You might not know it because you only feel stressed when you get to work, but research from University College in London finds the level of stress hormones are 34% higher in white collar worker saliva on Monday mornings than on Sunday mornings. Speculation from the research is that people begin to anticipate a stressful week ahead once they arrive at work and that sounds about right to us as well. Speaking of stress levels and risk, the regulators just released another significant update and guidance for bankers that give customer's access to money electronically.
In general, regulators are warning banks to understand the increased risk when you give customers access to advanced functionality where the customer can spend and withdraw funds from multiple sources electronically. The regulatory definition of "prepaid access" covers a broad swath of devices that include reloadable cards, payroll cards, government benefit cards, international funds transfers, card-to-card funds transfers, retail gift cards, mobile phones and Internet sites.
Problems arise because the same flexibility and attractiveness these cards offer also compounds security risk. Prepaid access devices give customers easy, anonymous access to funds but that increases the risk of fraud and money laundering. It also makes it more difficult for banks to identify criminal transactions. Things get even worse when banks use third party service providers to deliver customers prepaid access, because it is often outside the banking system and is used as an unregulated alternative to more traditional bank accounts.
As such, regulators want bankers to absolutely make sure they have a comprehensive risk management program. Features of such programs should include: clearly defined objectives, expectations, and risk limits for the products offered; policies and procedures; a due diligence process for selecting third-party service providers; a process for monitoring performance, fraud losses, and suspicious activity; proper disclosures; strong audit and compliance functions; and parameters for reporting to the Board to periodically evaluate management's effectiveness and ensure the program is achieving stated objectives.
In addition, regulators warn bankers to be sure any such programs have properly evaluated objectives and risks. Banks are expected to have conducted a complete product risk assessment; how it fits the overall strategy; have Board review and approval; and a cost-benefit analysis. Risk limits need to be established and data should be captured to ensure staff has enough expertise to launch such a program. Operations, IT, audit, compliance and legal areas should all review and opine on the program as part of this process. Banks should also set qualitative and quantitative performance benchmarks to evaluate success of the product and explain variances (to detect any adverse trends in a timely manner). Finally, as with any new product line, you have to know the exit strategy, so take the time up front to set triggers that would result in management taking action to change or discontinue the program.
In closing, we would caution banks against being complacent about this issue just because this update came from the OCC (so it only applies to national banks). Regulators everywhere are concerned about these risks and cooperation among regulatory agencies has accelerated strongly since the crisis. As such, while not explicitly stated, we would venture to say all examination teams regardless of agency will review this area closely the next time they visit. Now you know, so there is no reason to stress.