This action might not be possible to undo. Are you sure you want to continue?
Is there a policies and procedures manual containing adequate written policies and procedures to cover tasks and activities related to ATM operations? Is the assignment of duties and responsibilities described in written job descriptions? Is there an organization chart in existence showing how positions fit into the Bank's hierarchy? Is there adequate cross training of job responsibilities for ATM operations and activities? Are employees required to take five consecutive vacation days or absences each calendar year? Yes No W.P.
General 1. Are there procedures in place to identify and monitor any active terminal (i.e., with an open cash order) that has not received processor credits for a number of days? Are there monitoring procedures in place to ensure that cash orders are closed in a timely manner? Are there procedures in place to identify, monitor, and investigate ATM’s that have multiple open cash orders? Is there a procedure to remind armored couriers that the ATM terminal combination is changed at the time that the armored courier begins servicing the terminal? Is there a process in place to monitor/report those instances when a bailee exceeds their approved vault cash limit?
ATM Settlements and Account Reconcilements 1. 2. 3. Are reconcilements of general ledger accounts and DDA Settlement accounts prepared on a periodic basis (at least monthly)? Are reconciling differences researched and resolved in a timely manner? Does management periodically review and approve the general ledger and DDA Settlement account reconcilements?
3. Clearly supported by readily identifiable source data? Prepared and submitted on a timely basis? Bailment Funding 1. funding. funding. authorization. billing and reconcilement functions? Are there established approval criteria for new bailment relationships? . terminal settlement. billing and reconcilement functions? Are ATM terminals periodically (i. 2. terminal settlement. Is there adequate segregation of duties between the approval. 5. funding. billing. 4. Is there adequate segregation of duties between the approval.ATM NETWORK/CARD PRODUCTION OPERATIONS INTERNAL CONTROL QUESTIONNAIRE PAGE 2 4. terminal settlement. and reconcilement functions? Is the funding process controlled/authorized by the Bank? Are bailment funds that are awaiting pickup by the armored courier deposited at a FDIC insured institution in a Bank owned account? Do the correspondent banks only release funds upon instructions from an authorized Associiate? Are there adequate controls in place to ensure that a terminal is not funded in excess of the insured amount? 2. Is there adequate segregation of duties between the approval. minimum monthly) settled by an armored courier? Does the Bank receive documentation from the armored courier to evidence their settlement of the ATM terminal? Are procedures sufficient to address those instances where there is an overage/ shortage of funds to settle a cash order? Are ATM terminals utilizing the cash add method of funding required to have a cash swap on a periodic basis? Contracts 1. 5.. and reconcilement functions? Are General Ledger entries: • • Yes No W. authorization. Bailment Settlements 1. 5.e. 2. 4. Is there adequate segregation of duties between the approval. authorization.P. funding. 3. terminal settlement. billing. authorization.
Is there a review to ensure that there is adequate insurance coverage maintained by the armored couriers? Is there a review to ensure that the Bank is listed as loss payee on the insurance policies? Are there procedures to ensure that all new ATM terminals have evidence of insurance coverage prior to their first funding? If the Bank is offering “ATM Insurance” to bailees. Is there a management approval hierarchy based upon bailment limit? Is there established contract documentation requirements that have been approved by management? Yes No W. 12. 13.ATM NETWORK/CARD PRODUCTION OPERATIONS INTERNAL CONTROL QUESTIONNAIRE PAGE 3 3. 15.P. 14. Is there an annual due diligence review of existing bailment relationships? Is there an approval procedure for armored couriers? Is there an annual due diligence review performed on armored couriers? Is there an approval procedure for Processors prior to their utilization? Is there a tracking system for missing/expiring documentation? Is there a review to ensure that there is adequate insurance coverage maintained by the bailees? 11. 4. is the policy up-to-date? Has the Bank provided the insurance agent the quarterly listings as .
