The full text on this page is automatically extracted from the file linked above and may contain errors and inconsistencies.
Federal R eserve Bank
OF DALLAS
TO N Y J . SALV A G G IO
FtR S T V IC E PR E S ID E N T
J « AS
7 5 2 6 5 -5 90 6
February 23, 1996
Notice 96-23
TO:
The Chief Operating Officer of
each financial institution in the
Eleventh Federal Reserve District
SUBJECT
Modifications to the
Fedwire Third-Party Access Policy
DETAILS
The Board of Governors of the Federal Reserve System has approved policy
modifications to address Fedwire third-party access arrangements involving a service
provider that is located outside the United States.
In general, foreign service provider arrangements would be subject not only
to the conditions applicable to domestic service provider arrangements, but also several
additional conditions related to information and examination access. These incremental
requirements are intended to ensure that the Federal Reserve’s oversight of Fedwire is
not diminished or inappropriately limited by activity conducted outside the United States
and that the Federal Reserve’s supervisory objectives are met.
These changes became effective February 1, 1996.
ATTACHMENT
A copy of the Board’s notice (Federal Reserve System Docket No. R-0914) is
attached.
MORE INFORMATION
For more information, please contact Nancy Barton at (214) 922-6746. For
additional copies of this Bank’s notice, please contact the Public Affairs Department at
(214) 922-5254.
Sincerely,
For additional copies, bankers and others are encouraged to use one o f the following toll-free numbers in contacting the Federal
Reserve Bank o f Dallas: Dallas O ffice (800) 333 -4460; El Paso Branch Intrastate (800) 592-1631, Interstate (800) 351-1012; H ouston
Branch Intrastate (800) 392-4162, Interstate (800) 221-0363; San A ntonio Branch Intrastate (800) 292-5810.
This publication was digitized and made available by the Federal Reserve Bank of Dallas' Historical Library (FedHistory@dal.frb.org)
FEDERAL RESERVE SYSTEM
[Docket No. R-0914]
Federal Reserve Payment System Risk Policy
AGENCY:
Board of Governors of the Federal Reserve System.
ACTION:
Policy statement.
SUMMARY: The Board has approved modifications to its Fedwire third-party access
policy that establish additional requirements applicable to third-party access
arrangements involving a service provider located outside the United States ("foreign
service provider"). On August 9, 1995, the Board approved certain interim
modifications to its Fedwire third-party access policy to clarify its applicability and to
reduce the administrative burden of several provisions. At that time, the Board
indicated the Federal Reserve Banks would not approve any new third-party access
arrangements involving a foreign service provider, pending a review of the supervisory
issues associated with such arrangements. The Board has completed its assessment
and has modified its policy to address the conditions under which the Federal Reserve
would consider approving foreign service provider arrangements. The revised policy is
intended to ensure that the Federal Reserve’s oversight of Fedwire is not diminished
or inappropriately limited by the conduct of activity outside the United States and that
the Federal Reserve's supervisory and examination objectives are met. In addition,
the policy provides important safeguards to both depository institutions participating in
third-party access arrangements and to the Reserve Banks. Among other things, the
policy requires depository institutions to impose prudent controls over Fedwire funds
transfers and Fedwire book-entry securities transfers initiated, received, or otherwise
-
2
-
processed on their behalf by a third-party service provider.
EFFECTIVE DATE: February 1, 1996
FOR FURTHER INFORMATION CONTACT:
Jeff Stehm, Manager (202/452-2217) or
Lisa K. Hoskins, Project Leader (202/452-3437), Fedwire Section, Division of Reserve
Bank Operations and Payment Systems; or Howard Amer, Assistant Director
(202/452-2958), Division of Banking Supervision and Regulation;
for the hearing impaired only: Telecommunications Device for the Deaf, Dorothea
Thompson (202/452-3544).
SUPPLEMENTARY INFORMATION:
I. Background
Fedwire is the large-value payment and securities settlement mechanism
operated by the Federal Reserve Banks. Fedwire provides depository institutions with
real-time gross settlement in central bank money of funds transfers and book-entry
securities transfers made for their own account or on behalf of their customers.
