New Banking Agency Guidance on Mobile Financial Services FFIEC Appendix E

Similar documents
Social Media and Financial Services: Convergence or Collision?

Financial Institutions and Social Media: Regulatory Review

Presenter: Aaron N. Colby

Mobile banking and payments: What are the US rules?

PLAINSCAPITAL BANK APPLE PAY TERMS AND CONDITIONS - BUSINESS

HELLENIC CONFEDERATION OF COMMERCE&ENTREPRENEURSHIP

SecuRe Pay recommendations for the security of mobile payments

Measuring digital advertising revenue to infringing sites

Thomson Reuters: Anti-Money Laundering Survey Insights

Additional Terms & Conditions for Use of Apple Pay to Supplement Your Interactive Brokers Debit Mastercard Cardholder Agreement

SafeNet Authentication Service:

By agreeing to these Terms and Conditions, you represent the following:

Compliance for the Digital Institution: Online Account Opening & Loan Application Considerations Louisiana Bankers Association Executive Management

No digitalization without risks

Mobile and Contactless Payments Requirements and Interactions

WebSphere Business Integration Collaborations Reference guide. Integrate business processes across your company and beyond.

Turning PSD2 Challenges into Business Opportunities.

APPLE PAY TERMS & CONDITIONS

Third Party Risk Security Insights and Program Updates

Data rich governance. Three keys to leading consumer data and information practices. kpmg.com

Shine a light on media accountability

Smart City Payment Solution

When the hard-to-reach become your preferred customers. Finc / the offering which addresses financial inclusion challenges

Hub. Human Trust Protocol. An introduction

Are your brokerage feeds putting your firm at risk? June 2018

Securing Enterprise Social Media and Mobility Apps

Enterprise risk management for consumer products companies

Digital Passport. Transforming SME banking through customer-permissioned data exchange

Guidance for the use of SSNs by State Government Entities

IBM Maximo Asset Health Insights Version 7 Release 6. Installation Guide IBM

Self-Service...Enhance, Retain and Attract! Jan Estep President, Elan ATM/Debit Services

MODEL STATE LEGISLATION

Defining and promoting excellence in the provision of mobile money services

CHART OF ACCOUNTS SETUP

Proxama PIN Manager. Bringing PIN handling into the 21 st Century

Ad Tech Ecosystems and Challenges. Pooja Nayak VP, Director for Ad Tech

The Executive Buying Guide to Employee Self-Service

Fraud Controls to Tackle the Mobile Revolution

The Executive Buying Guide to Employee Self-Service

Tokenization: The Future of Payments

IBM TRIRIGA Version 10 Release 5. Facility Assessment User Guide IBM

An all-in-one risk management platform delivering fraud detection, transactions screening and customer due diligence capabilities

Mobile & Online Banking

WHITE PAPER. Revenue Opportunities Created by Open APIs

Federal Identity, Credential, and Access Management Trust Framework Solutions. Overview

APPENDIX A. Audit Findings Report. For the Year ended March 31, 2016

Online Bill Payment and Presentment Quick Start Guide. By Paul A. Murphy Author of Banking Online for Dummies

Transforming authentication for a digital age

LOYALTY MANAGEMENT FOR RETAIL

API Gateway Digital access to meaningful banking content

How Safe Are Mobile Payments? MAC Webinar

WHO S GOT IT? WHO GETS IT?

Certified Regional Partner Program Overview

TABLE OF CONTENTS. The Definitive Guide To SaaS Solutions For The Insurance Industry EXECUTIVE OVERVIEW... 3

HCE Driving NFC: From Idea to Reality to Ubiquity. Mobey Day October 7/8, 2014

MoneyTap smartphone application powered by Ripple s blockchain technology

Believe in a higher level of IT Security SECUDE Business White Paper. How to Improve Business Results through Secure Single Sign-on to SAP

MILLICOM S POLICY FOR LAW ENFORCEMENT ASSISTANCE AND MAJOR EVENTS

A Crossmatch Identity Management Product

Consumer and Mobile RDC Risk Management

IT portfolio management template

INTERTANKO. Payment Performance System (PPS) Together we can make a difference

EARLY DETECTION OF ADVANCED PERSISTENT THREATS IN THE PAYMENTS SECTOR

FINACLE SERVICES: API MANAGEMENT USING CA API GATEWAY

MOBILE (NFC) SOLUTIONS

FIS Global Retail Payments. Centralize your enterprise with ONE trusted partner.

The State of Mobile Security in CIO Executive Interview

What is an Untrustworthy Supply Chain Costing the U.S. Digital Advertising Industry? An Overview

OPTIMISING CUSTOMER EXPERIENCE IN INDIA & SOUTH EAST ASIA

An Incentivization Platform Built For Community Building And Content Sharing On Blockchain. Version 2.0

RSM TECHNOLOGY ACADEMY elearning Syllabus and Agenda RETAIL POS SETUP FOR MICROSOFT DYNAMICS AX

Elements of a Successful Compliance Management System and Vendor Management Rules of the Road

TOKENIZATION OF A PHYSICAL DEBIT OR CREDIT CARD FOR PAYMENT

EUROPEAN UNION PRIVACY NOTICE

The Race to Maximize Returns with Open API: A Payments Perspective

With Aruba Central, you get anywhere-anytime access to ensure that your network is up and performing efficiently.

