Examiners should review a credit union’s internal controls over IP/RDC activity. These controls can help protect against fraudulent activity. At a minimum, examiners should confirm that:
- Management establishes operational performance metrics, creates benchmarks and standards, and develops management reports to support management oversight of RDC operations.
- Board of directors approves, and management implements, effective policies and procedures.
- Management ensures the security and integrity of nonpublic personal information throughout the transmission flow and while in storage
- Credit union has adequate separation of duties or other compensating controls that mitigate the risk of one person having responsibility for end-to-end RDC processing.
- User access reports are accurate and up to date, and that user access levels are appropriate based on user’s roles.
Last updated September 25, 2017
