On August 20, the Office of the Comptroller of Currency (OCC) released an updated booklet providing guidance to examiners and bankers on assessing and managing the risks associated with merchant processing activities. The booklet replaces the earlier version issued in December 2001. The booklet addresses a variety of topics including:[list line=”no” style=”style3″]
- Selection of third-party organizations and due diligence.
- Technology service providers.
- On-site inspections, audits, and attestation engagements, including the “Statement on Standards for Attestation Engagement” (SSAE 16) and the “International Standard on Assurance Engagements” (ISAE 3402).
- Data security standards in the payment card industry for merchants and processors.
- member alert to control high-risk merchants (MATCH) list.
- Bank Secrecy Act/Anti-Money Laundering compliance programs and appropriate policies, procedures, and processes to monitor and identify unusual activity.
- Appropriate capital for merchant processing activities.