IBM Sales Performance Management Sales Planning

Creating a Risk Intelligent Enterprise: Risk governance

Transaction Based Usage Costs

Social Media Guidelines: King County 1

IBM Tealeaf Customer Experience on Cloud

They re Back! Phase 2 OCR Audits Are Underway

Privacy Statement. Information We Collect

esocket POS Integrated POS solution Knet

14. E-Commerce Applications and Infrastructures

IT EXAMS TOP 5 CITATIONS. Top 5 citations LOUISIANA BANKERS ASSOCIATION TECHNOLOGY CONFERENCE Policy and Risk Assessment 2.

IBM Tealeaf Customer Experience on Cloud

Thinking of changing your TMS?

The new revenue standard

Appendix State of the Industry Report on Mobile Money

Aptos Payment and Secure Data Management

Covering Your Assets: Payment Landscape and Technology

Hiren Majmudar Vice President, Intel Capital Austin, TX

PREDICTIVE INTELLIGENCE SECURITY, PRIVACY, AND ARCHITECTURE

New Payments Platform. A Technical Overview

UL retail solutions. End-to-end supply chain management

Data Standards in Oil & Gas

WHITE PAPER. REVENUE OPPORTUNITIES CREATED BY OPEN APIs. Venkataraman Durghados IBS Open APIs Solution Architect

BOSS REVOLUTION RETAILER PORTAL TERMS & CONDITIONS

Big risks require big data thinking: EY Forensic Data Analytics (FDA), powered by IBM

Transcription:

New Banking Agency Guidance on Mobile Financial Services FFIEC Appendix E Andy Lorentz, Partner ACI Emerging Payment Systems Conference San Francisco July 28, 2016

Context 2

More context 3

FFIEC Appendix E: Mobile Financial Services Roadmap for risk management and mitigation for financial institutions providing mobile financial services (MFS) Emphasizes enterprise-wide risk management to manage and mitigate risks (including third party service providers) Appendix addresses: MFS technologies Risk identification Risk measurement Risk mitigation Monitoring and reporting FFIEC Retail Payment Systems Handbook, Appendix E (Apr. 29, 2016) 4

MFS Technologies Short message service (SMS)/text messaging Mobile-enabled Web sites and browsers Mobile applications Wireless payment technologies Near field communication (NFC) Image-based Carrier-based Mobile P2P 5

Risk Identification and Measurement Strategic Operational Compliance Reputation Categories of Risk MFS presents particular concerns due to degree of customer control, number of access points, and presence of third parties Measurement Measure potential risks across all applicable risk categories Prioritize results to determine appropriate controls for the services provided Ongoing process that is updated whenever management implements a change to the strategy or MFS 6

Risk Mitigation (overview) Management should mitigate identified risks by implementing effective controls across the institution MFS requires the coordinated and secure exchange of information among several unrelated entities (application developers, mobile network operators, device manufacturers, specialized security firms and other nonfinancial third-party service providers) General operational controls an FI should consider include enrollment, authentication and authorization controls (user and application), application development and distribution, application security, contracts, customer awareness, and logging and monitoring 7

Operational Risk Mitigation SMS Technology Functionality limitations, token and PIN usage and customer awareness Mobile-Enabled Web Sites and Mobile Applications Focus is on developers (Web-site and application design, testing and employing tools) and customers/users (education, training and security awareness) Mobile Payments Traffic filtering to help prevent or minimize denial-of-service attacks Trusted platform modules Secure telecommunications protocols Tokenization and encryption Anti-malware software Authentication controls of both the user and application 8

Compliance and Reputation Risk Mitigation Compliance Risk Mitigation Ongoing review and assessment of MFS offerings Management to consult with compliance, legal and training staff Disclosures Policies and procedures Legal and regulatory changes Reputation Risk Mitigation Management to adopt appropriate and effective controls over customer information accessed, transmitted or stored to minimize or prevent disclosure of personal information and the potential for fraudulent transactions 9

Monitoring and Reporting Performance monitoring systems to assess whether MFS is meeting expectations Include limits on the level of acceptable risk exposure of management and the board Identify specific objectives and performance criteria, including quantitative benchmarks Periodically compare actual results with projections and qualitative benchmarks Modify the business plan, when appropriate, based on the performance of the MFS Reports Content structured to meet the needs of the various levels of management Addresses point-in-time as well as trend activity for both individual customers and mobile channel activities Emphasize the volume of activity from the onset and reports on changes in usage/volume Document the various demographic and industry sectors served and monitor changes 10

Conclusion : Be careful what you wish for 11

because MFS is a complex ecosystem. Source: PwC, Blurred lines: How FinTech is shaping Financial Services, Global FinTech Report (March 2016) 12

and guidance may slow (or divert) innovation. Mobile phones are prevalent among unbanked and underbanked Curbed innovation and slower implementation by banks Increasing doption of mobile financial services Compliance costs increase for banks Increasing (?) security and privacy risks Detailed policies and procedures created for banks Regulators provide detailed guidance to banks 13

THANK YOU! Andrew J. Lorentz andrewlorentz@dwt.com 202.973.4232 www.paymentlawadvisor.com 14

DWT Disclaimer This presentation is a publication of Davis Wright Tremaine LLP. Our purpose in making this presentation is to inform our clients and friends of recent legal developments. It is not intended, nor should it be used, as a substitute for specific legal advice as legal counsel may only be given in response to inquiries regarding particular situations. Attorney advertising. Prior results do not guarantee a similar outcome. Davis Wright Tremaine, the D logo, and Defining Success Together are registered trademarks of Davis Wright Tremaine LLP. 2015 Davis Wright Tremaine LLP. 30067109v2 15

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback