Get In Tune With Third Parties:
Finding the harmonies between Third
Party Senders, Originators, and
Customers.
Marsha Jones
President
TPPPA
1 1
Brent Siegel
Vice President
Argos Risk
AGENDA/OUTLINE
•
•
•
•
•
•
Third-Party Sender vs. Third Party Payment Processors
The current regulatory environment and the keys to compliance
OPERATION CHOKEPOINT
Effective onboarding practices - KYC, KYCC, and nested senders
What to do if your TPS has a portfolio you are not comfortable with
Effective operational focus and controls: daily, periodic and annual
activities
• Servicing third party relationships
• Building a cross functional team - Identifying required resources and
expertise
2 2
2
THIRD-PARTY SENDERS
VS.
THIRD-PARTY PAYMENT
PROCESSORS
3 3
WHAT IS A TPPP?
• A Third-Party Payment Processor (TPPP) is a depository
customer of a bank that processes payments for other
companies (merchants) through its bank.
• TPPPs generally refers to processors that process ACH
and/or remotely created checks (RCC).
• The bank does not have a contractual relationship with the
TPPPs merchants.
4 4
4
WHAT IS A TPS?
• Third-Party Payment Processors are know as Third-Party
Senders in the ACH Network.
• Third-Party Senders generally process both debits and
credits.
• Virtually all Payroll Processors that provide direct deposit of
payroll are Third-Party Senders.
• Payroll Processors are considered Third-Party Payment
Processors outside of the ACH Network.
5 5
5
WHY ARE TPPP/TPS
CONSIDERED HIGH RISK?
• The bank is responsible for all payments it processes
through its routing number(s) and warrants the payments
are compliant, legitimate and properly authorized.
• Because the bank does not have a direct relationship with
the merchants, the bank must rely upon the TPPP to
perform critical compliance tasks that the bank would
otherwise do themselves if they had a direct relationship
with the merchant.
6 6
6
WHY ARE TPPP/TPS
CONSIDERED HIGH RISK?
• The bank must rely upon the TPPP to:
– Perform critical compliance obligations (BSA/AML,
Regulation E, UDDAP, ACH Rules compliance, etc.)
– Do adequate due diligence to ensure that the
merchant is not only complying with federal rules
and regulations, but with applicable state laws,
– manage and monitor their merchants, and
– identify, report and address suspicious activity.
7 7
7
WHAT IS NESTED TPPP/TPS?
• A nested TPPP relationship is when one TPPP
processes the payments of another TPPP.
• The primary TPPP does not have a contractual
relationship with the merchant originating the
payment.
• The bank does not have a contractual
relationship with the nested TPPP.
• This relationship poses substantially greater
risk.
8 8
8
OBLIGATIONS OF TPS
UNDER NACHA RULES
• Must perform due diligence on merchants and perform
annual reviews.
• Must have agreements with merchant that address
requirements stipulated in NACHA Rules.
• Must set exposure limits for merchants.
• Must monitor origination and return volume over
multiple settlement dates.
• Must ensure the merchant is aware of and complying
with the rules.
• Must perform annual ACH Rules Compliance Audit.
