RDC Risk Assessment vs. ACH Risk Assessment: Similar or Different? - PowerPoint PPT Presentation

Loading...

PPT – RDC Risk Assessment vs. ACH Risk Assessment: Similar or Different? PowerPoint presentation | free to download - id: 4bab24-NzNhM



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

RDC Risk Assessment vs. ACH Risk Assessment: Similar or Different?

Description:

Fred Laing, AAP UMACHA Mary Gilmeister, AAP WACHA * Where should the Financial Institution perform a risk assessment? Your own IT systems Information Security ... – PowerPoint PPT presentation

Number of Views:425
Avg rating:3.0/5.0
Slides: 19
Provided by: Admin370
Learn more at: http://www.prodevmedia.com
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: RDC Risk Assessment vs. ACH Risk Assessment: Similar or Different?


1
RDC Risk Assessment vs. ACH Risk Assessment
Similar or Different?
  • Fred Laing, AAP
  • UMACHA

Mary Gilmeister, AAP WACHA
2
Agenda
  • Risk Management Program
  • RDC Risk/ACH Risk
  • RDC Risk Assessment/ACH Risk Assessment
  • Differences/Similarities
  • Legal Compliance Risks
  • Third-Party Processor Risks
  • Resource Links

3
Regulatory Guidance
  • NACHAs Proposed Risk Management Assessment
    Rule
  • ACH Risk Management Guidance
  • -OCC Bulletin 2006-39
  • Payment Processors Risk Management Guidance
  • -OCC Bulletin 2008-12
  • Payment Processor Relationships
  • -FDIC Financial Institution Letter 127-2008
  • FFIEC Guidance on Risk Management of RDC
  • FFIEC BSA/AML Examination Manual
  • FFIEC IT Examination Handbook

4
Risk Management Program
  • Planning
  • Clearly defined objectives, well-developed
    business strategy, clear risk parameters, role
    w/in FIs strategic plan
  • Risk Identification Assessment
  • Mitigation Controls
  • Policies procedures, clearly defined
    responsibilities, strong internal controls over
    transactions, risk-based audit program, well
    designed agreements
  • Measuring Monitoring
  • Periodic reports allow board to determine
    activities remain w/in board established risk
    parameters

5
RDC Risk
  • Where does risk occur?
  • What are the types of risk?
  • Internal
  • External
  • Process
  • Legal
  • Compliance
  • Operational
  • Fraud
  • Reputational
  • Credit
  • Strategic

6
ACH Risk
  • Where does risk occur?
  • What are the types of risk?
  • Internal
  • External
  • Process
  • Compliance
  • Operational
  • Credit
  • Fraud
  • Systemic
  • Reputational
  • Strategic

7
RDC Risk Assessment
  • Management must document a comprehensive risk
    assessment to show
  • It can manage the risks associated with RDC
  • Appropriate risk management policies are
    implemented
  • It can effectively mitigate, measure, and monitor
    risks by establishing
  • Risk tolerance levels
  • Internal procedures and controls
  • Well-designed contracts

8
RDC Customer Risk Assessment
  • Customer Due Diligence and Suitability
  • Determine Approved and Excluded Business
  • Define Customer Selection Criteria/Approval
    Process
  • Perform Credit Analysis , History, Balances,
    Availability
  • Customer Location Visits
  • Customer Self-Assessments
  • Establish Velocity Limits Review Periodically
  • Monitor RDC Activity Ongoing

9
ACH Risk Assessment
  • Management must document a comprehensive risk
    assessment to show
  • Assessment of the nature of risks associated with
    ACH
  • Appropriate know-your-customer due diligence
  • Establishment of controls for Originators,
    Third-parties, and Direct-Access relationships
  • Adequate management, information and reporting
    systems to monitor and mitigate risk

10
ACH Customer Risk Assessment
  • Originator Underwriting Standards
  • Define Desirable, Prohibited and Restricted
    Originators
  • Establish Approval Process
  • Background Check to Validate Legitimacy of the
    Business
  • Evaluation of Creditworthiness Financial
    Analysis
  • Review Sales History, Past Statements, Returns,
    Etc.
  • List Permissible Standard Entry Class (SEC) Codes
  • Establish Exposure Limits and Overlimit
    Monitoring and Approval Processes

11
RDC/ACH Similarities
  • Risk Management Program (Policies Procedures)
  • Strong Customer and Vendor Agreements
  • Restrict Certain Businesses
  • Due Diligence or Know your Customer KYC
  • Credit Analysis/Approval Process
  • Physical Security of Paper Checks or Source
    Documents (ACH E-check products)
  • Establish Limits Monitor Ongoing
  • Documented Tested Contingency/DR Plan

12
RDC/ACH Differences
  • Different Legal Frameworks
  • Agreements point to ACH Rules vs. RDC (Check Law)
  • ACH seems More Restrictive
  • FI can control the types of ACH items the
    customer is originating vs. RDC allows for
    Imaging of non-foreign items
  • Types of Limits
  • ACH Exposure Limits vs. RDC Deposit Limits, Per
    Item Limits, Number of Items, Etc.
  • Activity Monitoring
  • ACH Unauthorized Return Rate vs. RDC Rejects
    Image Quality, Duplicates, MICR Correction, Etc.

13
Legal Compliance Risks
  • RDC
  • ACH
  • Agreements
  • RDC FFIEC Guidance
  • Check 21 Law
  • Reg CC
  • Reg J
  • UCC 34
  • Federal Reserve Operating Circulars
  • Clearinghouse Rules (ECCHO)
  • Agreements
  • RDC FFIEC Guidance
  • NACHA Rules
  • Reg D
  • Reg E
  • UCC 4A
  • 31 CFR 210 (Green Book)
  • OCC 2006-39 (Risk Mgmt.)

14
Third-Party Service Provider Risks
  • Is the vendor/service a strategic fit for your
    organization?
  • Is the third-party financially stable?
  • Does the system allow for scalability?
  • Will you have online access to real-time reports?
  • Can velocity limit parameters be established?
  • Does the application provide process system
    monitoring capabilities?

Outsourcing Technology Services Booklet of the
FFIEC IT Examination Handbook provides further
guidance in this area.
15
Regulatory Links
  • FFIEC Guidance - Risk Management of RDC
  • http//www.ffiec.gov/pdf/pr011409_rdc_guidance.pd
    f
  • FFIEC BSA/AML Examination Manual
    http//www.ffiec.gov/bsa_aml_infobase/documents/BS
    A_AML_Man_2007.pdf
  • OCC Bulletin 2006-39-ACH Risk Management Guidance
  • http//occ.treas.gov/ftp/bulletin/2006-39.pdf

16
Regulatory Links
  • Payment Processors Risk Management Guidance
    (OCC Bulletin 2008-12)http//www.occ.treas.gov/f
    tp/bulletin/2008-12.html
  • Payment Processor Relationships (FDIC FI Letter
    127-2008)http//www.fdic.gov/news/news/financial/
    2008/fil08127.html
  • FFIEC IT Examination Handbook
  • http//www.ffiec.gov/ffiecinfobase/html_pages/It_
    01.html

17
  • QUESTIONS ??

18
Contact Information
  • Angi Farren, AAP
  • Image Education Services
  • angif_at_umacha.org
  • 1-800-348-3692
  • www.umacha.org
  • Luann S. Kohlmann, AAP
  • Director of Education
  • lkohlmann_at_wacha.org
  • 1-800-453-1843
  • www.wacha.org
About PowerShow.com