Typically, each depository institution that holds an account at the Federal Reserve
processes its own transfers and accesses Fedwire directly. In some cases, however,
a depository institution accesses Fedwire through a third-party access arrangement in
which a service provider, acting as agent for a depository institution, initiates payments
that are posted to the institution’s account at the Federal Reserve. Third-party access
arrangements are a form of outsourcing.1
1
Depository institutions use service providers to perform a number of functions,
including customer accounting, check and automated clearing house (ACH)
(continued...)
-
3
-
In July 1987, the Board approved a set of conditions under which
Fedwire third-party access arrangements could be established, as part of its payment
system risk reduction policy (52 FR 29255, August 6, 1987). The Board approved
modifications to the policy in August 1995 that clarified the scope and application of
the policy and reduced the administrative burden of several provisions (60 FR 42418,
August 15, 1995). The scope of the original policy was silent on whether the service
provider could be located outside the United States. Such arrangements raise certain
supervisory issues, such as the ability of U.S. examiners to access relevant
information, conduct on-site reviews of Fedwire operations, and exercise their
enforcement authority. As a result, in August the Board broadened the scope of the
policy to include third-party access arrangements involving an office of the participant
located outside the United States that acts as a service provider, but indicated that
new third-party arrangements involving a foreign service provider would not be
approved by the Reserve Banks pending an assessment of the relevant supervisory
issues.2
’ (...continued)
processing, and the processing and/or transmission of large-value funds and securities
transfers. Depository institutions have increasingly viewed outsourcing arrangements
as one way to reduce operating costs.
2
The Reserve Banks have not approved any foreign service provider
arrangements, although several inquiries have been received during the last few
years. In its August 1995 action, the Board required that any existing arrangement
involving a foreign office of a Fedwire participant acting as a service provider be
reported promptly to the participant’s Reserve Bank. No such arrangements have
been reported.
-
4
-
II. Provision-by-Provislon Analysis
The policy establishes conditions that a sending or receiving institution
("the participant") must meet in order to designate another depository institution or
other entity ("the service provider") to initiate, receive, and/or otherwise process
Fedwire funds transfers or Fedwire book-entry securities transfers that are posted to
the participant's reserve or clearing account held at the Federal Reserve. These
conditions include requirements that the participant have the ability to retain
operational control of the credit-granting process, monitor transfer activity conducted
on its behalf, and remain responsible for managing its Federal Reserve account. In
addition, the participant is expected to comply with all requirements related to Fedwire
access generally, such as encryption standards, as well as all applicable state and
federal laws and regulations. The policy also requires a participant that uses an
unaffiliated service provider to maintain adequate termination backup arrangements so
that it can continue Fedwire operations if the third-party access arrangement must be
terminated.
The policy also addresses certain supervisory concerns, including
requirements for the participant to obtain an affirmative written statement from its
primary supervisor(s) indicating that it does not object to the arrangement; the
existence of an adequate audit program for the participant to review the arrangement
and compliance with the Board’s policy; and the requirement that the service provider
be subject to examination by the appropriate federal depository institution regulatory
agency(ies). Finally, the participant and the service provider(s) must execute an
-
5
-
agreement with the relevant Reserve Bank(s) incorporating the policy’s conditions.
The Board has modified the policy to address the conditions that apply to
Fedwire third-party access arrangements involving a service provider that is located
outside the United States. In particular, foreign service provider arrangements are
expected to comply with the same requirements as domestic service provider
arrangements as well as meet some additional conditions with regard to information
and examination access. Such arrangements will also be subject to review and
concurrence by the Directors of the Board’s Division of Reserve Bank Operations and
Payment Systems and Division of Banking Supervision and Regulation. Taken
together, these requirements are intended to ensure that the Federal Reserve’s
oversight of Fedwire is not diminished or inappropriately limited by the conduct of
Fedwire activity outside the United States and that supervisory objectives can be met.3
The following discussion identifies those provisions of the Fedwire third-party access
policy that have been revised and discusses how and why they differ from the current
policy provisions.