9 9
9
REGULATORY
ENVIRONMENT
1010
RULES & REGULATIONS
• Consumer Protection Top of Agenda
– CFPB
– FTC
– Financial Fraud Task Force Consumer Protection Working
Group
• Explosion of Regulatory Guidance
– FDIC
– OCC & FRB
– FinCEN
• Regulation and Rule Changes
– New NACHA Return Rates
– Restrictions on RCC
1111
11
OPERATION CHOKE
POINT
1212
OPERATION CHOKE POINT
• Inter-agency Consumer Protection initiative
lead by Department of Justice
– Financial Fraud Enforcement Task Force (2012)
• Inter-agency Information Sharing
• Targeting Fraud Against Consumers through
Banks and Processors
• FIRREA Subpoenas Issued to Banks and
Processors
– 3% Return Rate
1313
13
IMPACTS
• Subpoenas
– At least 50 Banks and Processors
• Settlements (so far)
– Four Oaks Bank
• Consent Orders
– BSA, Reputation Risk
• Lost Bank Relationships
– Processors
– High Risk Merchants
1414
14
CONGRESSIONAL RESPONSE
• House Oversight Committee
– Investigation and Hearings
• 850 pages of documents released
• House Financial Services
– Chairman Hensarling Letter to Regulators
• Subjectivity of Reputation Risk
– Bills to defund and stop OCP
– Hearings
• House Judiciary
– Hearing
1515
15
SUIT AGAINST REGULATORS
• CFSA and Advance America
– FDIC, OCC and Federal Reserve Bank
• Lawsuit declares
– Regulators actively supporting DOJ to exert backroom pressure on banks to terminate relationships
with legal payday lenders
– Agency action taken without observance of the
procedures required by law and exceed statutory
authority depriving targets of due process
– Clear attempt by federal agencies to circumvent the
law through regulation/guidance
1616
16
REVISED GUIDANCE
• FIL-41-2014 date July 28, 2014
• FDIC Clarifies Supervisory Approach to Institutions
Establishing Account Relationships with Third-Party
Payment Processors
• Ensure adequate due diligence, underwriting and
monitoring.
• Will not be criticized if following guidance.
• Encourages banks to serve their communities, will
not prohibit or discourage banks for providing
services to any customer operating in compliance
with applicable law.
• Removes all reference to High Risk Merchant List
1717
17
FINCEN ADVISORY
• FIN-2014-A007 dated August 11, 2014
• BSA/AML shortcomings have triggered
enforcement actions
• Seeks to highlight importance of strong
BSA/AML compliance for senior
management, leadership and owners of all
financial institutions regardless of size or
industry sector.
• Highlights general principals
1818
18
ADVISORY PRINCIPLES
• BSA/AML compliance culture should ensure
that:
– Leadership actively supports and understands
compliance efforts
– Efforts not compromised by revenue interests
– Information is shared with various departments
– Adequate resources are devoted to compliance
– Compliance program is effective and tested by
independent and competent party
– Leadership and staff understand purpose of
BSA/AML efforts and how its reporting is used.
1919
19
EFFECTIVE ONBOARDING: KYC, KYCC,
KYCCC, SENDERS AND
NESTED SENDERS
2020
EFFECTIVE COMPLIANCE
MANAGEMENT SYSTEMS
•
•
•
•
•
•
•
•
2121
21
Clearly defined program
Dedicated Compliance Officer with appropriate authority
Thorough Due Diligence process
Adequate systems to manage and monitor
Suspicious activity monitoring and reporting
Agreements
Documentation
Training
THREE “EASY” STEPS
• Investigate and Evaluate the Originator, Customer, Vendor
– KYC, KYCC, KYCCC, credit underwriting, mission criticality of the
vendor
• Model The Transactional Risk
– Risk profile of PPD vs CCD vs BOC vs X9
– Large credit, participated credit
– What if the vendor can’t deliver?
• Monitor the business and the transaction
– Does the business health predict ACH/credit/vendor risk?
2222
22
INVESTIGATE
GATHER DATA
2323
INVESTIGATE – GATHER DATA
• Who is the customer?
– Banked: Collect Internal Data
• Statements, tax returns, financials,
– Not Banked
• External Data: Quality, Quantity,
Consistency
• Credit-worthiness
– Would we loan them money?
•
•
•
•
2424
24
Industry Health
Competitive Health
Payment citizenship
Legal Process
INVESTIGATE - TPS
2525
25
INVESTIGATE
DATA QUALITY
2626
INVESTIGATE – GATHER DATA
• Due Diligence
– Who is the customer?
– What is their business?
– Current business relationship?
• Deposit history, loan activity, general ‘trends’
• Does the transaction seem reasonable?
– What if the “customer” is not banked by your FI?
• What do you request?
2727
27
INVESTIGATE - QUALITY
• Validation
– We found them…
• Good Address, Good Name
– Validate the legitimacy of the business
– Validate the health of the business
– Can we state without a doubt the business is
legit?
2828
28
INVESTIGATE
DATA QUANTITY
2929
INVESTIGATE – QUANTITY
• How much data do we need?
