or non-bank, affiliated or non- affiliated, regulated or non-regulated, domestic or foreign

6 FEDERAL DEPOSIT INSURANCE CORPORATION 6 Benefits/Risks Benefits  Strategic Objectives  Revenue  Expertise  Efficiencies  Resources  Access Risks  Legal  Regulatory  Financial Loss  Reputation  Loss of Customers

7 FEDERAL DEPOSIT INSURANCE CORPORATION 7 Financial Institution Responsibility  Board and management oversight tailored depending on the relationship  The institution, and its Board and management, are responsible for managing activities conducted through third parties as if the activity were conducted directly by the institution  Indemnity agreement not enough

8 FEDERAL DEPOSIT INSURANCE CORPORATION 8 Types of Risk  Strategic Risk  Reputation Risk  Operational Risk  Transaction Risk  Credit Risk  Liquidity Risk  Compliance Risk  Legal Risk  Other Risks

9 FEDERAL DEPOSIT INSURANCE CORPORATION 9 Risk Management Process  Is this a significant third-party relationship?  Process tailored depending on the risks identified, nature & significance of the relationship, scope & magnitude of the activity  Effective risk management process

10 FEDERAL DEPOSIT INSURANCE CORPORATION 10 Risk Management Framework  Four Key Elements  Risk Assessment  Due Diligence  Contract Structuring and Review  Oversight

11 FEDERAL DEPOSIT INSURANCE CORPORATION 11 Third-Party Relationships: Compliance Risk Management Examples

12 FEDERAL DEPOSIT INSURANCE CORPORATION 12 Compliance Risk Management Examples  Rent-A-BIN  Debt Collection  Prepaid Cards  RESPA Section 8  Identity Theft Protection Programs  Privacy

13 FEDERAL DEPOSIT INSURANCE CORPORATION 13 2012 FDIC Revised Guidance on Payment Processor Relationships

14 FEDERAL DEPOSIT INSURANCE CORPORATION 14 FDIC Financial Institution Letter FIL-3-2012  January 31, 2012  FDIC releases Revised Guidance on Payment Processor Relationships  Replaces & updates 2008 Guidance on Payment Processor Relationships (FIL- 127-2008)

15 FEDERAL DEPOSIT INSURANCE CORPORATION 15 Definition of Third-Party Payment Processor  What is a Third-Party Payment Processor or “Processor”?  Depositor that uses its banking relationship to process payments for its merchant clients  Benefits:  Fee income  Large deposit balances  Capital injections  Concerns:  Merchant clients several entities removed  Nested or aggregator relationships  Merchant client activities

16 FEDERAL DEPOSIT INSURANCE CORPORATION 16 Main Risks of Processors  Credit Risks  Charge-backs from unauthorized transactions  Regulation CC warranty  Compliance Risks  Reputational Risks  Financial institution tied to merchant clients  Legal Risk  Class action lawsuits

17 FEDERAL DEPOSIT INSURANCE CORPORATION 17 Processor Red Flags  Targeting problem financial institutions in need of capital/earnings  Smaller financial institutions with limited resources for proper monitoring  Processors with relationships at multiple financial institutions at the same time  Consumer complaints  High Unauthorized Return Rates (URRs) or returns/charge-backs

18 FEDERAL DEPOSIT INSURANCE CORPORATION 18 Financial Institution Protections  Due diligence (initially & ongoing) – Know Your Customer  Policies & procedures for monitoring (URRs/Returns, complaints, etc.)  Be aware of potential Compliance Risks

19 FEDERAL DEPOSIT INSURANCE CORPORATION 19 Types of Payments  Types of Payments  Remotely Created Checks (RCCs)  Automated Clearinghouse Items (ACHs)  Network-related payments

20 FEDERAL DEPOSIT INSURANCE CORPORATION 20 Remotely Created Checks  What are RCCs?  Regular paper check that the Merchant creates  No consumer signature  Consumer provides account number & bank routing number, and merchant prints check  Merchant submits for regular check processing

21 FEDERAL DEPOSIT INSURANCE CORPORATION 21 Risks of RCCs  Merchant client can continue to draft checks  Depository financial institution responsible to paying financial institution under Regulation CC Section 229.34(d)  Consumer complaints regarding unauthorized withdrawals from account  High volume – difficult to monitor  High URRs and returns/charge-backs  Unregulated environment

22 FEDERAL DEPOSIT INSURANCE CORPORATION 22 ACH Use & Risks  How do processors use ACHs & what are the risks?  Merchant uses account number to initiate an electronic debit  Visa/MasterCard & NACHA rules  Unauthorized debits & charge-backs

23 FEDERAL DEPOSIT INSURANCE CORPORATION 23 Themes and Trends  No Board-approved policies/procedures  Growth beyond financial institution’s resources/abilities  Increase in fee income short-lived due to charge-backs  Underestimate potential reputation risks

24 FEDERAL DEPOSIT INSURANCE CORPORATION 24 Questions and Answers

25 FEDERAL DEPOSIT INSURANCE CORPORATION 25 Thank You The information contained in this presentation is for informational purposes only and is provided as a public service and in an effort to enhance understanding of the statutes and regulations administered by the FDIC. It expresses the views and opinions of FDIC staff and is not binding on the FDIC, its Board of Directors, or any Board member, and any representation to the contrary is expressly disclaimed.

Download ppt "Division of Depositor and Consumer Protection Banker Teleconference Series Third-Party Compliance Risk Management Tuesday, June 5, 2012."

Similar presentations

HIGH-RISK: FOREIGN CORRESPONDENT BANKING

HIGH-RISK: FOREIGN CORRESPONDENT BANKING
Depository Institutions

Depository Institutions
Depository Institutions

Depository Institutions
The Fair Trading Act and Credit 2011 Service Alberta.

The Fair Trading Act and Credit 2011 Service Alberta.
Www.rbi.org.in RESERVE BANK OF INDIA. Developments in Payment and Settlement Systems Introduction of MICR Introduction of MICR Electronic Funds Transfer.

RESERVE BANK OF INDIA. Developments in Payment and Settlement Systems Introduction of MICR Introduction of MICR Electronic Funds Transfer.
Identifying and Mitigating UDAP Risk Chicago Region Regulatory Compliance Call December 17, 2014.

Identifying and Mitigating UDAP Risk Chicago Region Regulatory Compliance Call December 17, 2014.
Since 2011 credit unions have been increasingly engaging in private student lending: Private student loan funding has grown 33%, from $1.5 Billion to.

Since 2011 credit unions have been increasingly engaging in private student lending: Private student loan funding has grown 33%, from $1.5 Billion to.
Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.

Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.
1 Credit card operation and the recent CardSystems incident HONG KONG MONETARY AUTHORITY 4 July 2005.

1 Credit card operation and the recent CardSystems incident HONG KONG MONETARY AUTHORITY 4 July 2005.
Check 21 and Image Exchange

Check 21 and Image Exchange
Depository Institutions Take Charge of Your Finances.

Depository Institutions Take Charge of Your Finances.
OLA {DRAFT} BEST PRACTICES Revised 6/25/2013. Payments Landscape Update Ever increasing scrutiny and pressure from every agency OCC (J LaRoche, May, 2013)

OLA {DRAFT} BEST PRACTICES Revised 6/25/2013. Payments Landscape Update Ever increasing scrutiny and pressure from every agency OCC (J LaRoche, May, 2013)
Four tips to keep ACH fraud in the past. 2 ACH Fraud Prevention Steps Businesses Can Take to Minimize Fraud Risk 1 1 b b c c d d e e f f g g a a Monitor.

Four tips to keep ACH fraud in the past. 2 ACH Fraud Prevention Steps Businesses Can Take to Minimize Fraud Risk 1 1 b b c c d d e e f f g g a a Monitor.
1 Supplement to the Guideline on Prevention of Money Laundering Hong Kong Monetary Authority 8 June 2004.

1 Supplement to the Guideline on Prevention of Money Laundering Hong Kong Monetary Authority 8 June 2004.
$$$$$$$ Know your Money! Financial Institutions and Services.

$$$$$$$ Know your Money! Financial Institutions and Services.
E B a n k i n g Information Security Guidelines ABA’s Technology Risk Management – A Strategic Approach Telephone/Webcast Briefing June 17, 2002.

E B a n k i n g Information Security Guidelines ABA’s Technology Risk Management – A Strategic Approach Telephone/Webcast Briefing June 17, 2002.
Agenda Overview Updates to the Manual Sections Not Updated

Agenda Overview Updates to the Manual Sections Not Updated
Guidance for Managing Third-Party Risk Chicago Region Regulatory Conference Call December 8, 2010.

Guidance for Managing Third-Party Risk Chicago Region Regulatory Conference Call December 8, 2010.
Banking and Financial Services

Banking and Financial Services
February 10, 2012 Michelle Hemerley Director, Compliance Consulting

February 10, 2012 Michelle Hemerley Director, Compliance Consulting

Similar presentations

Ads by Google