Fundamentals of Payments Risk Management Flashcards
27%
How is enterprise risk management applied?
It is applied at all levels and across all functions of an organization.
A failure mode and effects analysis (FMEA) is used to manage operational risk by providing what?
A means to identify and define failure points of a process and to assign steps to prioritize risk incidents and define mitigation plans.
A Merchant declaring bankruptcy, committing fraud, or unable to pay a charge-back is considered credit risk for who?
The Acquirer
How many incidents does the Federal Reserve allow before contacting a financial institution about excessive daylight overdrafts?
Up to two incidents per two consecutive two-week reserve-maintenance periods (a total of four weeks.)
How should financial controls be graded?
Strong
Moderate
Weak
Setting ACH limits is a control for what type of risk?
Credit risk
Technology failures, power failure, human error, or natural disasters are examples of what type of risk?
Operational risk
What are the four elements of a sound risk management framework?
- Clearly identify risks
- Establish sound governance
- Establish clear and appropriate rules and procedures
- Employ resources necessary to achieve risk management objectives
What are the three lines of defense in a risk management framework?
- Frontline operations own and manage risk and controls
- Management monitors risk, control, and compliance functions
- Internal audit provides independent assurance that the risk management framework is operating effectively
What are user access controls?
Systems put in place to determine the functionality access of each individual on a day-to-day basis.
What is a credit policy?
Clear, written guidelines that set terms and conditions, qualification criteria, collection procedures, and steps to take when a loan customer is delinquent.
What is a financial transaction control?
A process designed to detect or prevent errors, misappropriations, and ensure adherence to policy.
What is a risk management framework?
A set of objectives, policies, arrangements, procedures, and resources employed to limit and manage risk.
What is a service level agreement (SLA)?
An agreement with a service provider to ensure compliance with identified action plans, establish service fees, and performance penalties.
What is another term for credit risk?
Temporal risk
What is business continuity?
Preparation to ensure that a business can continue to operate in the case of service disruptions.
What is business resiliency?
The ability of an organization to adapt to disruptions to safeguard people, assets, and brand.
What is capital adequacy?
The minimum amount a financial institution must maintain to absorb losses and continue functions during times of financial distress.
What is change control?
A process to manage changes to an operating environment when a change is made to an application, operating system, or utility in the production environment.
What is compliance risk?
The risk that a party to a transaction fails to comply, either knowingly or inadvertently, with payment system rules, policies, regulations, and applicable U.S. & state law.
What is considered a expeditious return of a check?
A returned check that is received by the Depository Bank no later than 2 p.m. (local time for the Depository Bank) on the second business day following the banking day on which the check was presented to the Paying Bank.
What is counterparty risk?
The risk that each party of a contract will not live up to its contractual obligations.
What is credit risk?
The risk that a party to a transaction will not be able to provide the necessary funds, as contracted for settlement to take place.
What is cross-channel risk?
The risk that the movement of fraudulent or illegal payment transactions from one payments channel to another is met with inconsistent risk management practices and lack of information sharing across payment channels about fraud.
What is daylight overdraft?
When a financial institution’s Federal Reserve account is in a negative position at some point during the business day.
What is Direct Access risk?
A risk specific to the ACH Network, where an Originator, Third-Party Sender, or Third-Party Service Provider transmits ACH files directly to an ACH Operator using the ODFI’s routing number and settlement account.
What is enterprise risk management (ERM)?
The culture, capabilities, and practices of an organization.
What is ex post monitoring?
The Federal Reserve’s monitoring of certain transactions (Fedwire® funds transfers, book-entry securities transfers, and net settlement transactions) as they are processed and posted during the business day, and other transactions (ACH and check transactions) that are posted to institutions’ accounts according to defined schedules.
What is fraud risk?
The risk that a payment transaction is initiated or altered by any party to the transaction in an attempt to misdirect or misappropriate funds with fraudulent intent.
What is legal risk?
The risk that an organization’s failure to enact appropriate policies, procedures, or controls to ensure it conforms to laws, regulations, contractual arrangements, and other legally binding agreements.
What is liquidity risk?
The risk that earnings or capital will be negatively affected by an organization’s inability to meet its obligations when they come due.
What is operational risk?
The risk that a transaction is altered or delayed due to an unintentional error.
What is real-time monitoring?
The Federal Reserve Bank monitors an individual institution’s position when it is believed that the Federal Reserve Bank faces excessive risk exposure and rejects or delays transactions that exceed the institution’s maximum daylight overdraft position.
What is reputation risk?
The risk that negative publicity regarding an organization’s business practices leads to a loss of revenue or results in litigation.
What is residual risk?
The amount of risk remaining after the implementation of controls.
What is risk measurement?
The process to determine the likelihood of an adverse event or threat occurring and the potential impact of such an event on the institution.
What is risk mitigation?
The process of reducing risks through the introduction of specific controls and risk transfer.
What is risk?
The potential that events, expected or unanticipated, may have an adverse effect on a financial institution’s earning, capital, or reputation.
What is settlement risk?
The risk that one or more parties will fail to deliver on the terms of a contract at the agreed-upon time.
What is strategic risk?
The risk associated with an organization’s mission and future business plans.
What is system compromise?
The loss of availability of a payment system resulting from fraud, malicious damage to data, or error.
What is system disruption?
A system is unavailable to process transactions due to a system failure, destruction of the facility (natural disasters, fires, terrorism), or operation shutdown.
What is system failure?
Breakdown in a system’s hardware or software from design defects, insufficient system capacity to handle transaction volumes, or mechanical breakdown, including telecommunications.
What is systemic risk?
The risk that a funds transfer system participant is unable to settle its commitments causing other participants to fail.
What is technology risk?
The risk a technology failure will disrupt an organization such as information security incidents or service outages.
What is the FFIEC?
A formal, interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions.
What is the period of credit risk for an ODFI?
The period of time between initiation and settlement of a credit file.
What is third-party risk?
The risk when organizations rely on outside parties to perform services on their behalf.
What is transaction risk?
Exchange rate risk associated with the time delay between entering and settling a contract.
What is transit risk?
The risk a payment does not move successfully between a buyer and a seller, or that a payment is altered in some way during the transit process.
What organizations form the FFIEC?
The FFIEC is composed of representatives from the:
1. Board of Governors of the Federal Reserve System (FRB)
2. Federal Deposit Insurance Corporation (FDIC)
3. National Credit Union Administration (NCUA)
4. Office of the Comptroller of the Currency (OCC)
5. Consumer Financial Protection Bureau (CFPB)
6. Union Administration (NCUA)
7. Office of the Comptroller of the Currency (OCC)
8. Consumer Financial Protection Bureau (CFPB)
9. State Liaison Committee (SLC)
What are policies?
Standards established by a board of directors that describe the governance structure and core elements of an institution’s activities.
Policies should align with what?
An organization’s business strategy and risk appetite
