| Booklet:
Retail
Payment Systems Section: Introduction Subsection: |
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||
The
FFIEC IT Examination Handbook (IT Handbook), “Retail Payment
Systems Booklet” (booklet), provides guidance to examiners, financial
institutions, and technology service providers (TSP) on identifying and
controlling information technology (IT)-related risks associated with
retail payment systems and related banking activities.
Financial institutions, either in consortiums or acting independently,
remain the core providers to businesses and consumers for most retail
payment instruments and services.
Financial institutions accept, collect, and process a variety of payment instruments, and participate in clearing and settlement systems. In some cases financial institutions perform all of these tasks, but increasingly, independent third parties play an important role and financial institution risks are altered if independent third parties are involved. Federal government-affiliated providers and operators, such as the Federal Reserve Banks, also compete with numerous financial institutions and private sector firms in providing various retail payment services.
This booklet replaces chapters 20, “Retail EFT (ATM and POS),” and 21, “Automated Clearing House (ACH),” in the 1996 FFIEC Information Systems Examination Handbook. The booklet presents retail payment systems examination guidance in three parts, followed by examination procedures, a glossary, and references.
|
|
Retail Payment Systems Overview—The booklet starts with an overview of retail payment systems, grouping retail payment instruments in three categories: checks, card-based electronic payments, and other electronic payments, including person-to-person (P2P), electronic benefits transfer (EBT), and the automated clearinghouse (ACH). |
|
|
Payment
Instruments, Clearing, and Settlement—The second section
of the booklet describes the retail payment system instruments typically
offered by financial institutions and the roles of various payment
system participants, including third parties. Generic diagrams showing
the typical payment flows and clearing and settlement arrangements
for each of the retail payment instruments described are also included.
|
|
|
Retail Payment Systems Risk Management—The third section describes the risks associated with various retail payment systems and instruments, using the regulatory risk categories including reputation, strategic, credit, liquidity, settlement, legal/compliance, and operational/transaction risk. This section also presents the risk management practices financial institutions should have in place in order to mitigate the risks described and concludes with specific controls appropriate to a number of retail payment instruments. Management action summaries are also included in this section, providing a snapshot of the risks and risk management practices described in the text. |
This booklet includes a number of references to other IT Handbook booklets, including “Information Security,” “Business Continuity Planning,” “Audit,” “Outsourcing Technology Services,” “Electronic Banking,” and “Wholesale Payment Systems.” In addition to describing the information technology risks and controls, the booklet also describes certain credit and liquidity risks that may also be present when providing retail payment services. A full review of a particular financial institution’s retail payment system environment might require the use of examiners with experience in credit, liquidity, or compliance issues and additional examination procedures.
Examiners should use the examination procedures for evaluating the risks and risk management practices at financial institutions offering retail payment system products and services. These procedures address services and products of varied complexity, and examiners should adjust the procedures, as appropriate, for the scope of the examination and the risk profile of the institution. The procedures may be used independently or in combination with procedures from other IT Handbook booklets and agency-specific handbooks and guidance documents.
This
booklet references specific services and brand names trademarked by their
respective companies. These references are intended solely to provide
a retail payment systems overview and should not be construed as an FFIEC
endorsement of any product or service noted herein.
|