1 / 25

Division of Depositor and Consumer Protection Banker Teleconference Series

Division of Depositor and Consumer Protection Banker Teleconference Series. Third-Party Compliance Risk Management Tuesday, June 5, 2012. Presenters. Luke Brown, Associate Director DCP Supervisory Policy Victoria Pawelski, Senior Policy Analyst DCP Supervisory Policy

fionan
Download Presentation

Division of Depositor and Consumer Protection Banker Teleconference Series

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Division of Depositor and Consumer Protection Banker Teleconference Series Third-Party Compliance Risk Management Tuesday, June 5, 2012

  2. Presenters • Luke Brown, Associate Director DCP Supervisory Policy • Victoria Pawelski, Senior Policy Analyst DCP Supervisory Policy • John Bowman, Senior Review Examiner DCP Office of CRA and Compliance Examinations • Julie Tupper, Senior Compliance Examiner DCP Dallas Regional Office

  3. Agenda • Introduction • 2008 FDIC Guidance on Managing Third-Party Risk (FIL-44-2008) • Third-Party Relationships: Compliance Risk Management Examples • 2012 FDIC Revised Guidance on Payment Processor Relationships (FIL-3-2012) • Questions and Answers

  4. 2008 FDIC Guidance on Managing Third-Party Risk

  5. Definition of Third-Party Relationship • Entity with which financial institution has entered into a business relationship • Facilitate customer access to bank services or products • Perform functions on the bank’s behalf • Bank or non-bank, affiliated or non-affiliated, regulated or non-regulated, domestic or foreign

  6. Benefits Strategic Objectives Revenue Expertise Efficiencies Resources Access Risks Legal Regulatory Financial Loss Reputation Loss of Customers Benefits/Risks

  7. Financial Institution Responsibility • Board and management oversight tailored depending on the relationship • The institution, and its Board and management, are responsible for managing activities conducted through third parties as if the activity were conducted directly by the institution • Indemnity agreement not enough

  8. Strategic Risk Reputation Risk Operational Risk Transaction Risk Credit Risk Liquidity Risk Compliance Risk Legal Risk Other Risks Types of Risk

  9. Risk Management Process • Is this a significant third-party relationship? • Process tailored depending on the risks identified, nature & significance of the relationship, scope & magnitude of the activity • Effective risk management process

  10. Risk Management Framework • Four Key Elements • Risk Assessment • Due Diligence • Contract Structuring and Review • Oversight

  11. Third-Party Relationships: Compliance Risk Management Examples

  12. Compliance Risk Management Examples • Rent-A-BIN • Debt Collection • Prepaid Cards • RESPA Section 8 • Identity Theft Protection Programs • Privacy

  13. 2012 FDIC Revised Guidance on Payment Processor Relationships

  14. FDIC Financial Institution Letter FIL-3-2012 • January 31, 2012 • FDIC releases Revised Guidance on Payment Processor Relationships • Replaces & updates 2008 Guidance on Payment Processor Relationships (FIL-127-2008)

  15. What is a Third-Party Payment Processor or “Processor”? Depositor that uses its banking relationship to process payments for its merchant clients Benefits: Fee income Large deposit balances Capital injections Concerns: Merchant clients several entities removed Nested or aggregator relationships Merchant client activities Definition of Third-Party Payment Processor

  16. Main Risks of Processors • Credit Risks • Charge-backs from unauthorized transactions • Regulation CC warranty • Compliance Risks • Reputational Risks • Financial institution tied to merchant clients • Legal Risk • Class action lawsuits

  17. Processor Red Flags • Targeting problem financial institutions in need of capital/earnings • Smaller financial institutions with limited resources for proper monitoring • Processors with relationships at multiple financial institutions at the same time • Consumer complaints • High Unauthorized Return Rates (URRs) or returns/charge-backs

  18. Financial Institution Protections • Due diligence (initially & ongoing) – Know Your Customer • Policies & procedures for monitoring (URRs/Returns, complaints, etc.) • Be aware of potential Compliance Risks

  19. Types of Payments • Types of Payments • Remotely Created Checks (RCCs) • Automated Clearinghouse Items (ACHs) • Network-related payments

  20. Remotely Created Checks • What are RCCs? • Regular paper check that the Merchant creates • No consumer signature • Consumer provides account number & bank routing number, and merchant prints check • Merchant submits for regular check processing

  21. Risks of RCCs • Merchant client can continue to draft checks • Depository financial institution responsible to paying financial institution under Regulation CC Section 229.34(d) • Consumer complaints regarding unauthorized withdrawals from account • High volume – difficult to monitor • High URRs and returns/charge-backs • Unregulated environment

  22. ACH Use & Risks • How do processors use ACHs & what are the risks? • Merchant uses account number to initiate an electronic debit • Visa/MasterCard & NACHA rules • Unauthorized debits & charge-backs

  23. Themes and Trends • No Board-approved policies/procedures • Growth beyond financial institution’s resources/abilities • Increase in fee income short-lived due to charge-backs • Underestimate potential reputation risks

  24. Questions and Answers

  25. Thank You The information contained in this presentation is for informational purposes only and is provided as a public service and in an effort to enhance understanding of the statutes and regulations administered by the FDIC. It expresses the views and opinions of FDIC staff and is not binding on the FDIC, its Board of Directors, or any Board member, and any representation to the contrary is expressly disclaimed.

More Related