Credit Card Policy
Internal Audit Checklist
[Institution’s name]
[Department(s) under review]
[Head(s) of department under review]
A. ___ Policy and Supervision Review
1.
Were changes made to the credit card
policy since the last audit?
a.
Were the policy change
authorizations located in the board of
directors minutes?
b.
Were the changes implemented
through appropriate adjustments to
related internal controls?
c.
Were affected personnel notified of
the changes in a timely manner?
2.
Were related procedures developed to
reflect the board of directors policy
goals?
3.
Review the most recent regulatory
examination for any criticisms leveled
with respect to this policy.
a.
b.
On reviewing the board of directors
minutes, was it evident that the board:

Was aware of any criticisms?

Addressed the criticisms with
meaningful action plans?
Did the audit team follow up on any
actions recommended by
management and approved by the
board to ensure that corrective action
was implemented?
Yes
No
Perf.
by &
Date
W/P
Ref.
Comments
4.
Subsequent to performing audit
procedures, were all deviations from
prescribed controls documented in the
work papers and followed up with the
appropriate management level?
B. ___ Authority and Responsibility
1.
Did the board of directors minutes reflect
that the authority to administer the charge
card program has been delegated to the
president of the bank?
2.
Discuss the responsibilities for
implementing the credit card policy with
the president. Is the president
knowledgeable regarding the following
basic goals:
a.
Monitoring the daily activities of the
credit card operations?
b.
Reporting periodically to the board
of directors to provide an overview
of goals achieved, weaknesses noted
and corrected, and future strategies?
c.
Reviewing the credit card policy to
ensure that appropriate changes have
been made to reflect changing
market conditions and regulatory
requirements?

3.
Making recommendations for
policy changes to the board for
its approval?
Has the president delegated an
appropriate amount of authority to credit
card division management to reasonably
achieve the goals of the policy?
C. ___ Credit Card Review Requirements
1.
Review the functional reporting
responsibilities in the credit card division.
a.
Have only designated personnel
made credit decisions?

b.
2.
3.
4.
Authority designations should
be based on specific credit
approval limits.
Are credit approval limit
designations reviewed and approved
periodically?
Select a sample of approved credit card
files. Can the following documentation be
found in approved credit card loan files:
a.
Completed credit application?
b.
Dated signature of applicant?
c.
Credit agency report or investigative
report?
d.
Guarantees, if applicable?
e.
Credit memo supporting approval
when the approval reflects a
deviation from underwriting
standards?
f.
Record of applicant financial
information correlated to
underwriting criteria?
Are new account documents reviewed
periodically by an independent individual
to ensure the following:
a.
Documentation is complete?
b.
Documentation is in compliance with
various laws and regulations?
Through a review of loan files and
discussions with credit card personnel,
was it evident that credit card personnel
understand the requirements on the use
and/or release of customer information
relating to the Fair Credit Reporting Act
(FCRA)?
a.
If the bank uses other subsidiaries’
records, other affiliates’ records, or
consumer credit agencies’ records to
determine a prescreened listing of
individuals for the purpose of offering
credit, do personnel understand that
the bank must comply with the
FCRA?
b.
Did the individuals selected through
prescreening by a consumer credit
agency receive an offer of credit?
c.
Were full credit reports obtained on
individuals from a prescreened list
only after they had accepted an offer
of credit?
d.
If the bank has terminated a
cardholder’s account and the
cardholder received an offer of credit
as a member of a prescreened list,
was the decision based on the
cardholder’s subsequent lack of
creditworthiness?

Has an adequate amount of time
passed since the credit offer was
made?
e.
Does the bank withhold information,
other than its own experiences, on a
consumer to avoid being considered
a consumer credit agency and having
to comply with related FCRA rules?
f.
When the bank takes adverse action
on a consumer loan application based
on information obtained from a credit
agency, are the name and address of
the credit agency, along with an
indication that the action taken was
based wholly or partially on
information contained in the
consumer applicant’s credit report,
provided to the consumer applicant?


