Back

Establish, implement, and maintain a third party payment system.


CONTROL ID
08903
CONTROL TYPE
Business Processes
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Third Party and supply chain oversight, CC ID: 08807

This Control has the following implementation support Control(s):
  • Disclose payments made to third parties., CC ID: 08904
  • Document payments to third parties., CC ID: 08905
  • Make third party payments freely and proportionate to the furnished services., CC ID: 08906
  • Establish a trust to pay for supply chain security forces., CC ID: 08907
  • Notify third parties of revenue collection weaknesses., CC ID: 08909
  • Avoid cash purchases of supplies from third parties., CC ID: 08910
  • Pay third parties through official banking channels., CC ID: 08911
  • Disclose payments made to supply chain security forces., CC ID: 10031


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Assess the effectiveness of the reconcilement with third-party service providers preparing ACH transaction files and ensure daily reconciliation. (App A Tier 2 Objectives and Procedures I.8, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)
  • For non prefunded arrangements determine whether the institution places blocks on outgoing payments to deposit accounts, applies them as reductions to credit lines, or includes them in the overall funds transfer monitoring process. (App A Tier 2 Objectives and Procedures J.4, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)
  • Determine whether management approves payments resulting in extensions of credit lines or drawings against uncollected funds and retains documentation to support the approvals. Determine whether the institution performs credit assessments of customers originating large dollar volumes of ACH credit t… (App A Tier 2 Objectives and Procedures J.5, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)
  • Determine whether management approves draws against uncollected ACH deposits and maintains documentation to support approvals for debits originated by high-risk customers. (App A Tier 2 Objectives and Procedures J.7, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)