Welcome » IT Booklets » Wholesale Payment Systems » Appendix A: Examination Procedures » Tier I Examination Objectives and Procedures
EXAMINATION OBJECTIVE: Examiners should use the Wholesale Payment Systems Examination Procedures to determine the adequacy of the financial institution's payment system risk policies and wholesale payment business processes, including personnel and internal control systems used to mitigate the risks associated with wholesale payment systems. Wholesale payment system services include Fedwire Funds Servicefunds transfer and book-entry securities; CHIPS; SWIFT; payment messaging systems; net settlement, clearing and settlement systems; internally developed and off-the-shelf funds transfer systems; and web-based payment systems. The examiner's assessment of risk and risk management practices relating to a financial institution's wholesale payment system service should help determine the extent of testing and which procedures to perform. The assessment should consider the effectiveness of formal policies and procedures as well as the financial institution's underlying internal control environment including information security, business continuity and disaster recovery, and management of wholesale payment services outsourced to third parties.
Financial institutions are exposed to numerous credit, liquidity, reputation, legal, and operational risks in provisioning wholesale payment system services to counter parties and performing related processing, clearance, and settlement functions in-house and with third parties. Depending on the financial risks, IT related operational (transactional) risks, compliance risks, and complexity of wholesale payment system activity, the examination may require an integrated team approach that includes the knowledge and skills of safety and soundness examiners and IT examiners.
Examiners may incorporate the Examination Procedures as part of either an IT or safety and soundness examination. The Examination Procedures can also be used in its entirety, or can be used in modular fashion, focusing on particular wholesale payment system products or business lines. Depending on the size and complexity of the financial institution or service provider, examiners may tailor the use of the examination procedures. In many cases, they can eliminate certain procedures and still arrive at a conclusion regarding the quality of risk management practices and performance. The examination procedures are structured as follows:
Objective 1: Determine the scope and objectives of the examination of the wholesale payment systems function.
1. Review past reports for comments relating to wholesale payment systems. Consider:
2. Review past reports for comments relating to the institution's internal control environment and technical infrastructure. Consider:
3. During discussions with financial institution and service provider management:
4. Review the financial institution's response to any wholesale payment systems issues raised at the last examination. Consider:
Objective 2: Determine the quality of oversight and support provided by the board of directors and management.
1. Determine the quality and effectiveness of the financial institution's wholesale payment systems management function. Consider:
2. Assess management's ability to manage outsourcing relationships with service providers and software vendors contracted to provide wholesale payment system services. Evaluate the adequacy of terms and conditions, and whether they ensure each party's liabilities and responsibilities are clearly defined. Consider:
3. Evaluate the adequacy and effectiveness of financial institution and service provider contingency and business recovery plans. Consider:
4. Evaluate wholesale payment system business line staff. Consider:
5. Review the disaster recovery plan for the funds transfer system (FTS) to ensure it is reasonable in relation to the volume of activity, all units of the FTS are provided for in the plan, and the plan is regularly tested.
Objective 3: Determine the quality of risk management and support for Payment System Risk policy compliance.
1. Review policies and procedures in place to monitor customer balances for outgoing payments to ensure payments are made against collected funds or established intraday or overnight overdraft limits and payments resulting in excesses of established uncollected or overdraft limits are properly authorized. 2. Review a sample of contracts authorizing the institution to make payments from customers' accounts to ensure they adequately set forth responsibilities of the institution and the customer, primarily regarding provisions of the Uniform Commercial Code Article 4A (UCC4A) related to authenticity and timing of transfer requests. Objective 4: Determine the quality of risk management and support for internal audit and the effectiveness of the internal audit program for wholesale payment systems.
1. Review the audit program to ensure all functions of the FTS are covered. Consider:
2. Review a sufficient sample of supporting audit work papers necessary to confirm that they support the execution of procedures established in step 1 above. 3. Review all audit reports related to the FTS and determine the current status of any exceptions noted in the audit report. CONCLUSIONS
1. Determine the need to proceed to Tier II procedures for additional validation to support conclusions related to any of the Tier I objectives. 2. From the procedures performed, including any Tier II procedures performed:
3. Review your preliminary conclusions with the EIC regarding:
4. Document your conclusions in a memo to the EIC that provides report ready comments for all relevant sections of the FFIEC Report of Examination and guidance to future examiners. 5. Organize work papers to ensure clear support for significant findings and conclusions.