[Federal Register Volume 61, Number 20 (Tuesday, January 30, 1996)]
[Notices]
[Pages 3035-3039]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 96-1652]



-----------------------------------------------------------------------

FEDERAL RESERVE SYSTEM
[Docket No. R-0914]


Federal Reserve Payment System Risk Policy

AGENCY: Board of Governors of the Federal Reserve System.

ACTION: Policy statement.

-----------------------------------------------------------------------

SUMMARY: The Board has approved modifications to its Fedwire third-
party access policy that establish additional requirements applicable 
to third-party access arrangements involving a service provider located 
outside the United States (``foreign service provider''). On August 9, 
1995, the Board approved certain interim modifications to its Fedwire 
third-party access policy to clarify its applicability and to reduce 
the administrative burden of several provisions. At that time, the 
Board indicated the Federal Reserve Banks would not approve any new 
third-party access arrangements involving a foreign service provider, 
pending a review of the supervisory issues associated with such 
arrangements. The Board has completed its assessment and has modified 
its policy to address the conditions under which the Federal Reserve 
would consider approving foreign service provider arrangements. The 
revised policy is intended to ensure that the Federal Reserve's 
oversight of Fedwire is not diminished or inappropriately limited by 
the conduct of activity outside the United States and that the Federal 
Reserve's supervisory and examination objectives are met. In addition, 
the policy provides important safeguards to both depository 
institutions participating in third-party access arrangements and to 
the Reserve Banks. Among other things, the policy requires depository 
institutions to impose prudent controls over Fedwire funds transfers 
and Fedwire book-entry securities transfers initiated, received, or 
otherwise processed on their behalf by a third-party service provider.

EFFECTIVE DATE: February 1, 1996.


[[Page 3036]]

FOR FURTHER INFORMATION CONTACT: Jeff Stehm, Manager (202/452-2217) or 
Lisa K. Hoskins, Project Leader (202/452-3437), Fedwire Section, 
Division of Reserve Bank Operations and Payment Systems; or Howard 
Amer, Assistant Director (202/452-2958), Division of Banking 
Supervision and Regulation; for the hearing impaired only: 
Telecommunications Device for the Deaf, Dorothea Thompson (202/452-
3544).

SUPPLEMENTARY INFORMATION:

I. Background

    Fedwire is the large-value payment and securities settlement 
mechanism operated by the Federal Reserve Banks. Fedwire provides 
depository institutions with real-time gross settlement in central bank 
money of funds transfers and book-entry securities transfers made for 
their own account or on behalf of their customers. Typically, each 
depository institution that holds an account at the Federal Reserve 
processes its own transfers and accesses Fedwire directly. In some 
cases, however, a depository institution accesses Fedwire through a 
third-party access arrangement in which a service provider, acting as 
agent for a depository institution, initiates payments that are posted 
to the institution's account at the Federal Reserve. Third-party access 
arrangements are a form of outsourcing.1

    \1\Depository institutions use service providers to perform a 
number of functions, including customer accounting, check and 
automated clearing house (ACH) processing, and the processing and/or 
transmission of large-value funds and securities transfers. 
Depository institutions have increasingly viewed outsourcing 
arrangements as one way to reduce operating costs.
---------------------------------------------------------------------------

    In July 1987, the Board approved a set of conditions under which 
Fedwire third-party access arrangements could be established, as part 
of its payment system risk reduction policy (52 FR 29255, August 6, 
1987). The Board approved modifications to the policy in August 1995 
that clarified the scope and application of the policy and reduced the 
administrative burden of several provisions (60 FR 42418, August 15, 
1995). The scope of the original policy was silent on whether the 
service provider could be located outside the United States. Such 
arrangements raise certain supervisory issues, such as the ability of 
U.S. examiners to access relevant information, conduct on-site reviews 
of Fedwire operations, and exercise their enforcement authority. As a 
result, in August the Board broadened the scope of the policy to 
include third-party access arrangements involving an office of the 
participant located outside the United States that acts as a service 
provider, but indicated that new third-party arrangements involving a 
foreign service provider would not be approved by the Reserve Banks 
pending an assessment of the relevant supervisory issues.2

