In its recently issued Financial Institution Letter, FIL-3-2012, the Federal Deposit Insurance Corporation (“FDIC”) updated the agency’s November 2008 guidance on the potential risks to insured depository institutions of payment processor relationships. The updated guidance is in response to the increased number of deposit relationships between insured institutions and payment processors utilizing institutions’ deposit accounts to process payments for third-party merchants and, in some cases, other payment processors.
The FDIC guidance addresses bank relationships with companies that process payments for a wide variety of entities, including telemarketers, online businesses, and other types of merchants. A particular emphasis of the newly issued guidance relates to FDIC expectations regarding how institutions should be monitoring and mitigating risks arising from these relationships, as well as due diligence efforts necessary to understand the underlying risks related to payment processor relationships with merchants, as well as other payment processors that a processor may service.
While focused on depository institution payment processor relationships, FIL-3-2012 highlights a number of important regulatory and supervisory issues presented by the intersection of traditional bank products and services with rapidly evolving payment systems practices and technologies, including card-based, internet and electronic funds transfers, and other emerging e-commerce and mobile payment systems products and services. The FDIC guidance presents important insights for insured institutions with respect to a wide variety of third-party relationship management issues. These issues are important to insured institutions, entities that utilize institution products and services in dealing with third parties, and vendors providing or managing third-party relationship products and services for or through insured institutions.