5.
Through a review of loan files and
discussions with credit card personnel, is
it evident that personnel understand the
requirements on the use and/or release of
customer information relating to the
Right to Financial Privacy Act?
a.
Are credit card personnel aware of the
general requirements of the Right to
Financial Privacy Act, which
restricts financial institutions from
releasing information to the
government except in a few
circumstances?
b.
Do credit card personnel forego
disclosure of customer financial
information to government entities
unless a certified statement (in
writing) is presented indicating that
the government has complied with
the provisions of this law?
c.
Do credit card personnel refer any
situations concerning a customer that
may represent a violation of any
statute or regulation to the bank’s
legal counsel for further action?
d.
Are senior credit card management
aware that this law does not preclude
the bank from disclosing a customer’s
financial information in relation to
perfecting a security interest,
providing a claim in bankruptcy, or
otherwise collecting a debt owed
either to the bank or to the bank acting
as a fiduciary?
e.
In certain situations, customers have
the right to request information
regarding the disclosure of their
financial records to a government
entity. Are detailed records maintained
by legal counsel in these cases?
6.
f.
Do credit card personnel understand
that this law does not limit the transfer
of financial information to banking
regulatory agencies in their oversight
capacity or in the course of
examining the bank?
g.
Beyond a general understanding of the
requirements of this law, do personnel
understand that they should refer all
requests for financial information
from government entities to the bank’s
legal counsel?
Are other appropriate federal, state, and
local laws and regulations adhered to by
the credit card division?
D. ___ Credit Card Initiation
1.
When a customer first receives a credit
card, can appropriate credit card
personnel relate the following steps:
a.
When credit approval is received, a
card is issued to the applicant with the
following limitations:

Maximum line of credit?

Expiration date?
b.
Requests for increases on credit lines
are granted only after credit is
reviewed and approved by
appropriate personnel?
c.
Credit card lines are reviewed by an
independent employee to ensure that
maximum limits are reasonable?

When a cardholder’s financial
status or creditworthiness
changes, do personnel review the
existing credit line and
determine whether any changes
are necessary?

If significant economic changes
within a geographic area are
considered when reevaluating
the creditworthiness of current
cardholders, do personnel take
extreme care to adhere to the
bank’s nondiscriminatory policy?
2.
Have guidelines been developed for
credit card issuance to ensure credit lines
are commensurate with the borrower’s
creditworthiness and ability to repay?
3.
Is there guidance detailed on the
development of specific special credit
card products (e.g., secured credit card)?
E. ___ Card Issuance and Reissuance
Controls
1.
Review the card issuance and reissuance
controls with the appropriate credit card
personnel. Is their level of knowledge of
the bank’s policy and procedures relating
to the following steps sufficient:
a.
The records of issued cards are
balanced daily against the electronic
data processing (EDP) report
showing new and reissued cards?
b.
Periodic reconciliation by an
independent employee occurs in the
embossing unit with the records of
issued, spoiled, and on-hand cards?
c.
Personnel in shipping and receiving
are required to examine incoming
shipments of cards? Determine
whether personnel perform the
following steps under dual controls:

Do receiving personnel examine
both the box and the packages of
cards for tampering?

Do receiving personnel count
the number of cards and record
the amounts on the shipping
slip?

Are the amounts entered on the
receipt log?

Are the unprocessed cards
placed in a secured place until
processed?
2.
Is the receipt of inventory observed by
the audit team?
3.
Is the accuracy of the receiving area’s
count tested by recounting and
confirming the amount recorded in a card
shipment?
4.
On an annual basis, does the audit team
or other independent party count the
unprocessed card inventory and reconcile
this count to inventory records or log?
5.
Review the following card mailing
procedures with appropriate personnel.
Do they have sufficient knowledge of this
phase of operations?
a.
Are cards mailed in plain envelopes
to reduce exposure to theft?
b.
Are follow-up letters sent to
cardholders to confirm the receipt of
credit cards?
c.
When credit card envelopes are
returned to the bank either by the
customer for cancellation or by the
post office as undeliverable, are the
procedures below followed:

The mail is opened under joint
custody?

The returned cards are placed
under dual control security?

When the correct address is
found, returned cards are mailed
immediately?

