Jump to Navigation

Dreher Tomkies LLP
Attorneys at Law
2750 Huntington Center
41 South High Street
Columbus, Ohio 43215
Telephone (614) 628-8000
Fax (614) 628-1600



Law Digests Online!
Home
Firm Overview
Practice Areas
Attorney Profiles
Alerts
Multistate Digests
Articles
Representative Clients
Resource Links
Firm Brochure
Contact Us
Save to My Favorites
Print this page
Alerts Contextual Image

OCC ISSUES RISK MANAGEMENT GUIDELINES RELATING TO PROCESSORS

The Office of the Comptroller of the Currency issued a Bulletin addressing potential risks associated with payment processors and guidance for managing these risks. OCC Bulletin 2008-12, April 12, 2008. The OCC identified two areas of bank responsibility related to relationships with entities that process payments for merchant clients. The two areas are due diligence and monitoring.

The OCC stated that it supports national banks' participation in payment systems to serve the needs of legitimate processors and the customers of such processors and to diversify sources of revenue. However, the OCC cautioned national banks to limit potential risk to banks and consumers by implementing risk management programs that include appropriate oversight and controls commensurate with the risk and complexity of the activities.

The OCC instructed banks to consider carefully legal and reputation risks and to be aware of signs of fraud or unlawful activity, such as higher incidence of unauthorized returns or chargebacks or processing through multiple banks. The OCC stated that controls should be more rigorous for higher-risk processors and merchants, such as telemarketers. The OCC explained that although some processors may process transactions for reputable telemarketing merchants, these merchants in aggregate have displayed a much higher incidence of unauthorized returns or chargebacks, which is often indicative of fraudulent activity. Banks should verify directly or through the processor that the merchant is operating a legitimate business. At a minimum, the OCC directed that bank risk management programs should verify the legitimacy of the processor's business operations, assess the bank's risk level and monitor processor relationships for activity indicative of fraud.

The OCC pointed out that banks also must develop compliance programs under the Bank Secrecy Act/Anti-Money Laundering statutes, requirements that are generally not applicable to processors.

Please let us know if you have any questions or would like a copy of the bulletin.

Elizabeth Anstaett and Darrel Dreher