The Federal Financial Institutions Examination Council (FFIEC) has issued updated guidance for examiners, financial institutions and technology service providers on the risks and risk-management practices applicable to financial institutions’ retail payment systems activities. The guidance, which is included in the FFIEC Information Technology Examination Handbook, is an update to the “Retail Payment Systems Booklet” (Booklet), which was issued in March 2004.
The revised Booklet provides risk identification and management guidance related to the operational impact of The Check Clearing for the 21st Century Act of 2004 (commonly known as the Check 21 Act). It also provides expanded guidance on merchant card processing and automated clearinghouse (ACH) activities, with a more in-depth discussion of the risks posed by these activities and some of the risk-management tools financial institutions can use to mitigate them. There are also brief discussions addressing some of the emerging technologies in retail payment systems, including contactless payment cards, biometrics and proximity payments. The Booklet includes information on remotely created checks and electronically created payment orders, both of which are being used more frequently as payment devices in today’s rapidly evolving payments landscape.
Lastly, the Booklet addresses remote deposit capture activities and provides examination work steps for use in conjunction with the January 14, 2009, FFIEC guidance on “Risk Management of Remote Deposit Capture” (SR letter 09-2).
See SR 10-3 for full details.