Archive for July 28, 2011
OCC Guidance: Third Party Service Providers in Prepaid Access Programs
On June 28, 2011, the OCC issued a bulletin titled “Description: Risk Management Guidance and Sound Practices” with respect to use of third party service providers for prepaid access programs (the Bulletin).
The Bulletin provides guidance on the risk management expectations of the OCC with respect to all prepaid programs, but especially for banks using third party service providers for their prepaid access programs. While the Bulletin is not binding per se, there is near certainty that the OCC will be examining banks based on the guidance provided in the Bulletin.
The Bulletin sets forth several areas of guidance, including:
- Objectives and risk parameters (including risk limits, program objectives and reporting, performance criteria, and board review of the program)
- Policies, procedures and due diligence (including acceptable and well understood policies and procedures, an exit strategy, detailed evaluation of the selection, and oversight of third party service providers). This section of the Bulletin also contains a complete list of required contract terms.
- Audit and compliance functions (including adequate personnel, testing of accounts with respect to fee disclosures, testing of BSA/AML and OFAC compliance)
- Parameters for reporting to the Board of Directors
While most of the general topics within the Bulletin were generally known to be areas where the OCC has previously indicated are areas of concern, the Bulletin drills down further into those areas with specific procedures and requirements that were not previously known or that were not previously a common practice within the industry. As a result, all banks regulated by the OCC which issue or sell payroll cards, gift cards or general spend prepaid cards should carefully review the Bulletin and begin implementation of the procedures and requirements contained within the Bulletin.
Even for banks that do not issue or sell prepaid cards, or are not national banks, the guidance offers insight into the expectations of the bank regulators on managing risk.