– Enough so that one additional report will not
change your decision
Impact of Having More Data Points
CREDIT SCORE
100
75
80
83
85
87
88
90
16
14
12
11
10
6
7
8
9
10
66
50
33
25
0
1
2
3
4
20
5
CREDIT REPORTS
Good Credit Firm
3030
30
Bad Credit Firm
INVESTIGATE
DATA CONSISTENCY
3131
INVESTIGATE – CONSISTENCY
What do you do when data is missing or understated?
KEY BUSINESS METRICS
3232
32
BUSINESS NAME
CONSISTENT
PAYMENT
AVERAGE
TRADE LIMIT
SIC CODE
ADDRESS
PAYMENT RISK
HIGH CREDIT
SIC CODE
DESCRIPTION
CREDIT RISK
SCORE
DAYS BEYOND
TERM
BUSINESS HEALTH
SCORE
DAYS BEYOND
TERM INDUSTRY
UNSECURED
TRADE LIMIT
NUMBER OF
EMPLOYEES
YEARS IN
BUSINESS
PHONE
INVESTIGATE - CONSISTENCY
3333
33
INVESTIGATE – CONSISTENCY
• Evaluate in
Comparison
– Is this customer
the riskiest?
– Least risky?
3434
34
MODEL
THE TRANSACTIONS
3535
MODEL TRANSACTION RISK – PEAK RISK
• Each ACH and RDC transaction has a risk profile
– PPD’s are different from BOC’s and POP’s
– Prefunding impacts risk
• Each ACH transaction can be scored for risk
–
–
–
–
Specific Risk based on SEC
Specific Risk based on the Value of the transaction
Specific Risk tied to that customer
Specific Risk tied to the relationship
• ACH Transactions interact with other transactions
in your book of business
3636
36
RISKY TRANSACTIONS
3737
37
MODEL THE EXPECTED RISK - SEC
ACH RDC Risk Profile
3838
38
MODEL THE EXPECTED RISK – FREQUENCY
3939
39
MODEL THE EXPECTED RISK –
EXPECTED VALUE (LIMIT)
Eliminate the spread
– Limit of $100,000
for average
transactions of
$1,000
4040
40
MODEL THE EXPECTED RISK – RETURNS
4141
41
MODEL THE EXPECTED RISK – RELATIONSHIP
4242
42
WHAT DO YOU DO WHEN
YOUR THIRD PARTY HAS
A PORTFOLIO YOU ARE
NOT COMFORTABLE
WITH?
4343
EVALUATE THE BUSINESS
Disqualify
4444
44
Restricted Business – By Code
X
High Risk Transaction Type
X
Portfolio Position – #1 in Risk
X
Business Credit – Low Score
X
Business Payment – Low Score
X
Lawsuits, Liens, Litigation
X
Enhanced Due Diligence
X
Business Credit – Moderate
X
Unknown Business Type
X
Transaction Type – Large Value
X
Executive Changes
X
INVESTIGATE - HRI
•
•
•
•
•
•
•
•
•
MSB’s
Consumer Financial Services
Payday Lenders
Short Term Lenders
Cash Advance Lenders
Title Lenders/Title Pawns
Pay Equity Loans
Deferred Payment Loans
Consumer Credit Counselors (typically forprofit)
• Consumer Collection Agencies
• Debt Consolidation Lenders
• Financial Planners
4545
45
•
Bi-Weekly Loan Payment Processors
•
•
•
•
•
•
•
Mortgage, installment, student, etc.
Consumer Finance Providers
Tax Preparation Firms
International Activity
3rd Party Payment Processors
Gaming Industry
Cash Intensive Businesses
• Jewelry, pawn, antiques, consignment, convenience,
scrap, etc.
• Medical Marijuana
• Firearms Dealers
• Tobacco Wholesalers
INVESTIGATE – RISKY INDUSTRIES
4646
46
INVESTIGATE – MSB’S
4747
47
INVESTIGATE - NEC
SIC Code 9999
•
•
•
•
•
•
4848
48
AJ Couch
Johnson, Johnson, and Johnson
Morrisen Hospitality
Applewood Street Corporation
White Star Min
Extanium
•
•
•
•
•
Hyper Rock, LLC
JB & JD & D
WLE Corporation
Curt Wonder Corporation
G U L R Inc.