    \2\The Reserve Banks have not approved any foreign service 
provider arrangements, although several inquiries have been received 
during the last few years. In its August 1995 action, the Board 
required that any existing arrangement involving a foreign office of 
a Fedwire participant acting as a service provider be reported 
promptly to the participant's Reserve Bank. No such arrangements 
have been reported.
---------------------------------------------------------------------------

II. Provision-by-Provision Analysis

    The policy establishes conditions that a sending or receiving 
institution (``the participant'') must meet in order to designate 
another depository institution or other entity (``the service 
provider'') to initiate, receive, and/or otherwise process Fedwire 
funds transfers or Fedwire book-entry securities transfers that are 
posted to the participant's reserve or clearing account held at the 
Federal Reserve. These conditions include requirements that the 
participant have the ability to retain operational control of the 
credit-granting process, monitor transfer activity conducted on its 
behalf, and remain responsible for managing its Federal Reserve 
account. In addition, the participant is expected to comply with all 
requirements related to Fedwire access generally, such as encryption 
standards, as well as all applicable state and federal laws and 
regulations. The policy also requires a participant that uses an 
unaffiliated service provider to maintain adequate termination backup 
arrangements so that it can continue Fedwire operations if the third-
party access arrangement must be terminated.
    The policy also addresses certain supervisory concerns, including 
requirements for the participant to obtain an affirmative written 
statement from its primary supervisor(s) indicating that it does not 
object to the arrangement; the existence of an adequate audit program 
for the participant to review the arrangement and compliance with the 
Board's policy; and the requirement that the service provider be 
subject to examination by the appropriate federal depository 
institution regulatory agency(ies). Finally, the participant and the 
service provider(s) must execute an agreement with the relevant Reserve 
Bank(s) incorporating the policy's conditions.
    The Board has modified the policy to address the conditions that 
apply to Fedwire third-party access arrangements involving a service 
provider that is located outside the United States. In particular, 
foreign service provider arrangements are expected to comply with the 
same requirements as domestic service provider arrangements as well as 
meet some additional conditions with regard to information and 
examination access. Such arrangements will also be subject to review 
and concurrence by the Directors of the Board's Division of Reserve 
Bank Operations and Payment Systems and Division of Banking Supervision 
and Regulation. Taken together, these requirements are intended to 
ensure that the Federal Reserve's oversight of Fedwire is not 
diminished or inappropriately limited by the conduct of Fedwire 
activity outside the United States and that supervisory objectives can 
be met.3 The following discussion identifies those provisions of 
the Fedwire third-party access policy that have been revised and 
discusses how and why they differ from the current policy provisions.

    \3\The four primary examination objectives with regard to 
Fedwire are to 1) minimize systemic risk from payment activities, 2) 
identify weaknesses in payments operations that could jeopardize the 
condition of the depository institution, 3) ensure that proper 
records are available to assist law enforcement authorities pursuing 
illegal payments activities, and 4) minimize risk of loss to the 
Federal Reserve from a depository institution's payment activities 
that may result if a depository institution were to fail while in an 
overdraft position at the Federal Reserve.
---------------------------------------------------------------------------

A. Scope

Opening Paragraph (Unchanged)

    The Board will allow third-party access arrangements whereby a 
sending or receiving institution (``the participant'') designates 
another depository institution or other entity (``the service 
provider'') to initiate, receive, and/or otherwise process Fedwire 
funds transfers or book-entry securities transfers that are posted 
to the participant's reserve or clearing account held at the Federal 
Reserve, provided the following conditions are met:

Revised Footnote #1 to the Opening Paragraph

    This policy also applies to third-party access arrangements in 
which an organization, including an office of the participant, 
located outside the United States acts as service provider by 
initiating, receiving, or otherwise processing Fedwire transfers on 
behalf of the U.S. participant (``foreign service provider'') .