When the correct address is not
found, the cards are destroyed?
6.
Observe personnel handling the mailing
and return of credit cards. Is it evident
that they adhere to procedures?
7.
Review the following reissuance
procedures with personnel. Are they
familiar with these procedures:
a.
An expiration date is printed on
each card?
b.
An annual fee for the card is
assessed (refer to the most current
fee schedule)?
c.
Before reissuing credit cards,
personnel review the account for
charged-off balances or other
negative credit experiences with the
account holder? When such
information exists, the card is not
reissued?
8.
Observe personnel handling card
issuance and reissuance to verify that
they are following the bank’s procedures.
9.
Select a sample of active credit card
account files on cards recently reissued.
Is there evidence that a credit review was
performed before reissuance?
a.
Were cards not reissued when a
negative credit experience was noted
in the credit review?
F. ___ Minimum Credit Card
Documentation
Requirements
1.
2.
Interview appropriate accounting
personnel. Do they handle and have a
sufficient understanding regarding the
following activities:
a.
Daily records are maintained that
summarize transaction details, i.e.,
charges, cash advances, payments
received, and interest and fees
collected, to support general ledger
accounts?
b.
Credit cards are prepared, posted,
and reconciled daily to the
appropriate general ledger accounts?
c.
Reconciling items are investigated
daily?
d.
Delinquent account requests and pastdue notices are checked to the trial
balances used in reconciling credit
card records to general ledger
accounts?
e.
Inquiries about loan balances are
investigated on an as-requested basis?
Is it evident that personnel handling the
accounting tasks are not also handling the
custody of assets, for example, the
following:
a.
Handling cash or checks received on
the accounts?
b.
Issuing checks or drafts associated
with cash advances?
G. ___ Monitoring Reporting
Requirements
1.
Review the credit card monitoring report.
Do the following types of accounts
appear:
a.
Accounts on which the outstanding
balance exceeds the maximum credit
limit?
2.
b.
Accounts that remain at an inactive,
positive balance?
c.
Accounts that remain close to or at the
maximum credit limit?
d.
Accounts for which payments are
made by drawing on reserves?
e.
Accounts on which a hold is placed?
Does management actually review this
report and take appropriate action on those
accounts presenting an increasing risk of
delinquency?
H. ___ Delinquency Reporting
Requirements
1.
Review the procedures for handling
delinquent accounts with appropriate
personnel. Are personnel adhering to the
following procedures:
a.
The collections department sends a
letter to holders of accounts 30 days
or more past due during the first
month in an effort to collect the
funds?
b.
In the second month and thereafter,
the collections department contacts
the holders of the delinquent
accounts by phone in an effort to
collect the funds?
c.
The collections area maintains a
customer contact record, de-tailing
the following information:

Date and time of each call?

Brief comments on the nature of
the conversation, including any
actions the customer agreed to
and the date the actions will be
taken?
d.
On a monthly basis, appropriate
personnel conduct a review of every
delinquent account to determine the
delinquency trend and status of the
accounts?

2.
The review includes information
contained in the customer contact
record and the reliability of the
customer’s promised actions?
Review a sample of accounts appearing
on the delinquency report. Are collections
personnel contacting the account holders
regarding the amounts owed to the bank?
I. ____ Charge-Off Standards
1.
Is it evident that the following criteria are
used to determine when credit card
accounts will be charged off:
a.
Credit card accounts that are 120
days past due?
b.
Accounts deemed to be uncollectible
after exhaustive attempts at
rehabilitation and/or collection have
failed?
c.
Accounts that have little to no value
with respect to the balance sheet?
d.
Accounts directed to be charged off
by regulatory agency examiners?

