Welcome » IT Booklets » Wholesale Payment Systems » Wholesale Payment Systems Risk Management » Operational (Transaction) Risk » Internal and Operational Controls
Management should consider implementing a variety of specific measures to mitigate or limit operational risks, such as authentication and encryption techniques to ensure the authenticity of the payer and payee as well as prevent unauthorized access to information in transit; and edit checks and automated balancing to verify the integrity of the information relative to the payment order and funds transfer transaction. Additional controls include the use of certified tamper resistant equipment, logical access controls to verify transactions, verification of account balances, and the logging of all transactions and attempts to make a transaction. Additional internal control measures that management should employ to mitigate wholesale payment system risk include:
The operational controls for funds transfer operations require clearly defined procedures establishing a control environment which provides for the authorization and authentication of transactions. Financial institutions should establish effective operational controls that identify and document:
Basic internal controls should be in effect to maintain overall integrity for any funds transfer operation. However, depending on the complexity and volume of operations, certain steps may not be applicable for some institutions. Recommended control objectives for a wholesale funds transfer system include:
Financial institutions should have funds transfer policies and procedures addressing both the processing of funds transfer messages and the related standards for creating and maintaining source documents. Policies and procedures should include documentation describing all interfaces between the funds transfer application and other back office and customer-related banking processes, and should address the controls relating to crediting, debiting, and reconciling customer and institution account balances. Policies and procedures should also document institution specific compliance requirements to address federal and state regulations including OFAC verification procedures.