Page 8 - gs150801
P. 8
ReadersSpeak
OCC bulletin to banks life cycle of the relationship" should include:
I heard that the OCC issued some kind of guidance in the • Plans that outline the bank's strategy, identify the in-
last couple of years to banks about risk scoring of third herent risks of the activity, and detail how the bank se-
parties. Wouldn't this affect payment processors and lects, assesses, and oversees the third party
registered ISOs doing business with merchant acquiring • Proper due diligence in selecting a third party
banks? I haven't found anything about it in The Green Sheet. • Written contracts that outline the rights and responsi-
bilities of all parties
Marilyn Tarpe, Superlative POS LLC
Marilyn, • Ongoing monitoring of the third party's activities and
performance
I found nothing in our archives pertaining to the Office of • Contingency plans for terminating the relationship in
the Comptroller of the Currency and risk scoring of third an effective manner
parties. The guidance you are referring to is probably
Bulletin 2013-29 issued by the OCC on Oct. 30, 2013. • Clear roles and responsibilities for overseeing and
The subject of the bulletin is third-party relationships, managing the relationship and risk management pro-
and it was issued to "Chief Executive Officers and Chief cess
Risk Officers of All National Banks and Federal Savings • Documentation and reporting that facilitates oversight,
Associations, Technology Service Providers, Department accountability, monitoring, and risk management
and Division Heads, All Examining Personnel, and Other • Independent reviews that allow bank management to
Interested Parties." The bulletin defines third-party determine that the bank's process aligns with its strat-
relationships as "any business arrangement between a egy and effectively manages risks
bank and another entity, by contract or otherwise."
The full bulletin is on the web at www.occ.gov/news-
Registered ISOs, independent payment processing issuances/bulletins/2013/bulletin-2013-29.html.
companies, equipment vendors, information technology
service providers, data security consultants and many The federal government has stepped up scrutiny of our
more enterprises within the payments sphere serve as industry on multiple fronts in recent years. If you search
third-party service providers to banks. The bulletin stated our website for Operation Choke Point, for example, you'll
that an "effective risk management process throughout the find numerous references to one of the
most draconian programs to date. Also,
"Coming to terms with escalating com-
pliance requirements," which we pub-
lished Jan. 12, 2015, in issue 15:01:01,
describes what payment companies are
up against in the current environment
and highlights the increased emphasis
on "know your customer" best practic-
es. You'll find it at www.greensheet.com/
emagazine.php?story_id=4241&search_
string=OCC&search_string2=guidance.
Thank you for your question. This is
an issue vital to all in the payments
industry.
Editor
How well do you know
your customers?
Have actions taken by federal and state
governments to regulate or otherwise
influence our industry changed the way
you run your business? If so, what are
you doing differently now? Have any
of the regulatory steps been beneficial,
or do you see them as mostly a pain in
the neck? Do let us know. And please
keep your questions, suggestions and
insights coming to us at greensheet@
greensheet.com.
8
OCC bulletin to banks life cycle of the relationship" should include:
I heard that the OCC issued some kind of guidance in the • Plans that outline the bank's strategy, identify the in-
last couple of years to banks about risk scoring of third herent risks of the activity, and detail how the bank se-
parties. Wouldn't this affect payment processors and lects, assesses, and oversees the third party
registered ISOs doing business with merchant acquiring • Proper due diligence in selecting a third party
banks? I haven't found anything about it in The Green Sheet. • Written contracts that outline the rights and responsi-
bilities of all parties
Marilyn Tarpe, Superlative POS LLC
Marilyn, • Ongoing monitoring of the third party's activities and
performance
I found nothing in our archives pertaining to the Office of • Contingency plans for terminating the relationship in
the Comptroller of the Currency and risk scoring of third an effective manner
parties. The guidance you are referring to is probably
Bulletin 2013-29 issued by the OCC on Oct. 30, 2013. • Clear roles and responsibilities for overseeing and
The subject of the bulletin is third-party relationships, managing the relationship and risk management pro-
and it was issued to "Chief Executive Officers and Chief cess
Risk Officers of All National Banks and Federal Savings • Documentation and reporting that facilitates oversight,
Associations, Technology Service Providers, Department accountability, monitoring, and risk management
and Division Heads, All Examining Personnel, and Other • Independent reviews that allow bank management to
Interested Parties." The bulletin defines third-party determine that the bank's process aligns with its strat-
relationships as "any business arrangement between a egy and effectively manages risks
bank and another entity, by contract or otherwise."
The full bulletin is on the web at www.occ.gov/news-
Registered ISOs, independent payment processing issuances/bulletins/2013/bulletin-2013-29.html.
companies, equipment vendors, information technology
service providers, data security consultants and many The federal government has stepped up scrutiny of our
more enterprises within the payments sphere serve as industry on multiple fronts in recent years. If you search
third-party service providers to banks. The bulletin stated our website for Operation Choke Point, for example, you'll
that an "effective risk management process throughout the find numerous references to one of the
most draconian programs to date. Also,
"Coming to terms with escalating com-
pliance requirements," which we pub-
lished Jan. 12, 2015, in issue 15:01:01,
describes what payment companies are
up against in the current environment
and highlights the increased emphasis
on "know your customer" best practic-
es. You'll find it at www.greensheet.com/
emagazine.php?story_id=4241&search_
string=OCC&search_string2=guidance.
Thank you for your question. This is
an issue vital to all in the payments
industry.
Editor
How well do you know
your customers?
Have actions taken by federal and state
governments to regulate or otherwise
influence our industry changed the way
you run your business? If so, what are
you doing differently now? Have any
of the regulatory steps been beneficial,
or do you see them as mostly a pain in
the neck? Do let us know. And please
keep your questions, suggestions and
insights coming to us at greensheet@
greensheet.com.
8
