ARPR Additional Neach Flashcards
Is a TPS always a TPSP
Yes
Embedded computer chip with financial and personal information for payment transactions
Contactless Cards
Implemented by the clearing house
RTP
global open body formed to develop, enhance, disseminate and assist with understand of security standards for payment account data security
PCI SSC
Path the check follows
Check Clearing
Check Collection
Settlement
Card Holder, Card Issuer, Merchant, Acquirer, Card Network
Card Payment Participants
Issue a debit card regardless of where demand deposit is held
Flow on ACH Rail- Decoupled Card
Credit push- Real Time Gross Settlement
Fedwire Funds Services
Debit Pull-electronic book entry securities also real time
Fedwire Securities Service
Non-profit with a special committee focus on standard for Bankcards and financial communications
ANSI American National Standards Institute
Sender, Sending Participant, TCH, Receiving Participant, Receiver
RTP
Sender, Participant, Service, Receiver
Fed Now Service
National securities clearing corporation is regulated by the
Securities and Exchange Commission (SEC)
Ach clears though these two networks
FRB and EPN
Increases controls for cardholder data
PCI DSS Data Security Standard
Build and maintain secure network
protect cardholder data
maintain vulnerability management program
PCI SSC 1-6
Implement strong access control measures
regularly monitor and test network
maintain information security policy
PCI SSC 7-12
System of Internal Controls, Monitoring and reporting
Independent auditing and testing
Designation of a compliance officer
ongoing training
CDD program
5 Pillars of BSA
created CFPB and Established UDAAP
Dodd Frank
If ACH is held we can hold for 1 day and have to notify
ODFI
2021 Federal Open Market Committee FOMC
Reserve Framework reduced to Zero -New Reg D
Subpart A checks clear
Subpart B Wires
Subpart C FedNow
Reg J
Reg II is also the
Durbin Amendment
national bank circular that covers payments, payments systems, and risk and risk management practices
OCC 2021-49
“Bank management is responsible for establishing effective risk management systems and controls and regularly reporting to the board on the results of the ACH program”
OCC 2006-39 Bulletin states for ACH activities
Mitigation
business resiliency
business continuity
information security
operational controls
ACH Operational Risk Mitigation
Failure in the transaction process can result in risk to FI’s
Earnings and Capital
system will allow items to be transmitted and settled either through the check collection system or as an ACH transaction
RDC Least cost routing
OCC states bank should ensure comprehensive risk management and oversight of third-party relationships involving what activities
Critical (payments, settlement and information technology)
Technique that uses historical results to predict future outcomes
trend analysis
Before implementing RDC, FI must evaluate what type of risk
Reputational
Operational
Legal
What indicates risk for individual credit exposure
Risk Rating
Right to audit, monitor and inspect a participant
participants conduct a self-audit
establish controls on the gross value RTP payments may originate daily
Risk Controls Established By TCH
Name
DOB
Address
Identification #
Four Pieces of CIP
Appy to all entities that store process and transmit cardholder data
PCI Standards
enacted to have ACH operators to compete with FR
Monetary Control act of 1980
ERM PROCESSES WILL PROVIDE MANAGEMENT WITH A BETTER UNDERSTANDING OF HOW RISK WILL IMPACT THE CHOICE OF____
STRATEGY
What influences and aligns strategy and performance throughout all departments and functions
Risk
methods include
risk sharing
risk avoidance
risk analysis
Risk Management
What relationship that involves payments, settlement, and information technology warrant a comprehensive and rigorous oversight and management
Third party relationships
applies to and organizations
applies to a department or a category. It encompasses all internal risk profiles, and may vary significantly based on many factors
Risk Profile
identifies, measures and prioritizes risk areas
Risk Assessment
preventative and detective control
encryption
FDIC
OCC
CFPB
Federal Governing Body
Added a broad set of rules for credit card issuers that limit the assessment of certain types of fees and the interest that may be charged
Credit Card Accountability Responsibility and Disclosure Act of 2009
payment order transmitted directly to or from a reserve bank by electronic data transmission excluding transmission via phone
Online Payment order
FI should have these to ensure retail payment operations are conducted appropriately
Comprehensive contract provisions and Adequate due diligence processes
How often is unnecessary data to be purged for PCI DSS
Quarterly
Credit Score, daily per transaction limits and new account vs existing accounts are a part of the selection and protection criteria for
cross channel risk
this program provides unbanked beneficiaries a way to receive payments electronically
Direct express
risk that action taken by a government may affect a payment system or participants in a payment system
sovereign risk
Due diligence for correspondent and private banking accounts
title III and the bank secrecy act
the effort to combat international money laundering and block access by terrorists to the US financial system
USA Patriot ACT
internal audit
own and manage risk control
ensure that expertise and process excellence are available to manage and control risk
coso’s three lines of defense model
express overall appetite by using broad statements
express risk appetite for each major class of organizational objectives
express risk appetite for different areas of risk
communicating risk appetite
risk assessment
control activities
control environments
info and communication
monitoring
5 key components internal control program
governance and culture
strategy and objective setting
performance
review and revision
info communication and reporting
ERM framework
establish and revise
communicate
monitor and reinforce
risk appetite steps
credit push only
RTP
Administrative
Technical
Physical
Nature related Controls
when did checks become local
first quarter of 2010 by Reg CC
Availability
Confidentiality
data integrity
Information Security Components
funds held by an institution during the check clearing process before being made available to a depositor
Float for checks
set of security requirements surrounding the properties and management of devices used in the protection of cardholders PIN and other card payment processing activities
PCI-PTS
ensure organizations operate effectively, safeguard assets produce reliable financial records and maintain compliance with Regs and laws
Internal control program
provisions that require all non-tax related payments made by the federal government be made via electronic funds transfer EFT
Debt Collection improvement act of 1996
Feature unique to contactless cards that supports the use of improves security including authenticated information access
Microcontroller
Reg CC does not apply to
Debit Cards
RDC and Mobile Deposits
What payment channel is particularly vulnerable to Cross Channel Risk
RDC
digital certificates
public key infrastructures and
encryption
secure data transmission
may engage a third-party independent sales organization or membership service provider to conduct and monitor day to day activities or its merchants accounts
acquiring bank
dual message one containing authorization decision and the second that contains data required for clearing and settlement
signature authenticated transactions
development of the routing # a policy and the national standard for imprinting checks with magnetic ink character recognition
automation of the check clearing process
should reflect the nature and complexity of the institution’s participation in retail payment systems
FI Risk management strategy
desirable prohibited and restricted originators
background check or originators
creditworthiness
Onboarding ACH Originators
who does direct access apply to
ACH
Applies to any entity that collects uses or stores the personal data of people in the European union
GDPR
Establish reasonable controls and requirements to achieve policy objectives
Standards
9 Digit Routing
18 onus
12 Account fields
MICR Line contains
risk of not successfully moving the payment between the buyer and the seller or having the payment altered in some way during the process
Transit Risk
possibility that one to more parties will fail to deliver on the terms of a contract at the agreed upon time
Settlement Risk
