Fundamentals of Payments Risk Management

Question 1

How is enterprise risk management applied?

Answer 1

It is applied at all levels and across all functions of an organization

Question 2

A failure mode and effects analysis (FMEA) is used to manage operational risk by providing what?

Answer 2

A means to identify and define failure points of a process and to assign steps to prioritize risk incidents and define mitigation plans

Question 3

A Merchant declaring bankruptcy, committing fraud, or unable to pay a charge-back is considered credit risk for who?

Answer 3

The Acquirer

Question 4

How many incidents does the Federal Reserve allow before contacting a financial institution about excessive daylight overdrafts?

Answer 4

Up to two incidents per two consecutive two-week reserve-maintenance periods (a total of four weeks)

Question 5

How should financial controls be graded?

Answer 5

Strong
Moderate
Weak

Question 6

Setting ACH limits is a control for what type of risk?

Answer 6

Credit risk

Question 7

Technology failures, power failure, human error, or natural disasters are examples of what type of risk?

Answer 7

Operational risk

Question 8

What are the four elements of a sound risk management framework?

Answer 8

1. Clearly identify risks
2. Establish sound governance
3. Establish clear and appropriate rules and procedures
4. Employ resources necessary to achieve risk management objectives

Question 9

What are the three lines of defense in a risk management framework?

Answer 9

1. Frontline operations own and manage risk and controls
2. Management monitors risk, control, and compliance functions
3. Internal audit provides independent assurance that the risk management framework is operating effectively

Question 10

What are user access controls?

Answer 10

Systems put in place to determine the functionality access of each individual on a day-to-day basis

Question 11

What is a credit policy?

Answer 11

Clear, written guidelines that set terms and conditions, qualification criteria, collection procedures, and steps to take when a loan customer is delinquent

Question 12

What is a financial transaction control?

Answer 12

A process designed to detect or prevent errors, misappropriations, and ensure adherence to policy

Question 13

What is a risk management framework?

Answer 13

A set of objectives, policies, arrangements, procedures, and resources employed to limit and manage risk

Question 14

What is a service level agreement (SLA)?

Answer 14

An agreement with a service provider to ensure compliance with identified action plans, establish service fees, and performance penalties

Question 15

What is another term for credit risk?

Answer 15

Temporal risk

Question 16

What is business continuity?

Answer 16

Preparation to ensure that a business can continue to operate in the case of service disruptions

Question 17

What is business resiliency?

Answer 17

The ability of an organization to adapt to disruptions to safeguard people, assets, and brand

Question 18

What is capital adequacy?

Answer 18

The minimum amount a financial institution must maintain to absorb losses and continue functions during times of financial distress

Question 19

What is change control?

Answer 19

A process to manage changes to an operating environment when a change is made to an application, operating system, or utility in the production environment

Question 20

What is compliance risk?

Answer 20

The risk that a party to a transaction fails to comply, either knowingly or inadvertently, with payment system rules, policies, regulations, and applicable U.S. & state law

Question 21

What is considered a expeditious return of a check?

Answer 21

A returned check that is received by the Depository Bank no later than 2 p.m. (local time for the Depository Bank) on the second business day following the banking day on which the check was presented to the Paying Bank

Question 22

What is counterparty risk?

Answer 22

The risk that each party of a contract will not live up to its contractual obligations

Question 23

What is credit risk?

Answer 23

The risk that a party to a transaction will not be able to provide the necessary funds, as contracted for settlement to take place

Question 24

What is cross-channel risk?

Answer 24

The risk that the movement of fraudulent or illegal payment transactions from one payments channel to another is met with inconsistent risk management practices and lack of information sharing across payment channels about fraud

Question 25

What is daylight overdraft?

Answer 25

When a financial institution’s Federal Reserve account is in a negative position at some point during the business day

Question 26

What is Direct Access risk?

Answer 26

A risk specific to the ACH Network, where an Originator, Third-Party Sender, or Third-Party Service Provider transmits ACH files directly to an ACH Operator using the ODFI’s routing number and settlement account

Question 27

What is enterprise risk management (ERM)?