RISK STANDARDS
TRIGGERING EVENTS
Data Point
Credit Downgrades
Low Risk to Moderate Risk
Moderate to High Risk
Notify Supervisor
Escalate
Legal
Small Claims
Tax Liens
Lawsuits – Corporate
Lawsuits Government
Regulatory Actions
Monitor
Activity based on Value
Escalate
Escalate
Escalate
Other Bank Business
Loan Defaults, Overdrafts
Staffing Changes
Senior Executives
Based on Position
News
Risk Related (i.e. Target)
Implement Fraud Plans
DO YOU HAVE AGREEMENTS THAT ALLOW FOR SANCTIONS INCLUDING FIRING?
4949
49
OPERATIONS,
CONTROLS, ACTIVITIES,
AND SERVICING THE
THIRD PARTY
5050
OPERATIONS, CONTROLS, ACTIVITIES AND
SERVICING THE THIRD PARTY
• Effective operational focus and controls:
daily, periodic and annual activities
• Servicing third party relationships
5151
51
OPERATIONS, CONTROLS…
• Daily Activities
– Monitor the Business
– Monitor the Transactions
• Respond to Changes
5252
52
FACT: AN ANNUAL REVIEW IS NOT MONITORING
You need surveillance, not a snapshot.
5353
53
EVALUATE THE BUSINESS AND THE TRANSACTIONS
ALERTS
5454
54
PERIODIC ACTIVITIES
• Review of Credit worthiness
– Comparison to prior period
• Monthly, Quarterly
– Ask for a list of clients
5555
55
OPERATIONS, CONTROLS….
Respond to Changes
– Lawsuits and Legal Processes
– Risk Profile Changes
– Corporate Staffing
– Bankruptcy
5656
56
ANNUAL ACTIVITIES
•
•
•
•
•
5757
57
Risk Assessment
Update required documentation
Is the customer still credit worthy
Is their business still what you thought it was
Any major changes in finances, leadership,
products, legal process
INVESTIGATE - BACKFILLING
Evaluation Totals
Evaluate your
existing book of
business
Total Customer Accounts
Account highlights:
Foreclosed properties - new owners
3
Inactive corp
4
Bankrupt Company
1
Money Service Businesses
1
Need additional info
70
Residential address
9
Unable to find
78
UPS PO Box
3
Total
5858
58
1057
166
EVALUATE
THE BUSINESS AND THE
TRANSACTION
5959
EVALUATE THE BUSINESS AND THE
TRANSACTION
Credit Score
•Years in Business
•Employees
•Payment Records
•Past Due Records
•Vendor Payment
Volatility
•Amount of Legal
Process
•Days Beyond
Terms
•Percentage of
Slow Pays
•Trade References
6060
60
Business
Health
Payment
Consistency
Terms
Consistency
•Timely Payments
•High Credit
Offered
•Multiple Trade
References
•Lawsuits, Liens,
Litigation
•Poor Industry
trends
•Challenging
Geography
•Declining Business
Scores
•Timely Payments
•Increased Credit
Offered
•Trade References
•Low Past Dues
•Legal Process
Filings
•Days Beyond
Terms
•More Slow
Payments
•Fewer Trade
References
•Payment Trends
•Increased Credit
offered
•More References
•Fewer Past Dues
•Slow Payments
•Increased slow or
negative payment
activity
•Fewer Trade
References
ACH Risk
•Origination
volume
•Frequency
•SEC type
•SEC Return Rates
•Industry Risk Class
•Temporal Risk
•Multiple
Settlements
•ACH Risk Index
•Average Volume
•Peak Risk
BUILDING A CROSS
FUNCTIONAL TEAM
6161
CROSS FUNCTIONAL TEAM
•
•
•
•
•
6262
62
Credit
Deposit/Treasury Management/Operations
IT
Compliance/BSA/AML
Sales and Marketing
CONTACT THE PRESENTERS
CONTACT
PHONE
EMAIL
LOCATION
Brent Siegel, Vice President
(952) 314-2095
[email protected]
4600 W 77th Street, Suite 375
Edina, MN 55435
Visit us at www.argosrisk.com
6363
63