Payments Risk Management Controls (2) Flashcards

1
Q

Risk Mitigation

A

Process of reducing risks through the introduction of specific controls and risk transfer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Business Continuity Plan (BCP)

A

A comprehensive written plan to maintain or resume business in the event of a disruption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Business Impact Analysis (BIA)

A

Process of identifying the potential impact of uncontrolled, non-specific events on an institution’s business processes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Business Continuity Strategy

A

Comprehensive strategies to recover, resume and maintain all critical business functions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Tabletop Exercise/Structured Walk-Through Test

A

Testing method ensures critical personnel from all areas are familiar with the business continuity plan (BCP) and may be used as an effective training tool.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Walk-Through Drill/Simulation Test

A

Testing method used to apply a specific event scenario to the business continuity plan (BCP).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Functional Drill/Parallel Test

A

Testing method involves actual mobilization of personnel to other sites attempting to establish communications and perform actual recovery processing as outlined in the business continuity plan (BCP).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Full-Interruption/Full-Scale Test

A

Testing method involves a simulated real-life emergency and all or portions of the business continuity plan (BCP) are implemented by processing data/transactions using back-up media at the recovery site.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

(1) Business Impact Analysis; (2) Risk assessment; (3) Risk management; (4) Risk monitoring and testing

A

Name the four steps included in business continuity planning (BCP).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Business Impact Analysis

A

Step in the BCP process that identifies the potential impact of uncontrolled, non-specific events on an institution’s business processes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Risk Assessment

A

Step in the BCP process that evaluates business processes and BIA assumptions using various threat scenarios.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Control Self-Assessment

A

A technique used to internally assess the effectiveness of risk management and control processes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Incident Response Plan

A

A plan that defines the action steps, involved resources and communication strategy upon identification of a threat or potential threat event, such as a breach in security protocol, power or telecommunications outage, severe weather or workplace violence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Exposure Limits

A

A method used to mitigate credit risk, also required by the ACH Rules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

At least annually

A

Frequency in which a business continuity plan should be reviewed by internal or external auditors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

At least annually, or more frequently depending on changes in the operating environment

A

Frequency in which an enterprise-wide business continuity tests should be conducted.

17
Q

Financial Controls

A

Controls to detect and/or prevent errors or misappropriations.

18
Q

Administrative Controls

A

Controls that align with board-approved risk appetite and inform employees of management’s expectations.

19
Q

Procedural Controls

A

Controls that establish policies and procedures that reduce risk and ensure operating, reporting and compliance objectives are met.

20
Q

Technical Controls

A

Controls to prevent and detect unauthorized activity.

21
Q

Unfair, Deceptive or Abusive Acts or Practices (UDAAP)

A

Law to protect consumers purchasing financial products and services requiring that consumers have access to information that lets them choose the option they believe is best for their situation.

22
Q

Anomalous Activity

A

Activity that is inconsistent with or deviating from what is usual, normal or expected.

23
Q

(1) Prominent - will the consumer notice the information; (2) Presented - is the format easy-to.understand; (3) Placement - is the information located where a consumer would expect to look; (4) Proximity - is the information close to the claim it qualifies

A

Name the FTC’s “four Ps” for evaluating whether a representation, omission, act or practice is likely to mislead.

24
Q

(1) Planning; (2) Due Diligence in Vendor Selection; (3) Contract Negotiation; (4) Ongoing Monitoring; (5) Termination

A

Name the five steps in the vendor management life cycle according to the FFIEC.

25
Q

Preventative Control

A

A mitigating technique designed to prevent an event from occurring.

26
Q

Business Continuity Test/Disaster Recovery Exercise

A

A test of an institution’s disaster recovery plan or BCP.

27
Q

Test Plan

A

A document based on the institution’s test scope and objectives and includes various test methods.

28
Q

Transaction Testing

A

A testing activity designed to validate the continuity of business transactions and the replication of associated data.