“There’s no wrong or right answer to how a financial institution mitigates its risk, because it’s so individualized to the institution and their clients. Risk is not isolated to one specific control; it is more complicated.
The issue arises, particularly with credit risk, when you have a system that has a certain configuration. You have a file limit, daily limit, weekly, and/or monthly limit. You have a customer or member who wants to originate ACH, and they're approving a dollar amount, and the dollar amount is, let's say, $100,000. But what does that mean? Is it $100,000 a day? Is it $100,000 a file? Is it $100,000 a week? Those details make a huge difference in your institution’s exposure. To address them, you have to ask, is that dollar amount actually representative of what the Originator's doing? Your controls should be tailored to that particular requirement to limit your exposure.
We, as auditors, look to details like this to determine if an FI is effectively managing its risk. Most often, our recommendations point to policies and procedure. So, let's say, for example, the policy says one thing and the procedure does another. The recommendation is to make sure everything aligns. Because as long as your policies and procedures align with what you're doing, you can justify them, and you know why and how you’re doing things, you're fine.
Risk mitigation is complicated for every FI, but you’re not operating in a silo. If you have a question, call us. If you have a concern, ask us. SFE’s Payments Hotline is like the Bat Phone. We will respond immediately and help you figure out the best ways to mitigate your risk and exposure.”
-- David Payne, AAP, CIA, CFSA, Senior VP, Payments Risk & Compliance
To ensure your financial institution addresses inherent risks and remains in compliance, consider engaging SFE’s expert team for your annual ACH Audit and Risk Assessment. And, to learn about the latest fraud trends and how to mitigate your risk, join us for our Virtual Fraud Symposium, taking place Thursday, October 16, from 9AM – 3PM Central.