4.ATM NETWORK/CARD PRODUCTION OPERATIONS INTERNAL CONTROL QUESTIONNAIRE PAGE 4 required under the “self insured” policy offered by the Bank? 16. Is there adequate segregation of duties between the approval. 7. 7. 3. 5. 6. Do the bank's procedures indicate a willingness to resolve customer complaints regarding EFT matters? Do customer statements indicate that transaction identifications are in compliance with Regulation E? Do automated teller machine receipts provide a clear description of the transaction that is in compliance with Regulation E? Does the bank maintain a log or tracking schedule for error resolution? Are customer disputes handled timely and in a manner in accordance to Regulation E? Does the bank provide the customer with full Regulation E disclosure prior to the first EFT transaction or at the time a consumer contracts for an EFT service? Is the Bank in compliance with the Record Retention standards outlined in Regulation E? Does the Bank ensure that all new ATM terminals purchased have the features required by the American with Disabilities Act (ADA) and are installed in compliance with ADA? 2. billing and reconcilement functions? Are billings calculated in compliance with contractual stipulations? Are customer statements reviewed for accuracy prior to mailing? Have warehousing entries been established for receivables and monthly liabilities? Are procedures in place to ensure the timely collection of all bailment fees? Are procedures in place to ensure the timely remittance of payments? Are there procedures in place to ensure that TIN number are being obtained for ISO/merchants and provided to the Controller’s Department? _________________ Regulation E and American with Disabilities Act 1. terminal settlement. 3. 6.P. 4. 5. authorization. Are proper holds maintained on security accounts? Is there a procedure to periodically monitor security account balances? Does the Bank’s policy prohibit the “leasing” of ATM terminals? Billing 1. Are security accounts properly established and proper amounts maintained according to vault cash limit/outstandings? Yes No W. 8. 2. . funding.
ATM (WSFS) Physical Security Standards and ATM Service Charges 1. Has a system been devised whereby service and maintenance personnel can respond to an ATM call in a timely manner? Is down time monitored and evaluated to identify potential problems and instances where maintenance is required? Are the ATM's adequately covered by a maintenance contract(s)? Is compensation for after hour service properly approved prior to payment? 3. Does the Bank’s Funds Availability Disclosure inform the customer as to when funds deposited at a proprietary ATM will be available? When funds at a non-proprietary ATM will be available? Is the Bank’s Funds Availability Disclosure provided to the Bank’s customer at the time that the customer contracts for their ATM access card? Yes No W. 3. 2. 4. System Reliability and After Hours Maintenance 1. 3. Are procedures adequate to ensure that monthly amortization amounts are properly set-up for new ATM’s purchased? Are procedures adequate to ensure that installation costs are reasonable and properly expensed? Are procedures in place to ensure that supporting purchase/sales orders on “held for sale” terminals are properly authorized/approved? Does the Bank’s procedures ensure that “leasing agreements” are not entered into with ISO’s and/or merchants? 2. Data Transmission Equipment and Cost 1. well-lighted area? And equipped with Security cameras (if on Bank premises)? Is the area surrounding the ATM protected from overgrown shrubbery or other obstacles? .P. Are periodic physical reviews performed of all ATM terminals owned/serviced by the Bank? Are the ATM's well kept and clean? Are the ATM’s located in a secure.ATM NETWORK/CARD PRODUCTION OPERATIONS INTERNAL CONTROL QUESTIONNAIRE PAGE 5 9. 2. 4. 10.
i.e. captured. or documentation evidencing why special circumstance? Is there a special P. Are ATM applications screened to ensure that ATM privileges are limited to potential good customers? Is Chex Systems performed on all new customer relationships? Are all applications properly approved by a Branch Official or Consumer Lending Officer? Are procedures adequate to ensure that the card application is linked with the correct customer record? Is there segregation of duties between the authorization and production of ATM Cards? Are applicants that are declined for an ATM card provided with a written notice of adverse action concerning their application? Is there proper documentation/procedures for the re-issuance of damaged. which cannot be re-mailed properly destroyed/shredded under dual control and deleted from the System? 3. or lost/stolen ATM cards properly statused on the the system in a timely manner? 2. 5. 3. Mailing of ATM/MAC Cards and Return Mail 1.P.. 4. 8. 5. 6. or lost/stolen ATM cards? Are damaged. 2. captured. 4. Are cards mailed in envelopes with a return address that does not identify the company or the usual place of business? Are cards that are mailed to post office boxes in compliance with bank policy.ATM NETWORK/CARD PRODUCTION OPERATIONS INTERNAL CONTROL QUESTIONNAIRE PAGE 6 4. 5.O. have second address on file. New Accounts/Declined Accounts/Reissued Cards 1. Personal Identification Numbers (PIN Security) 1. 7. Is access to PIN's properly controlled? . Box where undeliverable cards can be returned? Is there adequate follow-up for undeliverable cards? Are plastic cards returned by the post office. Are there disclosures alerting consumers of potential additional Bank charges? Are procedures adequate to ensure that ATM fees are collected and properly posted to General Ledger? Yes No W.