Previous Footnote #1 to the Opening Paragraph

    This policy applies to third-party access arrangements in which 
an office of the participant located outside the United States acts 
as service provider by initiating, receiving, or otherwise 
processing Fedwire transfers on behalf of the U.S. participant.

    The Board, in approving the August 1995 modifications to the 
policy, stated that no new third-party access 

[[Page 3037]]
arrangements involving a foreign service provider would be approved 
until an assessment of the supervisory issues associated with such 
arrangements was completed. As a result of that assessment, the revised 
policy applies to all arrangements where the service provider is 
located outside the United States. In applying the policy to 
arrangements involving foreign service providers, however, the Board 
recognizes that such arrangements should be subject to consultation and 
coordination with home country supervisors, on-site examination of 
foreign service providers, and the availability of and access to 
Fedwire records. To address these issues the Board expects that such 
arrangements will comply with the policy conditions applicable to 
domestic service provider arrangements and, in addition, meet the 
additional requirements applicable to arrangements involving a foreign 
service provider.

B. Audit Program

Revised Condition (#10)

    The participant must have in place an adequate audit program to 
review the arrangement at least annually to confirm that these 
requirements are being met. In addition, in the case of an 
arrangement involving a foreign service provider, both the 
participant and the foreign service provider must have in place an 
adequate audit program that addresses Fedwire operations. Audit 
reports in English must be made available to the Federal Reserve and 
the participant's primary supervisor(s) in the United States.

Previous Condition (#10)

    The participant must have in place an adequate audit program to 
review the arrangement at least annually to confirm that these 
requirements are being met.

    The revised condition requires that the Fedwire audit program of 
both the participant and the foreign service provider be an acceptable 
means to review and assess effectively, at least on an annual basis, 
the sufficiency of internal and data security controls, credit-granting 
processes, operational procedures and contingency arrangements, and 
compliance with applicable U.S. laws and regulations. This requirement 
is intended to maintain U.S. examiners' abilities to supervise 
effectively the Fedwire function and to ensure that it is managed in a 
safe and sound manner.

C. Examination of the Arrangement

Revised Condition (#11)

    In the case of a service provider located within the United 
States, the service provider must be subject to examination by the 
appropriate federal depository institution regulatory agency(ies). 
[Footnote: The U.S. federal depository institution regulatory 
agency(ies) must be able to examine any aspects of the service 
provider as may be necessary to assess the adequacy of the 
operations and financial condition of the service provider.]
    In the case of a service provider located outside the United 
States, the service provider must be subject to the supervision of a 
home country bank supervisor. In its review of a proposed foreign 
service provider arrangement, the Federal Reserve will consider the 
extent to which the service provider's home country supervisor 1) 
oversees banks on a consolidated basis, 2) is familiar with 
supervising payment systems activities, 3) is willing to examine the 
Fedwire operations at the service provider, and 4) has demonstrated 
a willingness to work closely with U.S. banking authorities in 
addressing supervisory problems. In addition, the home country 
supervisor, the participant, and the service provider must agree to 
permit the participant's primary supervisor(s) to conduct on-site 
reviews of the Fedwire operations at the foreign service provider. 
[Footnote: If a participant proposes to conduct its Fedwire 
processing at a foreign site outside the home country of the service 
provider, both the home country and host country supervisors would 
need to permit the participant's primary supervisor(s) to review the 
Fedwire operations.] The participant and the service provider must 
agree to make all policies, procedures, and other documentation 
relating to Fedwire operations, including those related to internal 
controls and data security requirements, available to the Federal 
Reserve and the participant's primary supervisor(s) in English.

Previous Condition (#11)

    The service provider must be subject to examination by the 
appropriate federal depository institution regulatory agency(ies). 
[Footnote: The U.S. federal depository institution regulatory 
agency(ies) must be able to examine any aspects of the service 
provider as may be necessary to assess the adequacy of the 
operations and financial condition of the service provider.]