A. Scope
3
The four primary examination objectives with regard to Fedwire are to 1)
minimize systemic risk from payment activities, 2) identify weaknesses in payments
operations that could jeopardize the condition of the depository institution, 3) ensure
that proper records are available to assist law enforcement authorities pursuing illegal
payments activities, and 4) minimize risk of loss to the Federal Reserve from a
depository institution’s payment activities that may result if a depository institution were
to fail while in an overdraft position at the Federal Reserve.
-
6
-
Opening Paragraph (unchanged):
The Board will allow third-party access arrangements whereby a sending or
receiving institution ("the participant") designates another depository institution
or other entity ("the service provider") to initiate, receive, and/or otherwise
process Fedwire funds transfers or book-entry securities transfers that are
posted to the participant’s reserve or clearing account held at the Federal
Reserve, provided the following conditions are met:
Revised Footnote #1 to the Opening Paragraph:
This policy also applies to third-party access arrangements in which an
organization, including an office of the participant, located outside the United
States acts as service provider by initiating, receiving, or otherwise processing
Fedwire transfers on behalf, of the U.S. participant ("foreign service provider") .
Previous Footnote #1 to the Opening Paragraph:
This policy applies to third-party access arrangements in which an office of the
participant located outside the United States acts as service provider by
initiating, receiving, or otherwise processing Fedwire transfers on behalf of the
U.S. participant.
The Board, in approving the August 1995 modifications to the policy,
stated that no new third-party access arrangements involving a foreign service
provider would be approved until an assessment of the supervisory issues associated
with such arrangements was completed. As a result of that assessment, the revised
policy applies to all arrangements where the service provider is located outside the
United States. In applying the policy to arrangements involving foreign service
providers, however, the Board recognizes that such arrangements should be subject
to consultation and coordination with home country supervisors, on-site examination of
foreign service providers, and the availability of and access to Fedwire records. To
address these issues the Board expects that such arrangements will comply with the
policy conditions applicable to domestic service provider arrangements and, in
-
7
-
addition, meet the additional requirements applicable to arrangements involving a
foreign service provider.
B. Audit Program
Revised Condition (#10)
The participant must have in place an adequate audit program to review the
arrangement at least annually to confirm that these requirements are being met.
In addition, in the case of an arrangement involving a foreign service provider,
both the participant and the foreign service provider must have in place an
adequate audit program that addresses Fedwire operations. Audit reports in
English must be made available to the Federal Reserve and the participant's
primary supervisor(s) in the,United States.
Previous Condition (#10)
The participant must have in place an adequate audit program to review the
arrangement at least annually to confirm that these requirements are being met.
The revised condition requires that the Fedwire audit program of both the
participant and the foreign service provider be an acceptable means to review and
assess effectively, at least on an annual basis, the sufficiency of internal and data
security controls, credit-granting processes, operational procedures and contingency
arrangements, and compliance with applicable U.S. laws and regulations. This
requirement is intended to maintain U.S. examiners’ abilities to supervise effectively
the Fedwire function and to ensure that it is managed in a safe and sound manner.
C. Examination of the Arrangement
Revised Condition (#11)
In the case of a service provider located within the United States, the service
provider must be subject to examination by the appropriate federal depository
institution regulatory agency(ies). rFootnote: The U.S. federal depository
institution regulatory agencv(ies) must be able to examine any aspects of the
service provider as may be necessary to assess the adeguacv of the operations
-
8
-
and financial condition of the service provider.]
In the case of a service provider located outside the United States, the service
provider must be subject to the supervision of a home country bank supervisor.
In its review of a proposed foreign service provider arrangement, the Federal
Reserve will consider the extent to which the service provider’s home country
supervisor 1) oversees banks on a consolidated basis, 2) is familiar with
supervising payment systems activities, 3) is willing to examine the Fedwire
operations at the service provider, and 4) has demonstrated a willingness to
work closely with U.S. banking authorities in addressing supervisory problems.
In addition, the home country supervisor, the participant, and the service
provider must agree to permit the participant’s primary supervisor(s) to conduct
on-site reviews of the Fedwire operations at the foreign service provider.
fFootnote: If a participant proposes to conduct its Fedwire processing at a
foreign site outside the home country of the service provider, both the home
country and host country supervisors would need to permit the participant's
primary supervisor(s) to review the Fedwire operations.] The participant and
the service provider must agree to make all policies, procedures, and other
documentation relating to Fedwire operations, including those related to internal
controls and data security requirements, available to the Federal Reserve and
the participant's primary supervisor(s) in English.