7.e. three times) is the card deactivated? Do the ATM's properly reject invalid cards? Are captured cards removed from the ATM terminal under dual control? Are captured cards properly destroyed under dual control? Is the system updated to properly reflect the card status after destruction? Un-issued Plastic/Inventory Controls 1. 2. Are bank personnel having custody of cards prohibited from also having custody of Personal Identification Numbers (PINS) at any stage (issuance.. 2.. 6.ATM NETWORK/CARD PRODUCTION OPERATIONS INTERNAL CONTROL QUESTIONNAIRE PAGE 7 2. 3. 3. Are branch procedures adequate to ensure proper control over captured ATM cards? Do the ATM's physically capture cards reported lost or stolen? If the wrong PIN is consecutively used (i. Captured Cards 1.P. 2. or re-issuance)? Are there adequate procedures to ensure that Customer PIN’s maintained by the Bank are adequately secured to prevent unauthorized access and to ensure the confidentiality of the PIN's (i. Does the Bank obtain and review the SAS70 to ensure that inventory controls over un-issued plastics and blank cards adequate? Does the Bank maintain and perform a periodic inventory of all blank plastic cards? And are differences properly researched? Quarterly Reissue and Monthly Billing Process 1. 4. 5. encryption of PIN's)? Are PIN numbers mailed to the customer separately from the ATM card? Yes No W. verification. 4.e. Are all cards issued with expiration dates? Are there adequate procedures in place to ensure that the monthly billing is reviewed for reasonableness? File Maintenance .
) been classified as critical or sensitive? Are classified files adequately protected against unauthorized access or update? 3. etc. 6. authorizing. Does the contract between the Bank and the ATM processor meet minimum regulatory contract servicing guidelines (FFIEC SP-9)? ATM Programming Controls 1.) performed on a timely basis? Does segregation of duties exist between processing and review of file maintenance? Yes No W. Is the provisional business reserve periodically reviewed and approved by Management? Data Security 1. along with a backup. Is access to the computer system limited to specific individuals? Is one person. data. documentation. ATM Network 1.ATM NETWORK/CARD PRODUCTION OPERATIONS INTERNAL CONTROL QUESTIONNAIRE PAGE 8 1. Is file maintenance on Card Based accounts (address changes. etc. Emergency Preparedness 1. responsible for authorizing access to the computer system? Is access to and use of the computer system monitored? Are unauthorized users reported to management? Have files (programs. Provisional Business Reserve 1. Are there formal procedures for requesting. 4. 2.P. Is a report of the Independent Service Auditor (Third Party Review) in connection with the ATM system available for review? Does the contract between the Bank and the ATM processor meet minimum regulatory contract servicing guidelines (FFIEC SP-6)? 3. 2. addition of accounts. and approving all program changes? Are all program changes required to be tested before implementation? 2. Is there a written disaster recovery plan? . 2. 5.
7. What applications were tested? b. Rebuilding? b. 10. Yes No W. 9. Have personnel been assigned specific responsibilities to include: a. c. d. 6. Transportation? Maintaining current operations? Programming support? Clean up? 5. e. Who gets notified? b. Was the testing successful? . Does the disaster recovery plan contain: a. Has some consideration been given to where support functions will be located? Are these sites reviewed periodically to ensure that equipment is compatible? Do we know approximately how much time is available at each site and when? Do we know what applications can be processed at each site? Are they adequate to handle all critical applications? Have these applications been tested at these sites? When was the last test performed at the offsite backup facility? a. What supplies are needed? Plans for data reconstruction? Prioritization of applications (what to run)? Transportation requirements? 3. e.ATM NETWORK/CARD PRODUCTION OPERATIONS INTERNAL CONTROL QUESTIONNAIRE PAGE 9 2. c. d.P. 8.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue listening from where you left off, or restart the preview.