    The revised condition provides the opportunity for the Federal 
Reserve and the participant's primary supervisor(s) to 1) assess the 
risks associated with the third-party access arrangement in the context 
of the service provider's home country's bank supervision program, 2) 
determine if it would be reasonable for the participant's primary 
supervisor(s) to depend, to some extent, on the home country supervisor 
to examine the Fedwire operation at the service provider, and 3) ensure 
that the participant's primary supervisor(s) has access to relevant 
Fedwire records. These conditions are intended to maintain U.S. 
examiners' ability to supervise effectively the Fedwire function and to 
ensure that it is managed in a safe and sound manner.
    In reviewing the arrangement in the context of the foreign service 
provider's home country supervision program, the Federal Reserve would 
carefully consider each of the four criteria contained in this portion 
of the modified policy. The Federal Reserve, however, will not grant 
approval to outsource Fedwire absent an affirmative implementing 
agreement with the home country supervisor.
    The Federal Reserve may also discuss other supervisory issues, such 
as home country laws and regulations that may limit examination access, 
with the particular home country supervisor prior to approving an 
arrangement involving a foreign service provider. With regard to 
proposals to outsource Fedwire processing to an unaffiliated foreign 
service provider, and in particular to an organization that is not a 
depository institution, the Federal Reserve would discuss with the home 
country supervisor issues related to the level of supervision and 
examination of the proposed service provider and other issues that 
could affect the risks associated with such an arrangement.

D. Review and Approval of Proposed Arrangements

Revised Condition (Closing Paragraph)

    The participant's Federal Reserve Bank is responsible for 
approving each proposed Fedwire third-party access arrangement. The 
Directors of the Board's Division of Reserve Bank Operations and 
Payment Systems and Division of Banking Supervision and Regulation 
must concur with a proposed arrangement (1) in which the participant 
is not affiliated through at least 80 percent common ownership with 
the service provider and where the participant is owned by one of 
the 50 largest bank holding companies (based on consolidated 
assets), or (2) in which the service provider is located outside the 
United States. Approval of a foreign service provider arrangement 
would be contingent on a review of both the participant's and the 
foreign service provider's Fedwire policies, procedures, and 
operations, which would be conducted by the Federal Reserve prior to 
the commencement of operations.

Previous Condition (Closing Paragraph)

    The Federal Reserve Bank is responsible for approving each 
proposed Fedwire third-party access arrangement. In a proposed 
arrangement in which the participant is not affiliated through at 
least 80 percent common ownership with the service provider and 
where the participant is owned by one of the 50 largest bank holding 
companies (based on consolidated assets), the Directors of the 
Division of Reserve Bank Operations and Payment Systems and the 
Division of Banking Supervision and Regulation must concur with the 
arrangement.

    The revised condition recognizes the potential risks associated 
with 

[[Page 3038]]
outsourcing Fedwire operations to a foreign service provider and the 
need for Board staff review and concurrence with such arrangements. 
Arrangements involving a foreign service provider warrant careful 
consideration in order to determine whether the proposed arrangement 
poses any undue risks and whether adequate supervisory oversight can be 
maintained. An infrastructure review is appropriate to confirm 
compliance with the Fedwire third-party access policy and other 
relevant policies and regulations. The infrastructure review also would 
permit the Federal Reserve to assess the adequacy of system integrity, 
controls and contingency arrangements, and would allow it to determine 
first hand whether information access issues pose unacceptable risks.

III. Effective Date

    The revised Fedwire third-party access policy becomes effective 
February 1, 1996.