Previous Condition (#11)
The service provider must be subject to examination by the appropriate federal
depository institution regulatory agency(ies). fFootnote: The U.S. federal
depository institution regulatory agencv(ies) must be able to examine any
aspects of the service provider as may be necessary to assess the adeguacy of
the operatiens and financial condition of the service prpvider.1
The revised condition provides the opportunity for the Federal Reserve
and the participant's primary supervisor(s) to 1) assess the risks associated with the
third-party access arrangement in the context of the service provider's home country’s
bank supervision program, 2) determine if it would be reasonable for the participant’s
primary supervisor(s) to depend, to some extent, on the home country supervisor to
examine the Fedwire operation at the service provider, and 3) ensure that the
participant's primary supervisor(s) has access to relevant Fedwire records. These
-
9
-
conditions are intended to maintain U.S. examiners’ ability to supervise effectively the
Fedwire function and to ensure that it is managed in a safe and sound manner.
In reviewing the arrangement in the context of the foreign service
provider’s home country supervision program, the Federal Reserve would carefully
consider each of the four criteria contained in this^ portion of the modified policy. The
Federal Reserve, however, will not grant approval to outsource Fedwire absent an
affirmative implementing agreement with the home country supervisor.
The Federal Reserve may also discuss other supervisory issues, such as
home country laws and regulations that may limit examination access, with the
particular home country supervisor prior to approving an arrangement involving a
foreign service provider. With regard to proposals to outsource Fedwire processing to
an unaffiliated foreign service provider, and in particular to an organization that is not
a depository institution, the Federal Reserve would discuss with the home country
supervisor issues related to the level of supervision and examination of the proposed
service provider and other issues that could affect the risks associated with such an
arrangement.
D. Review and Approval of Proposed Arrangements
Revised Condition (Closing Paragraph)
The participant's Federal Resen/e Bank is responsible for approving each
proposed Fedwire third-party access arrangement. The Directors of the Board’s
Division of Reserve Bank Operations and Payment Systems and Division of
Banking Supervision and Regulation must concur with a proposed arrangement
1) in which the participant is not affiliated through at least 80 percent common
ownership with the service provider and where the participant is owned by one
of the 50 largest bank holding companies (based on consolidated assets), or 2)
in which the service provider is located outside the United States. Approval of
-
10
-
a foreign service provider arrangement would be contingent on a review of both
the participant’s and the foreign service provider’s Fedwire policies, procedures,
and operations, which would be conducted by the Federal Reserve prior to the
commencement of operations.
Previous Condition (Closing Paragraph)
The Federal Reserve Bank is responsible for approving each proposed Fedwire
third-party access arrangement. In a proposed arrangement in which the
participant is not affiliated through at least 80 percent common ownership with
the service provider and where the participant is owned by one of the 50 largest
bank holding companies (based on consolidated assets), the Directors of the
Division of Reserve Bank Operations and Payment Systems and the Division of
Banking Supervision and Regulation must concur with the arrangement.
The revised condition recognizes the potential risks associated with
outsourcing Fedwire operations to a foreign service provider and the need for Board
staff review and concurrence with such arrangements. Arrangements involving a
foreign service provider warrant careful consideration in order to determine whether
the proposed arrangement poses any undue risks and whether adequate supervisory
oversight can be maintained. An infrastructure review is appropriate to confirm
compliance with the Fedwire third-party access policy and other relevant policies and
regulations. The infrastructure review also would permit the Federal Reserve to
assess the adequacy of system integrity, controls and contingency arrangements, and
would allow it to determine first hand whether information access issues pose
unacceptable risks.
III. Effective Date
The revised Fedwire third-party access policy becomes effective
February 1, 1996.
