A Trusted Advisor to Financial Institutions

Upcoming Speaking Engagements

  • May 2019
    • 9: Louisiana Bankers Association: Annual Convention, New Orleans
  • July 2019:
    • 24: Pennsylvania Bankers Association: Advanced Banking School, Penn State University
  • October 2019:
    • 24: Kansas Bankers Association: Operations Roundtable, Topeka
    • 29: Iowa Bankers Association: Technology Conference, Des Moines
  • January 2020:
    • 9: Western Bankers Association: President's Seminar, Santa Barbara
  • February 2020:
    • 7: Florida Bankers Association: Cybersecurity Symposium, Tampa



    Payment Processor Risks

    Payment Processor Risks
    On January 31, 2012, the FDIC issued FIL-3-2012 addressing the risks of providing services to third party payment processors. The document is available here
    In general, the FDIC is concerned that banks may not be properly monitoring the activities of its customers who provide third-party payment services, in part because many of the third-party processor’s customers may not be direct customers of the bank. Examples are varied, but include debt collection, on-line magazine subscriptions, and on-line gambling services. Included in the document are guidelines for creating a risk management document and a risk assessment relative to your relationships with such third-party processors. I will not restate those guidelines here, but instead offer the following key points:
    1. It is hard to overstate the importance of knowing your customer and their activities.

    2. Companies that aggressively pursue an account relationship with you, including those offering to keep large balances, or acquire an ownership stake in your institution, require additional scrutiny.

    3. This is another FDIC issuance that raises the spectre of your bank being charged under Section 5 of the Federal Trade Commission Act “Unfair and Deceptive Acts or Practices” if you are seen as contributing to such behavior on the part of your customer.

    4. As with any relationship whereby you allow customers to originate payments, constant oversight: establishing and monitoring daily limits, both dollar and transaction volume wise, monitoring and addressing high return rates on debit items, and “smell testing” (do these feel like legitimate business practices?) are all appropriate.

    5. As always, you should document your risk assessment, risk management practices, and your monitoring and oversight of customer activity.
    If you in fact have such relationships now, they should be reviewed promptly in light of the new guidance. Any new business opportunities should be carefully evaluated along these same guidelines.  As always, let me know if I can assist you in any way.