To All Depository Institutions and Others Concerned in the Second Federal Reserve District:
In a press release, the Federal Financial Institutions Examinations Council (FFIEC) issued revised guidance for examiners, financial institutions, and technology service providers on the risks associated with retail payment systems.
The Retail Payment Systems Booklet provides guidance on the risks and risk-management practices applicable to financial institutions' retail payment system activities, including checks, card-based electronic payments, and other electronic payment media such as person-to-person, Electronic Benefits Transfer, and the Automated Clearinghouse.
Financial institutions face many challenges as they continue to foster innovation. These challenges are a source of increased risk to institutions and require greater diligence to ensure the confidentiality of information, system and data integrity, system availability, and regulatory compliance. Retail payment system activities require careful planning for coordinated strategies between IT and business units, strong internal controls, and ongoing monitoring. The Retail Payment Systems Booklet includes guidance and examination procedures to evaluate the quality of risk management related to these risks and activities in financial institutions and technology service providers.
This booklet is the latest in a series of updates to the 1996 FFIEC Information Systems Examination Handbook (Handbook). The FFIEC is updating the Handbook to address significant changes in technology since 1996 and to incorporate a risk-based examination approach. The updates are being issued in separate booklets that will ultimately replace all chapters of the Handbook and comprise the new FFIEC Information Technology Examination Handbook. Future booklets will address wholesale payment systems, outsourcing technology services, management, computer operations, and systems development and acquisition.
The booklets are being distributed electronically and are available on the FFIEC website.
Assistant Vice President
Operational Risk Department