AGENCY:

Board of Governors of the Federal Reserve System.

ACTION:

Policy statement.

SUMMARY:

The Board is eliminating the requirements for establishing Fedwire third-party access arrangements from its Policy Statement on Payments System Risk.

EFFECTIVE DATE:

April 9, 2001.

FOR FURTHER INFORMATION CONTACT:

Paul Bettge, Associate Director (202-452-3174), or Sue Harris, Senior Financial Services Analyst (202-452-3490), Division of Reserve Bank Operations and Payment Systems.

SUPPLEMENTARY INFORMATION:Start Printed Page 19166

I. Background

Fedwire is the large-value payment and securities settlement mechanism operated by the Federal Reserve Banks. Fedwire provides depository institutions with real-time gross settlement of funds transfers and book-entry securities transfers made for their own account or on behalf of their customers. Typically, depository institutions with Federal Reserve accounts originate their own funds and book-entry transfers by accessing Fedwire directly. In some cases, however, a depository institution enters into an agreement in which a service provider, acting as agent for the depository institution, initiates transfers that are posted to the institution's account at the Federal Reserve.

In July 1987, the Board approved a set of conditions under which Fedwire third-party access arrangements could be established, as part of its payment system risk reduction policy (52 FR 29255, August 6, 1987). The Board allows institutions meeting the conditions to establish third-party access arrangements whereby a sending or receiving institution (“the participant”) designates another depository institution or other service provider to initiate, receive, or otherwise process Fedwire funds transfers or book-entry securities transfers that are posted to the participant's account at the Federal Reserve. The Board modified the policy in August 1995 to clarify its applicability and to reduce the administrative burden of some of its provisions (60 FR 42418, August 15, 1995).

The policy requires depository institutions to impose prudent controls over Fedwire funds transfers and book-entry securities transfers initiated, received, or otherwise processed on their behalf by a third-party service provider. The participant must retain control over the credit granting process, must monitor its own Federal Reserve account position, and must maintain adequate audit and contingency backup capabilities. As a part of obtaining prior approval from the Federal Reserve, the institution must also obtain a written “no objection” letter from its primary supervisor.

In January 1996, the Board modified the policy to address explicitly third-party access arrangements involving service providers located outside the United States. (61 FR 3035, January 30, 1996). Foreign service providers are subject to additional requirements, such as making audit reports available in English and submitting to on-site reviews by the depository institution's primary U.S. supervisor.

II. Discussion

The Federal Reserve's experience with the Fedwire third-party access policy indicates that such access, when properly managed by depository institutions, poses little additional risk to the Federal Reserve. Third-party access arrangements have neither adversely affected the ability of depository institutions to manage their daylight overdrafts nor increased risk to the Federal Reserve. The Board has found no evidence to suggest that outsourcing Fedwire transactions leads to a higher incidence of Federal Reserve account-management problems. As a result, the Board has determined that a specific policy addressing Fedwire third-party access is no longer necessary, and that the administrative burden imposed on institutions associated with the procedural requirements of the policy warrant its revocation at this time.

As part of the ongoing supervisory process, banking organizations are expected to address and manage risks that may arise out of Fedwire operations, including its outsourcing. The Board's supervisory guidance on outsourcing, which addresses both domestic and foreign arrangements, lays out basic supervisory expectations for outsourcing of Fedwire and other information- and transaction-processing activities by banking organizations supervised by the Federal Reserve. Fedwire outsourcing arrangements will continue to be reviewed as appropriate during the normal supervisory process.^[1] Risk management controls for Fedwire outsourcing arrangements contained in interagency examination procedures, which will be revised as necessary to reflect elimination of the pre-approval requirements of the third-party access policy, will continue to be addressed to the extent necessary during risk-focused examinations.^[2]

Upon rescission of the third-party access policy, depository institutions will no longer be required to obtain formal approval from the Federal Reserve to engage in Fedwire third-party service provider arrangements, but they will continue to communicate requests for any related operating changes to the Reserve Bank. The depository institution and the service provider will be required to submit to the Federal Reserve a written authorization for the service provider to access the depository institution's account. The authorization also acknowledges the depository institution's responsibility for the management of its Federal Reserve account and requires the service provider to indicate the location from which it will provide the services.^[3] The current approval process for establishing Fedwire third-party access arrangements will be eliminated upon rescission of the policy:

• Participants will no longer be required by the Federal Reserve to obtain a “no objection” letter from their primary supervisor before outsourcing Fedwire operations.
• The Federal Reserve will no longer require the existing warranties, certifications, and authorizations as a condition of approval of Fedwire outsourcing arrangements. For example, the participant no longer must certify that the arrangement is consistent with corporate separateness and does not violate branching restrictions. The existing letter of authorization will be replaced by the authorization described above.
• Participants will no longer be required to certify to the Federal Reserve that they have established certain operating procedures, audit plans, and contingency plans in advance of establishing a Fedwire third-party access arrangement.
• The Federal Reserve will no longer require certain additional controls and reviews prior to the establishment of arrangements involving foreign service providers and service providers that are not affiliated with the participant.

The Board is therefore rescinding the Fedwire third-party access policy, part I, section G of the Federal Reserve Policy Statement on Payments System Risk.^[4] The Federal Reserve continues to expect that institutions implement prudent controls over outsourced Fedwire operations. In addition, the Board or the Reserve Banks may provide federal and state banking agencies with information regarding outsourcing of Fedwire activities of supervised institutions to facilitate ongoing supervisory review.

Footnotes