The Federal Financial Institutions Examination Council (FFIEC) members today issued a revised Retail Payment Systems booklet, which is part of the FFIEC Information Technology Examination Handbook (IT Handbook). The update consists of the addition of a new appendix, Appendix E: Mobile Financial Services.
The Retail Payment Systems booklet contains guidance to assist examiners in evaluating financial institution and third-party provider management of the risks associated with retail payment systems. Appendix E contains guidance pertaining to mobile financial services risks that supplements existing booklet guidance on other retail payment topics, such as electronic payments related to credit cards and debit cards, remote deposit capture and changes in technology of retail payment systems.
Mobile financial services are the products and services that a financial institution provides to its customers through mobile devices. Appendix E focuses on the risks associated with mobile financial services and emphasizes an enterprise-wide risk management approach to effectively manage and mitigate those risks. It also contains a separate set of work-program objectives to assist the examiner in determining the state of risk and controls at an institution or third party providing mobile financial services. Financial institution management should also find this guidance helpful.
This appendix addresses the following:
- Mobile financial services technologies.
- Risk identification.
- Risk measurement.
- Risk mitigation.
- Monitoring and reporting.
The IT Handbook is available at http://ithandbook.ffiec.gov/.