Division of Depositor and Consumer Protection Banker Teleconference Series Third-Party Compliance...
Transcript of Division of Depositor and Consumer Protection Banker Teleconference Series Third-Party Compliance...
Division of Depositor and Consumer ProtectionBanker Teleconference Series
Third-Party Compliance Risk ManagementTuesday, June 5, 2012
FEDERAL DEPOSIT INSURANCE CORPORATION2 FEDERAL DEPOSIT INSURANCE CORPORATION
Presenters
Luke Brown, Associate Director
DCP Supervisory Policy
Victoria Pawelski, Senior Policy Analyst
DCP Supervisory Policy
John Bowman, Senior Review Examiner
DCP Office of CRA and Compliance Examinations
Julie Tupper, Senior Compliance Examiner
DCP Dallas Regional Office
FEDERAL DEPOSIT INSURANCE CORPORATION3 FEDERAL DEPOSIT INSURANCE CORPORATION
Agenda
Introduction 2008 FDIC Guidance on Managing Third-
Party Risk (FIL-44-2008) Third-Party Relationships: Compliance Risk
Management Examples 2012 FDIC Revised Guidance on Payment
Processor Relationships (FIL-3-2012) Questions and Answers
FEDERAL DEPOSIT INSURANCE CORPORATION4 FEDERAL DEPOSIT INSURANCE CORPORATION
2008 FDIC Guidance on Managing Third-Party Risk
FEDERAL DEPOSIT INSURANCE CORPORATION5 FEDERAL DEPOSIT INSURANCE CORPORATION
Definition of Third-Party Relationship
Entity with which financial institution has entered into a business relationship Facilitate customer access to bank services or
products Perform functions on the bank’s behalf
Bank or non-bank, affiliated or non-affiliated, regulated or non-regulated, domestic or foreign
FEDERAL DEPOSIT INSURANCE CORPORATION6 FEDERAL DEPOSIT INSURANCE CORPORATION
Benefits/Risks
Benefits
Strategic Objectives
Revenue Expertise Efficiencies Resources Access
Risks
Legal Regulatory Financial Loss Reputation Loss of Customers
FEDERAL DEPOSIT INSURANCE CORPORATION7 FEDERAL DEPOSIT INSURANCE CORPORATION
Financial Institution Responsibility
Board and management oversight tailored depending on the relationship
The institution, and its Board and management, are responsible for managing activities conducted through third parties as if the activity were conducted directly by the institution Indemnity agreement not enough
FEDERAL DEPOSIT INSURANCE CORPORATION8 FEDERAL DEPOSIT INSURANCE CORPORATION
Types of Risk
Strategic Risk Reputation Risk Operational Risk Transaction Risk Credit Risk
Liquidity Risk Compliance Risk Legal Risk Other Risks
FEDERAL DEPOSIT INSURANCE CORPORATION9 FEDERAL DEPOSIT INSURANCE CORPORATION
Risk Management Process
Is this a significant third-party relationship? Process tailored depending on the risks
identified, nature & significance of the relationship, scope & magnitude of the activity
Effective risk management process
FEDERAL DEPOSIT INSURANCE CORPORATION10 FEDERAL DEPOSIT INSURANCE CORPORATION
Risk Management Framework
Four Key ElementsRisk AssessmentDue DiligenceContract Structuring and ReviewOversight
FEDERAL DEPOSIT INSURANCE CORPORATION11 FEDERAL DEPOSIT INSURANCE CORPORATION
Third-Party Relationships: Compliance Risk
Management Examples
FEDERAL DEPOSIT INSURANCE CORPORATION12 FEDERAL DEPOSIT INSURANCE CORPORATION
Compliance Risk Management Examples
Rent-A-BIN Debt Collection Prepaid Cards RESPA Section 8 Identity Theft Protection Programs Privacy
FEDERAL DEPOSIT INSURANCE CORPORATION13 FEDERAL DEPOSIT INSURANCE CORPORATION
2012 FDIC Revised Guidance on Payment Processor
Relationships
FEDERAL DEPOSIT INSURANCE CORPORATION14 FEDERAL DEPOSIT INSURANCE CORPORATION
FDIC Financial Institution Letter FIL-3-2012
January 31, 2012 FDIC releases Revised Guidance on
