Welcome » IT Booklets » Wholesale Payment Systems » Appendix A: Examination Procedures » Tier I Examination Objectives and Procedures
EXAMINATION OBJECTIVE: Examiners should use the
Wholesale Payment Systems Examination Procedures to determine the
adequacy of the financial institution's payment system risk
policies and wholesale payment business processes, including
personnel and internal control systems used to mitigate the risks
associated with wholesale payment systems. Wholesale payment system
services include Fedwire Funds Servicefunds transfer and book-entry
securities; CHIPS; SWIFT; payment messaging systems; net
settlement, clearing and settlement systems; internally developed
and off-the-shelf funds transfer systems; and web-based payment
systems. The examiner's assessment of risk and risk management
practices relating to a financial institution's wholesale payment
system service should help determine the extent of testing and
which procedures to perform. The assessment should consider the
effectiveness of formal policies and procedures as well as the
financial institution's underlying internal control environment
including information security, business continuity and disaster
recovery, and management of wholesale payment services outsourced
to third parties.
Financial institutions are exposed to numerous credit,
liquidity, reputation, legal, and operational risks in provisioning
wholesale payment system services to counter parties and performing
related processing, clearance, and settlement functions in-house
and with third parties. Depending on the financial risks, IT
related operational (transactional) risks, compliance risks, and
complexity of wholesale payment system activity, the examination
may require an integrated team approach that includes the knowledge
and skills of safety and soundness examiners and IT examiners.
Examiners may incorporate the Examination Procedures as part of
either an IT or safety and soundness examination. The Examination
Procedures can also be used in its entirety, or can be used in
modular fashion, focusing on particular wholesale payment system
products or business lines. Depending on the size and complexity of
the financial institution or service provider, examiners may tailor
the use of the examination procedures. In many cases, they can
eliminate certain procedures and still arrive at a conclusion
regarding the quality of risk management practices and performance.
The examination procedures are structured as follows:
Objective 1: Determine the scope and objectives of
the examination of the wholesale payment systems
1. Review past reports for comments relating to wholesale
payment systems. Consider:
2. Review past reports for comments relating to the
institution's internal control environment and technical
3. During discussions with financial institution and service
4. Review the financial institution's response to any wholesale
payment systems issues raised at the last examination.
Objective 2: Determine the quality of oversight and
support provided by the board of directors and
1. Determine the quality and effectiveness of the financial
institution's wholesale payment systems management function.
2. Assess management's ability to manage outsourcing
relationships with service providers and software vendors
contracted to provide wholesale payment system services. Evaluate
the adequacy of terms and conditions, and whether they ensure each
party's liabilities and responsibilities are clearly defined.
3. Evaluate the adequacy and effectiveness of financial
institution and service provider contingency and business recovery
4. Evaluate wholesale payment system business line staff.
5. Review the disaster recovery plan for the funds transfer
system (FTS) to ensure it is reasonable in relation to the volume
of activity, all units of the FTS are provided for in the plan, and
the plan is regularly tested.
Objective 3: Determine the quality of risk
management and support for Payment System Risk policy
1. Review policies and procedures in place to monitor customer
balances for outgoing payments to ensure payments are made against
collected funds or established intraday or overnight overdraft
limits and payments resulting in excesses of established
uncollected or overdraft limits are properly authorized.
2. Review a sample of contracts authorizing the institution to make
payments from customers' accounts to ensure they adequately set
forth responsibilities of the institution and the customer,
primarily regarding provisions of the Uniform Commercial Code
Article 4A (UCC4A) related to authenticity and timing of transfer
Objective 4: Determine the quality of risk management
and support for internal audit and the effectiveness of the
internal audit program for wholesale payment
1. Review the audit program to ensure all functions of the FTS
are covered. Consider:
2. Review a sufficient sample of supporting audit work papers
necessary to confirm that they support the execution of procedures
established in step 1 above.
3. Review all audit reports related to the FTS and determine the
current status of any exceptions noted in the audit report.
1. Determine the need to proceed to Tier II procedures for
additional validation to support conclusions related to any of the
Tier I objectives.
2. From the procedures performed, including any Tier II procedures
3. Review your preliminary conclusions with the EIC
4. Document your conclusions in a memo to the EIC that provides
report ready comments for all relevant sections of the FFIEC Report
of Examination and guidance to future examiners.
5. Organize work papers to ensure clear support for significant
findings and conclusions.