FFIEC part 2 Flashcards
What are the major topics that the manuals and/or booklets of the FFICE cover?
Retail Payments Systems
Bank Secrecy Act/Anti-Money Laundering Examination Manual
Information Security
Mobile Financial Services
Authentication and Access to Financial Institution Services and Systems
Supervisory Guidance for Remote Deposit Capture
Business Continuity Management
Interagency Guidance: Third Party Relationships
What does FFIEC stand form?
Federal Financial Institutions Examination Council
What does the FFIEC do?
Prescribes uniform principles, standards, and report forms for the federal examination of financial institutions for financial regulators.
Make recommendations to promote uniformity.
The FFIEC is not itself a regulation.
What are the different governing bodies that the FFIEC provides unform priniciples and standards for?
Board of Governors of the Federal Reserve System (FRB)
Federal Deposit Insurance Corporation (FDIC)
National Credit Union Administration (NCUA)
Office of the Comptroller of the Currency (OCC)
State Liaison Committee (SLC)
Consumer Financial Protection Bureau (CFPB)
How does the FFIEC make recommendations to promote uniformity in the supervision of financial institutions?
It does so through guidance designed to
- Guide bank examiners during examination process; and
- Assist financial institutions to:
- Identify risks, and
- Evaluate adequacy of controls and risk management practices
What does the Retail Payment Systems - IT Examination Handbook provide?
Identifies and controls risks related to retail payment systems and other related banking activities.
What are the 6 risks identifies by the FFIEC Retail Payment Systems handbook?
SCROLL
Strategic Risk
Credit Risk
Reputation Risk
Operational Risk
Legal/Compliance Risk
Liquidity Risk
Summarize the different topics covered in the Retail Payment Systems IT Examination Boodk.
Know the FFIEC Guidance
Know Your Customer (KYC)
Establish appropriate risk-based guidelines for customers/vendor selection
Have strong agreements
Know and anticipate the risks with RDC
- Legal/compliance risks
- Reputational risks
- Operational risks
Measure/monitor/review reports
Include senior management in reporting
Understand types of risk in retail payments and how to manage and monitor each
What does the FFIEC warn regarding third paries?
They introduce new risks.
What services do retail payment systems provide?
checks and share draft item processing
bankcards,
payment cards
ACH
EFT/POS networks
electronic bill payment
person to person (P2P) and A2A account to account payment systems
many others as technology advances…
What shoudl the Examination Scope be based on?
the risk profile of the financial institution or the technology service provider
What determines the risk profile?
an assessment of the entity’s risk environment and quality of risk management practices.
What is the underlying Tier I Objective?
To evaluate the effectiveness of
the internal controls and risk
management processes
implemented by the financial
institution or service provider
What is the underlying Tier II Objective?
To expand the scope of the
examination further if the risk
profile or complexity of the
organization requires additional
information
List all of Tier I objectives
1 Assess the LEVEL of risk in retail payment systems function
2 ESTABLISH the SCOPE and OBJECTIVES of the examination of the retail payment systems functions.
3 Assess the QUALITY OF OVERSIGHT and support provided by the board of directors and management
4 Assess the QUALITY OF POLICIES, procedures and limits supporting retail payment services.
5 Assess QUALITY OF MANAGEMENT INFORMATION SYSTEMS and reports used to manage retail payment services
6 Assess the QUALITY OF RISK MANAGEMENT t and support for BANKCARD ISSUANCE and acquiring (merchant processing activity)
7 Assess the QUALITY OF RISK MANAGEMENT and support for EFT/POS PROCESSING
8 Assess the QUALITY OF RISK management and support for ACH PROCESSING activity.
9 Assess the QUALITY OF RISK MANAGEMENT AND SUPPORT for electronic banking related retail payment transaction processing.
10 Asses the QUALITY OR RISK MANAGEMENT and support for CHECKS
11 Assess the QUALITY OF RISK MANAGEMENT of new and emerging technologies.
Describe Tier II Retail Payment Systems Examination Procedures.
The Tier II Retail Payment Systems Examination Procedures provide additional validation steps to verify the effectiveness of a financial institution’s internal control processes over ACH, EFT/POS network, check item, electronic banking-related retail payments, and bankcard processing, clearance, and settlement
What does the BSA/AML Examination Manual provide?
Provides guidance on identifying and controlling risks associated with money laundering and terrorist financing
What does the FFIEC BSA/AML Examination Manual include?
Suspicious Activity Reporting (SAR)
Currency Transaction Reporting
Correspondent Accounts (Foreign)
Automated Clearing House Transactions
Third-Party Payment Processors
What requirements must the BSA/AML compliance program provide?
Internal Controls
- policies, procedures
- regulatory updates
- incorporating dual controls and segregation of duties
Independent testing
- Conducted by bank personnel or by an outside party
- Testing to ensure the internal controls are aligned with the bank’s risk profile
BSA compliance officer
- Designation of an individual or individuals responsible for coordinating and monitoring day-to-day compliance
Training for appropriate personnel
- Should include examples of money laundering and suspicious activity monitoring and reporting
- Document training program
What are the BSA/AML: Money Laundering Steps
Placement
Layering
Integration
Placement
First and most vulnerable stage of laundering money
Goal is to introduce unlawful proceeds into the financial system without attracting attention of financial institutions or law enforcement
Layering
Second stage which involves moving funds around the financial system - often in complex series of transactions to create confusion and complicate the paper trail
Integration
Goal once funds are in the financial system and insulated through layering stage
Create the appearance of legality through additional transactions
