NCUA Report; Understanding Risks in Electronic Payment Systems
Written by Bernadette Clair, Senior Regulatory Compliance Counsel
A couple of weeks ago, NCUA released its November 2014 Report. Featured articles include:
- Office of National Examinations and Supervision Report: ATM Skimmers: Can You Spot Them?
- ChairmanâÂÂs Corner: Honoring Our NationâÂÂs Veterans
- Board Perspectives: Taking the Time to Get it Right
- Board Actions October 2014: No Share Insurance Fund Premium for 2014; Board Approves Proposed Amendments to Corporate, Flood Insurance Rules
- Region II Report: Understanding Risks in Electronic Payment Systems
- Office of Small Credit Union Initiatives Report: Five New NCUA Videos to Fight Fraud
- Office of National Examinations and Supervision Report: Mobile Banking, Payments Increase Among Smartphone Users
- Find a Credit Union with our Locator App
***
Understanding Risks in Electronic Payment Systems. One of the articles in this monthâÂÂs NCUA Report that caught my attention discusses the risks associated with electronic payment systems (ACH, ATM, wire transfers, and remote deposit capture) that credit unions should consider when offering or expanding these services. These risks fall into several familiar categories â credit, fraud, compliance, liquidity, systemic, operational or transactional, strategic, and reputation.
HereâÂÂs a snippet from the article, with just a few of the questions that NCUA has developed to help credit unions develop electronic payments risk-management policies and procedures:
âÂÂPolicy and Procedures â Are our policies sufficient enough to address the risks associated with our credit unionâÂÂs activities? Do our policies describe program objectives, the boardâÂÂs risk appetite and tolerances? Have we identified and formally approved all activities the credit union will engage in? Do our written procedures match our current practices? Do our current practices address such things as Bank Secrecy Act or customer identification and verification concerns? Have we established and documented our incident response and communication expectations? Does our credit union have effective internal controls?
Audit â Has my credit union completed an acceptable audit? Was the audit completed by a person independent of my credit unionâÂÂs operations? Do our internal audits sufficiently identify potential risk across all operational areas? Has my credit union taken action to correct any issues found in the audit?
Risk Assessment â Has our management evaluated the risks associated with electronic payments processing? Is our credit unionâÂÂs risk assessment commensurate with the type and complexity of our activities? Does the assessment consider all categories of risk? Does it identify inherent risk, risk mitigating controls in place and residual risk?âÂÂ
For the complete list of questions NCUA has developed, as well as links to several NCUA Letters to Credit Unions containing additional guidance, the article is available in its entirety here.