IV. Competitive Impact Analysis
-11
-
The Board assesses the competitive impact of changes that may have a
substantial effect on payment system participants. In particular, the Board assesses
whether a proposed change would have a direct and material adverse effect on the
ability of other service providers to compete effectively with the Federal Reserve
Banks in providing similar services and whether such effects are due to legal
differences or due to a dominant market position deriving from such legal differences.
The Federal Reserve Banks' Fedwire funds transfer and book-entry
securities transfer services provide, real-time gross settlement in central bank money.
While these services cannot be duplicated by private-sector service providers, banks
can make large-dollar funds transfers through other systems, such as CHIPS, or
through correspondent book transfers, although these transactions have attributes that
differ from Fedwire transfers. Similarly, there are private-sector securities clearing
and/or settlement systems, such as the Government Securities Clearing Corporation
and the Participants Trust Company, that facilitate primary and secondary market
trades of U.S. Treasury and agency securities. Other transactions involving U.S.
government securities may be cleared and settled on the books of banks to the extent
that the counterparties are customers of the same bank.
The Board’s third-party access policy places conditions on arrangements
in which a Fedwire participant may contract with another organization to initiate,
receive, or otherwise process Fedwire transfers. The Board has revised the policy to
establish additional conditions applicable to depository institutions wishing to access
Fedwire through a foreign service provider to ensure that the Federal Reserve’s
-
12
-
oversight of Fedwire is not diminished or inappropriately limited by the conduct of
activity outside the United States and that the Federal Reserve's supervisory and
examination objectives are met. Other large-dollar systems can and do place
restrictions on the ability of participants to outsource their operations to foreign service
providers. The Board's policy, as revised, does not adversely affect the ability of
depository institutions or service providers to compete with the Federal Reserve Banks
to provide funds transfer or securities transfer services.
V. Policy Statement
The Board has amended its "Federal Reserve System Policy Statement
on Payments System Risk" under the heading "I. Federal Reserve Policy" by replacing
"G. Fedwire Third-party Access Policy" with the following:
G. Fedwire Third-Party Access Policy
The Board will allow third-party access arrangements whereby a sending
or receiving institution ("the participant") designates another depository institution or
other entity ("the service provider") to initiate, receive, and/or otherwise process
Fedwire funds transfers or book-entry securities transfers that are posted to the
participant’s reserve or clearing account held at the Federal Reserve, provided the
following conditions are met:1
1
This policy also applies to third-party access arrangements in which an
organization, including an office of the participant, located outside the United States
acts as service provider by initiating, receiving, or otherwise processing Fedwire
transfers on behalf of the U.S. participant ("foreign service provider").
-
1.
13
-
The participant retains operational control of the credit-granting process by (1)
individually authorizing each funds or securities transfer, or (2) establishing
individual customer transfer limits and a transfer limit for the participant’s own
activity, within which the service provider can act. The transfer limit could be a
combination of the account balance and established credit limits. For the
purposes of this policy, these arrangements are called "line-of-credit
arrangements."
2.
In funds transfer line-of-credit arrangements, the service provider must have
procedures in place and the operational ability to ensure that a funds transfer
that would exceed the established transfer limit is not permitted without first
obtaining the participant's approval. In book-entry securities transfer line-ofcredit arrangements, the service provider must have procedures in place and
the operational ability to provide the participant with timely notification of an
incoming transfer that exceeds the applicable limit and must act upon the
participant’s instructions to accept or reverse the transfer accordingly.
3.
Transfers will be posted to the participant's reserve or clearing account held at
the Federal Reserve, and the participant will remain responsible for managing
its Federal Reserve account, with respect to both its intraday and overnight
positions. The participant must be able to monitor transfer activity conducted
on its behalf.
4.
The participant’s board of directors must approve the role and responsibilities of
a service provider(s) that is not affiliated with the participant through at least 80
-
14
-
percent common ownership. In line-of-credit arrangements, the participant’s
board of directors must approve the intraday overdraft limit for the activity to be
processed by the service provider and the credit limits for any inter-affiliate
funds transfers.2
5.
The Board expects all participants to ensure that their Fedwire operations couid
be resumed in a reasonable period of time in the event of an operating outage,
consistent with the requirement to maintain adequate contingency backup
capabilities as set forth in the interagency policy (FFIEC SP-5, July 1989). A
participant is not relieved of such responsibility because it contracts with a
service provider.