IV. Competitive Impact Analysis

    The Board assesses the competitive impact of changes that may have 
a substantial effect on payment system participants. In particular, the 
Board assesses whether a proposed change would have a direct and 
material adverse effect on the ability of other service providers to 
compete effectively with the Federal Reserve Banks in providing similar 
services and whether such effects are due to legal differences or due 
to a dominant market position deriving from such legal differences.
    The Federal Reserve Banks' Fedwire funds transfer and book-entry 
securities transfer services provide real-time gross settlement in 
central bank money. While these services cannot be duplicated by 
private-sector service providers, banks can make large-dollar funds 
transfers through other systems, such as CHIPS, or through 
correspondent book transfers, although these transactions have 
attributes that differ from Fedwire transfers. Similarly, there are 
private-sector securities clearing and/or settlement systems, such as 
the Government Securities Clearing Corporation and the Participants 
Trust Company, that facilitate primary and secondary market trades of 
U.S. Treasury and agency securities. Other transactions involving U.S. 
government securities may be cleared and settled on the books of banks 
to the extent that the counterparties are customers of the same bank.
    The Board's third-party access policy places conditions on 
arrangements in which a Fedwire participant may contract with another 
organization to initiate, receive, or otherwise process Fedwire 
transfers. The Board has revised the policy to establish additional 
conditions applicable to depository institutions wishing to access 
Fedwire through a foreign service provider to ensure that the Federal 
Reserve's oversight of Fedwire is not diminished or inappropriately 
limited by the conduct of activity outside the United States and that 
the Federal Reserve's supervisory and examination objectives are met. 
Other large-dollar systems can and do place restrictions on the ability 
of participants to outsource their operations to foreign service 
providers. The Board's policy, as revised, does not adversely affect 
the ability of depository institutions or service providers to compete 
with the Federal Reserve Banks to provide funds transfer or securities 
transfer services.

V. Policy Statement

    The Board has amended its ``Federal Reserve System Policy Statement 
on Payments System Risk'' under the heading ``I. Federal Reserve 
Policy'' by replacing ``G. Fedwire Third-party Access Policy'' with the 
following:

G. Fedwire Third-Party Access Policy

    The Board will allow third-party access arrangements whereby a 
sending or receiving institution (``the participant'') designates 
another depository institution or other entity (``the service 
provider'') to initiate, receive, and/or otherwise process Fedwire 
funds transfers or book-entry securities transfers that are posted to 
the participant's reserve or clearing account held at the Federal 
Reserve, provided the following conditions are met:1

    \1\This policy also applies to third-party access arrangements 
in which an organization, including an office of the participant, 
located outside the United States acts as service provider by 
initiating, receiving, or otherwise processing Fedwire transfers on 
behalf of the U.S. participant (``foreign service provider'').
---------------------------------------------------------------------------

    1. The participant retains operational control of the credit-
granting process by (1) individually authorizing each funds or 
securities transfer, or (2) establishing individual customer transfer 
limits and a transfer limit for the participant's own activity, within 
which the service provider can act. The transfer limit could be a 
combination of the account balance and established credit limits. For 
the purposes of this policy, these arrangements are called ``line-of-
credit arrangements.''
    2. In funds transfer line-of-credit arrangements, the service 
provider must have procedures in place and the operational ability to 
ensure that a funds transfer that would exceed the established transfer 
limit is not permitted without first obtaining the participant's 
approval. In book-entry securities transfer line-of-credit 
arrangements, the service provider must have procedures in place and 
the operational ability to provide the participant with timely 
notification of an incoming transfer that exceeds the applicable limit 
and must act upon the participant's instructions to accept or reverse 
the transfer accordingly.
    3. Transfers will be posted to the participant's reserve or 
clearing account held at the Federal Reserve, and the participant will 
remain responsible for managing its Federal Reserve account, with 
respect to both its intraday and overnight positions. The participant 
must be able to monitor transfer activity conducted on its behalf.
    4. The participant's board of directors must approve the role and 
responsibilities of a service provider(s) that is not affiliated with 
the participant through at least 80 percent common ownership. In line-
of-credit arrangements, the participant's board of directors must 
approve the intraday overdraft limit for the activity to be processed 
by the service provider and the credit limits for any inter-affiliate 
funds transfers.2

    \2\In cases where a U.S. branch of a foreign bank wishes to be a 
participant in an arrangement subject to this policy, and its board 
of directors has a more limited role in the bank's management than a 
U.S. board, the role and responsibilities of the service provider 
should be reviewed by senior management at the foreign bank's head 
office that exercises authority over the foreign bank equivalent to 
the authority exercised by a board of directors over a U.S. 
depository institution.
---------------------------------------------------------------------------