Answer 27

The culture, capabilities, and practices of an organization

Question 28

What is ex post monitoring?

Answer 28

The Federal Reserve’s monitoring of certain transactions (Fedwire funds transfers, book-entry securities transfers, and net settlement transactions) as they are processed and posted during the business day, and other transactions (ACH and check transactions) that are posted to institutions’ accounts according to defined schedules

Question 29

What is fraud risk?

Answer 29

The risk that a payment transaction is initiated or altered by any party to the transaction in an attempt to misdirect or misappropriate funds with fraudulent intent

Question 30

What is legal risk?

Answer 30

The risk that an organization’s failure to enact appropriate policies, procedures, or controls to ensure it conforms to laws, regulations, contractual arrangements, and other legally binding agreements

Question 31

What is liquidity risk?

Answer 31

The risk that earnings or capital will be negatively affected by an organization’s inability to meet its obligations when they come due

Question 32

What is operational risk?

Answer 32

The risk that a transaction is altered or delayed due to an unintentional error

Question 33

What is real-time monitoring?

Answer 33

The Federal Reserve Bank monitors an individual institution’s position when it is believed that the Federal Reserve Bank faces excessive risk exposure and rejects or delays transactions that exceed the institution’s maximum daylight overdraft position

Question 34

What is reputation risk?

Answer 34

The risk that negative publicity regarding an organization’s business practices leads to a loss of revenue or results in litigation

Question 35

What is residual risk?

Answer 35

The amount of risk remaining after the implementation of controls

Question 36

What is risk measurement?

Answer 36

The process to determine the likelihood of an adverse event or threat occurring and the potential impact of such an event on the institution

Question 37

What is risk mitigation?

Answer 37

The process of reducing risks through the introduction of specific controls and risk transfer

Question 38

What is risk?

Answer 38

The potential that events, expected or unanticipated, may have an adverse effect on a financial institution’s earning, capital, or reputation

Question 39

What is settlement risk?

Answer 39

The risk that one or more parties will fail to deliver on the terms of a contract at the agreed-upon time

Question 40

What is strategic risk?

Answer 40

The risk associated with an organization’s mission and future business plans

Question 41

What is system compromise?

Answer 41

The loss of availability of a payment system resulting from fraud, malicious damage to data, or error

Question 42

What is system disruption?

Answer 42

A system is unavailable to process transactions due to a system failure, destruction of the facility (natural disasters, fires, terrorism), or operation shutdown

Question 43

What is system failure?

Answer 43

Breakdown in a system’s hardware or software from design defects, insufficient system capacity to handle transaction volumes, or mechanical breakdown, including telecommunications

Question 44

What is systemic risk?

Answer 44

The risk that a funds transfer system participant is unable to settle its commitments causing other participants to fail

Question 45

What is technology risk?

Answer 45

The risk a technology failure will disrupt an organization such as information security incidents or service outages

Question 46

What is the FFIEC?

Answer 46

A formal, interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions

Question 47

What is the period of credit risk for an ODFI?

Answer 47

The period of time between initiation and settlement of a credit file

Question 48

What is third-party risk?

Answer 48

The risk when organizations rely on outside parties to perform services on their behalf

Question 49

What is transaction risk?

Answer 49

Exchange rate risk associated with the time delay between entering and settling a contract

Question 50

What is transit risk?

Answer 50

The risk a payment does not move successfully between a buyer and a seller, or that a payment is altered in some way during the transit process

Question 51

What organizations form the FFIEC?

Answer 51

The FFIEC is composed of representatives from the:
Board of Governors of the Federal Reserve System (FRB)
Federal Deposit Insurance Corporation (FDIC)
National Credit Union Administration (NCUA)
Office of the Comptroller of the Currency (OCC)
Consumer Financial Protection Bureau (CFPB)
Union Administration (NCUA)
Office of the Comptroller of the Currency (OCC)
Consumer Financial Protection Bureau (CFPB)
State Liaison Committee (SLC)

Question 52

What are policies?

Answer 52

Standards established by a board of directors that describe the governance structure and core elements of an institution’s activities

Question 53

Policies should align with what?

Answer 53

An organization’s business strategy and risk appetite