6.
In cases where the service provider is not affiliated
with the participant through
at least 80 percent common ownership, the participant must be able to continue
Fedwire operations if the participant is unable to continue its service provider
arrangement (e.g., in lh e event the Reserve Bank or the participant’s primary
supervisor terminates the service provider arrangement).
7.
The participant must certify that the arrangement is
consistent with corporate
separateness and does not violate branching restrictions.
8.
The participant must certify that the specifics of the
arrangement will allow the
2
In cases where a U.S. branch of a foreign bank wishes to be a participant in an
arrangement subject to this policy, and its board of directors has a more limited role in
the bank's management than a U.S. board, the role and responsibilities of the service
provider should be reviewed by senior management at the foreign bank's head office
that exercises authority over the foreign bank equivalent to the authority exercised by
a board of directors over a U.S. depository institution.
-
15
-
participant to comply with all applicable state and federal laws and regulations
governing the participant, including, for example, retaining and making
accessible records in accordance with the regulations adopted under the Bank
Secrecy Act.
9.
The participant's primary supervisor(s) must affirmatively state in writing that it
does not object to the arrangement.
10.
The participant must have in place an adequate audit program to review the
arrangement at least annually to confirm that these requirements are being met
In addition, in the case of an arrangement involving a foreign service provider,
both the participant and the foreign service provider must have in place an
adequate audit program that addresses Fedwire operations. Audit reports in
English must be made available to the Federal Reserve and the participant's
primary supervisor(s) in the United States.
11.
In the case of a service provider located within the United States, the service
provider must be subject to examination by the appropriate federal depository
institution regulatory agency(ies).3
In the case of a service provider located outside the United States, the service
provider must be subject to the supervision of a home country bank supervisor.
In its review of a proposed foreign service provider arrangement, the Federal
Reserve will consider the extent to which the service provider’s home country
3
The U.S. federal depository institution regulatory agency(ies) must be able to
examine any aspects of the sen/ice provider as may be necessary to assess the
adequacy of the operations and financial condition of the service provider.
-
16
-
supervisor 1) oversees banks on a consolidated basis, 2) is familiar with
supervising payment systems activities, 3) is willing to examine the Fedwire
operations at the service provider, and 4) has demonstrated a willingness to
work closely with U.S. banking authorities in addressing supervisory problems.
In addition, the home country supervisor, the participant, and the service
provider must agree to permit the participant's primary supervisor(s) to conduct
on-site reviews of the Fedwire operations at the foreign service provider.4 The
participant and the service provider must agree to make all policies,
procedures, and other documentation relating to Fedwire operations, including
those related to internal controls and data security requirements, available to
the Federal Reserve and the participant's primary supervisor(s) in English.
12.
The participant and the service provider(s) must execute an agreement with the
relevant Reserve Bank(s) incorporating these conditions.
The participant's Federal Resen/e Bank is responsible for approving each
proposed Fedwire third-party access arrangement. The Directors of the Board's
Division of Reserve Bank Operations and Payment Systems and Division of Banking
Supervision and Regulation must concur with a proposed arrangement 1) in which the
participant is not affiliated through at least 80 percent common ownership with the
service provider and where the participant is owned by one of the 50 largest bank
4
If a participant proposes to conduct its Fedwire processing at a foreign site
outside the home country of the service provider, both the home country and host
country supervisors would need to permit the participant's primary supervisor(s) to
review the Fedwire operations.
-
17
*
holding companies (based on consolidated assets), or 2) in which the service provider
is located outside the United States. Approval of a foreign service provider
arrangement would be conditioned on satisfactory findings of a review of both the
participant’s and the foreign service provider’s Fedwire policies, procedures, and
operations, which would be conducted by the Federal Reserve prior to the
commencement of operations.
By order of the Board of Governors of the Federal Reserve System,
January 24, 1996.
(signed) William
'
William W. Wiles,
Secretary of the Board.
[FR Doc. 96-00000 Filed 00-00-96; 8:45 am]
BILLING CODE 6210-01-P
@FedFRASER