    5. The Board expects all participants to ensure that their Fedwire 
operations could be resumed in a reasonable period of time in the event 
of an operating outage, consistent with the requirement to maintain 
adequate contingency backup capabilities as set forth in the 
interagency policy (FFIEC SP-5, July 1989). A participant is not 
relieved of such responsibility because it contracts with a service 
provider.
    6. In cases where the service provider is not affiliated with the 
participant through at least 80 percent common ownership, the 
participant must be able to continue Fedwire operations if the 
participant is unable to continue its service provider arrangement 
(e.g., in the event the Reserve Bank or the participant's primary 
supervisor terminates the service provider arrangement).
    7. The participant must certify that the arrangement is consistent 
with corporate separateness and does not violate branching 
restrictions. 

[[Page 3039]]

    8. The participant must certify that the specifics of the 
arrangement will allow the participant to comply with all applicable 
state and federal laws and regulations governing the participant, 
including, for example, retaining and making accessible records in 
accordance with the regulations adopted under the Bank Secrecy Act.
    9. The participant's primary supervisor(s) must affirmatively state 
in writing that it does not object to the arrangement.
    10. The participant must have in place an adequate audit program to 
review the arrangement at least annually to confirm that these 
requirements are being met. In addition, in the case of an arrangement 
involving a foreign service provider, both the participant and the 
foreign service provider must have in place an adequate audit program 
that addresses Fedwire operations. Audit reports in English must be 
made available to the Federal Reserve and the participant's primary 
supervisor(s) in the United States.
    11. In the case of a service provider located within the United 
States, the service provider must be subject to examination by the 
appropriate federal depository institution regulatory 
agency(ies).3

    \3\The U.S. federal depository institution regulatory 
agency(ies) must be able to examine any aspects of the service 
provider as may be necessary to assess the adequacy of the 
operations and financial condition of the service provider.
---------------------------------------------------------------------------

    In the case of a service provider located outside the United 
States, the service provider must be subject to the supervision of a 
home country bank supervisor. In its review of a proposed foreign 
service provider arrangement, the Federal Reserve will consider the 
extent to which the service provider's home country supervisor (1) 
oversees banks on a consolidated basis, (2) is familiar with 
supervising payment systems activities, (3) is willing to examine the 
Fedwire operations at the service provider, and (4) has demonstrated a 
willingness to work closely with U.S. banking authorities in addressing 
supervisory problems. In addition, the home country supervisor, the 
participant, and the service provider must agree to permit the 
participant's primary supervisor(s) to conduct on-site reviews of the 
Fedwire operations at the foreign service provider.4 The 
participant and the service provider must agree to make all policies, 
procedures, and other documentation relating to Fedwire operations, 
including those related to internal controls and data security 
requirements, available to the Federal Reserve and the participant's 
primary supervisor(s) in English.

    \4\If a participant proposes to conduct its Fedwire processing 
at a foreign site outside the home country of the service provider, 
both the home country and host country supervisors would need to 
permit the participant's primary supervisor(s) to review the Fedwire 
operations.
---------------------------------------------------------------------------

    12. The participant and the service provider(s) must execute an 
agreement with the relevant Reserve Bank(s) incorporating these 
conditions.
    The participant's Federal Reserve Bank is responsible for approving 
each proposed Fedwire third-party access arrangement. The Directors of 
the Board's Division of Reserve Bank Operations and Payment Systems and 
Division of Banking Supervision and Regulation must concur with a 
proposed arrangement (1) in which the participant is not affiliated 
through at least 80 percent common ownership with the service provider 
and where the participant is owned by one of the 50 largest bank 
holding companies (based on consolidated assets), or (2) in which the 
service provider is located outside the United States. Approval of a 
foreign service provider arrangement would be conditioned on 
satisfactory findings of a review of both the participant's and the 
foreign service provider's Fedwire policies, procedures, and 
operations, which would be conducted by the Federal Reserve prior to 
the commencement of operations.

    By order of the Board of Governors of the Federal Reserve 
System, January 24, 1996.
William W. Wiles,
Secretary of the Board.
[FR Doc. 96-1652 Filed 1-29-96; 8:45 am]
BILLING CODE 6210-01-P