Payments Risk Management Controls (2)

Question 1

Risk Mitigation

Answer 1

Process of reducing risks through the introduction of specific controls and risk transfer.

Question 2

Business Continuity Plan (BCP)

Answer 2

A comprehensive written plan to maintain or resume business in the event of a disruption.

Question 3

Business Impact Analysis (BIA)

Answer 3

Process of identifying the potential impact of uncontrolled, non-specific events on an institution’s business processes.

Question 4

Business Continuity Strategy

Answer 4

Comprehensive strategies to recover, resume and maintain all critical business functions.

Question 5

Tabletop Exercise/Structured Walk-Through Test

Answer 5

Testing method ensures critical personnel from all areas are familiar with the business continuity plan (BCP) and may be used as an effective training tool.

Question 6

Walk-Through Drill/Simulation Test

Answer 6

Testing method used to apply a specific event scenario to the business continuity plan (BCP).

Question 7

Functional Drill/Parallel Test

Answer 7

Testing method involves actual mobilization of personnel to other sites attempting to establish communications and perform actual recovery processing as outlined in the business continuity plan (BCP).

Question 8

Full-Interruption/Full-Scale Test

Answer 8

Testing method involves a simulated real-life emergency and all or portions of the business continuity plan (BCP) are implemented by processing data/transactions using back-up media at the recovery site.

Question 9

(1) Business Impact Analysis; (2) Risk assessment; (3) Risk management; (4) Risk monitoring and testing

Answer 9

Name the four steps included in business continuity planning (BCP).

Question 10

Business Impact Analysis

Answer 10

Step in the BCP process that identifies the potential impact of uncontrolled, non-specific events on an institution’s business processes.

Question 11

Risk Assessment

Answer 11

Step in the BCP process that evaluates business processes and BIA assumptions using various threat scenarios.

Question 12

Control Self-Assessment

Answer 12

A technique used to internally assess the effectiveness of risk management and control processes.

Question 13

Incident Response Plan

Answer 13

A plan that defines the action steps, involved resources and communication strategy upon identification of a threat or potential threat event, such as a breach in security protocol, power or telecommunications outage, severe weather or workplace violence.

Question 14

Exposure Limits

Answer 14

A method used to mitigate credit risk, also required by the ACH Rules

Question 15

At least annually

Answer 15

Frequency in which a business continuity plan should be reviewed by internal or external auditors.

Question 16

At least annually, or more frequently depending on changes in the operating environment

Answer 16

Frequency in which an enterprise-wide business continuity tests should be conducted.

Question 17

Financial Controls

Answer 17

Controls to detect and/or prevent errors or misappropriations.

Question 18

Administrative Controls

Answer 18

Controls that align with board-approved risk appetite and inform employees of management’s expectations.

Question 19

Procedural Controls

Answer 19

Controls that establish policies and procedures that reduce risk and ensure operating, reporting and compliance objectives are met.

Question 20

Technical Controls

Answer 20

Controls to prevent and detect unauthorized activity.

Question 21

Unfair, Deceptive or Abusive Acts or Practices (UDAAP)

Answer 21

Law to protect consumers purchasing financial products and services requiring that consumers have access to information that lets them choose the option they believe is best for their situation.

Question 22

Anomalous Activity

Answer 22

Activity that is inconsistent with or deviating from what is usual, normal or expected.

Question 23

(1) Prominent - will the consumer notice the information; (2) Presented - is the format easy-to.understand; (3) Placement - is the information located where a consumer would expect to look; (4) Proximity - is the information close to the claim it qualifies

Answer 23

Name the FTC’s “four Ps” for evaluating whether a representation, omission, act or practice is likely to mislead.

Question 24

(1) Planning; (2) Due Diligence in Vendor Selection; (3) Contract Negotiation; (4) Ongoing Monitoring; (5) Termination

Answer 24

Name the five steps in the vendor management life cycle according to the FFIEC.

Question 25

Preventative Control

Answer 25

A mitigating technique designed to prevent an event from occurring.

Question 26

Business Continuity Test/Disaster Recovery Exercise

Answer 26

A test of an institution’s disaster recovery plan or BCP.

Question 27

Test Plan

Answer 27

A document based on the institution’s test scope and objectives and includes various test methods.

Question 28

Transaction Testing

Answer 28

A testing activity designed to validate the continuity of business transactions and the replication of associated data.