Payment Processor Relationships Replaces & updates 2008 Guidance on
Payment Processor Relationships (FIL-127-2008)
FEDERAL DEPOSIT INSURANCE CORPORATION15 FEDERAL DEPOSIT INSURANCE CORPORATION
Definition of Third-Party Payment Processor
What is a Third-Party Payment Processor or “Processor”? Depositor that uses its
banking relationship to process payments for its merchant clients
Benefits: Fee income Large deposit balances Capital injections
Concerns: Merchant clients several
entities removed Nested or aggregator
relationships Merchant client activities
FEDERAL DEPOSIT INSURANCE CORPORATION16 FEDERAL DEPOSIT INSURANCE CORPORATION
Main Risks of Processors
Credit Risks Charge-backs from unauthorized transactions Regulation CC warranty
Compliance Risks Reputational Risks
Financial institution tied to merchant clients Legal Risk
Class action lawsuits
FEDERAL DEPOSIT INSURANCE CORPORATION17 FEDERAL DEPOSIT INSURANCE CORPORATION
Processor Red Flags
Targeting problem financial institutions in need of capital/earnings
Smaller financial institutions with limited resources for proper monitoring
Processors with relationships at multiple financial institutions at the same time
Consumer complaints High Unauthorized Return Rates (URRs)
or returns/charge-backs
FEDERAL DEPOSIT INSURANCE CORPORATION18 FEDERAL DEPOSIT INSURANCE CORPORATION
Financial Institution Protections
Due diligence (initially & ongoing) – Know Your Customer
Policies & procedures for monitoring (URRs/Returns, complaints, etc.)
Be aware of potential Compliance Risks
FEDERAL DEPOSIT INSURANCE CORPORATION19 FEDERAL DEPOSIT INSURANCE CORPORATION
Types of Payments
Types of Payments Remotely Created Checks (RCCs) Automated Clearinghouse Items (ACHs) Network-related payments
FEDERAL DEPOSIT INSURANCE CORPORATION20 FEDERAL DEPOSIT INSURANCE CORPORATION
Remotely Created Checks
What are RCCs? Regular paper check that the Merchant
creates No consumer signature Consumer provides account number & bank
routing number, and merchant prints check Merchant submits for regular check
processing
FEDERAL DEPOSIT INSURANCE CORPORATION21 FEDERAL DEPOSIT INSURANCE CORPORATION
Risks of RCCs
Merchant client can continue to draft checks Depository financial institution responsible to
paying financial institution under Regulation CC Section 229.34(d)
Consumer complaints regarding unauthorized withdrawals from account
High volume – difficult to monitor High URRs and returns/charge-backs Unregulated environment
FEDERAL DEPOSIT INSURANCE CORPORATION22 FEDERAL DEPOSIT INSURANCE CORPORATION
ACH Use & Risks
How do processors use ACHs & what are the risks? Merchant uses account number to initiate an
electronic debit Visa/MasterCard & NACHA rules Unauthorized debits & charge-backs
FEDERAL DEPOSIT INSURANCE CORPORATION23 FEDERAL DEPOSIT INSURANCE CORPORATION
Themes and Trends
No Board-approved policies/procedures Growth beyond financial institution’s
resources/abilities Increase in fee income short-lived due
to charge-backs Underestimate potential reputation risks
FEDERAL DEPOSIT INSURANCE CORPORATION24 FEDERAL DEPOSIT INSURANCE CORPORATION
Questions and Answers
FEDERAL DEPOSIT INSURANCE CORPORATION25 FEDERAL DEPOSIT INSURANCE CORPORATION
Thank YouThe information contained in this presentation is for informational purposes only and is provided as a public service and in an effort to enhance understanding of the statutes and regulations administered by the FDIC. It expresses the views and opinions of FDIC staff and is not binding on the FDIC, its Board of Directors, or any Board member, and any representation to the contrary is expressly disclaimed.