Charge-off occurs on receipt of
the examination report?
2.
Does a senior lending officer initiate full
or partial charge-offs?
3.
Does the president (or credit review
committee) approve full or partial
charge-offs?
4.
Trace the charge-off report items to the
list of approved charge-offs found in the
board minutes. Were the necessary
approvals obtained?
5.
Was charge-off information withheld from
account holders since they are still liable
to pay off the debt?
a.
Do collections personnel continue to
pursue payment of charged-off
principal and interest?
J. ___ Billing Statement Documentation
1.
2.
Review billing procedures with
appropriate personnel. Are the following
billing procedures adhered to:
a.
All cardholders with a balance
exceeding zero are issued a bill?
b.
All cardholders who pay the balance
in full pay no interest on the balance?
c.
All cardholders who pay a portion of
the balance pay at least an amount
equal to or greater than the minimum
monthly balance?
d.
All cardholders who pay a portion of
the balance pay interest on the unpaid
portion of the balance?
e.
When cardholders obtain cash
advances through their credit card,
interest is charged on the balance
from the date the cash advance is
made?
Review a sample of billing statements.
Are the billing instructions in agreement
with the policy?
a.
Does the billing statement clearly
indicate card charges vs. cash
advances?
b.
Recompute interest on billing
statements. Are actual interest billing
practices in agreement with policy?
c.
Are bills being sent on accounts with
zero balances?
K. ___ Merchant Processing
Considerations
1.
Review credit card products. Does the
bank offer merchant processing? If the
bank offers such services, are the
following items addressed:
a.
A separate policy statement
regarding these services?
b.
Written procedures directing this
activity?
c.
Separate audit procedures regarding
this service?
L. ___ Special Credit Card Programs
1.
Does XYZ Bank management adhere to
the following guidelines when designing,
developing, implementing, and
monitoring special credit card programs?
2.
In addition, are the programs reviewed to
assess compliance with regulatory
requirements and guidelines?
Product Marketing and Related Matters
1.
Do such programs adhere to regulatory
requirements (e.g., “Guidance on Unfair
or Deceptive Acts or Practices”) in order
to avoid engaging in unfair or deceptive
acts or practices?
2.
Do programs take affirmative steps to
ensure that marketing and other materials
contain prominent and readily
understandable disclosures of the
material costs, risks, terms, and other
characteristics — including conditions
and limitations — of the product being
offered? For example, does marketing
avoid using words or phrases (such as
“refundable account holds”) that are not
likely to be understood by consumers and
could obscure understanding of the
product terms?
3.
Does customer contact staff take special
care to ensure that customers understand
the nominal credit line and available
credit at account opening that they are
being offered? If a range is possible,
consumers should be told the lowest and
most likely credit lines and amounts of
initial available credit they may receive
as prominently as they are told the
highest amounts.
4.
Does the bank avoid marketing special
credit card programs (e.g., secured credit
cards) as a credit repair solution, credit
establishment, or credit improvement
products without clearly explaining the
consequences of default, or if the
structure or costs of the product tend to
increase the risk of default? More
generally, issuers should not employ
language that implies that the card carries
advantages that it does not, and should
avoid marketing techniques that highlight
a particular benefit of a product if that
benefit will be negated by another aspect
of the offering.
5.
Does the bank always report customers’
payment performance, including positive
performance, to credit bureaus?
6.
Have marketing programs avoided
generally the marketing of credit
disability or credit life insurance products
in connection with credit cards that will
be secured by deposits?
Product Structure and Terms
1.
Has the bank adopted guidelines to not
offer secured credit card products in
which the security deposit and/or
applicable fees are charged to the card (or
“holds” are placed on the card) if that
practice will substantially reduce the
amount of initial available credit and card
utility for the consumer? Similarly, does
the bank not offer unsecured credit cards
if the amount of fees charged to the card
upon issuance substantially reduces the
amount of initial available credit and card
utility?
2.
Even when the consumer will receive a
considerable amount of available credit,
does the bank situations where it would
be charging security deposits or other
amounts to the credit card to open the
account may contribute to enhanced
credit risk, poor account performance,
and heightened reputation and
compliance risks (particularly the risk of
unfair or deceptive practices)? (Note: The
regulatory agencies expect that banks
will not utilize this practice without first
engaging in rigorous analysis
demonstrating that the product will be
underwritten, marketed, and managed in
a manner that fully addresses the safety
and soundness and consumer protection
concerns identified in this advisory
letter.)
3.
Do customer contact staff strongly
consider offering secured credit cards
only in connection with a program that
provides an opportunity for “graduation”
to a higher credit line — and, eventually,
to an unsecured card — through
incremental credit line increases based on
the borrower’s positive payment
performance and repayment capacity?
While some consumers clearly have not
demonstrated creditworthiness
appropriate to partially secured or
unsecured credit, and should not be
offered such credit at the outset, they
should be provided an opportunity to
progress to such products once they have
shown that such products are suitable for
them.
4.
As a general matter, does the bank charge
interest and fees (including overlimit and
other penalty fees) commensurate with
the risks and costs associated with the
product? (Note: Interest rates, fees, and
other material terms that are not in line
with industry practice or the issuer’s
terms and pricing structure for other
products carrying similar risks should be
carefully reviewed to ensure their
appropriateness. Issuers also should
consider paying interest on consumers’
security deposits akin to that paid on
other deposits of similar amount and
liquidity, and should make clear and
conspicuous disclosures to consumers if
they will not be doing so.)
Credit Risks and Related Matters
1.
Has the bank implemented appropriate
underwriting policies, procedures, and
practices prior to engaging in secured
credit card activity directly or with a
third-party originator or marketer?
2.
Do procedures ensure that secured credit
cards are appropriately underwritten
based on the borrower’s willingness and
ability to repay in accordance with the
terms of the card without resorting to the
deposit collateral? Is the required
minimum payment sufficient to cover
finance charges and recurring fees and to
amortize the principal balance over a
reasonable period of time?
3.
Has the bank established strict controls to
reduce the occurrence of over-limits and
to address the timely repayment of any
over-limit balances?
4.
Does management ensure that all
products and account management
practices, including credit line
management and pricing criteria, are
fully tested, analyzed, and supported
prior to roll-out or broad implementation
of the product or practice?
5.
Does the lending division establish strong
collection practices and fraud controls
appropriate for the customer population?
6.
Has the bank’s account division ensured
that income recognition and loss
recognition practices are appropriate?
(Note: Banks are expected to employ
appropriate methods to ensure that
income recognition is accurate.)
7.
Has management developed and
implemented appropriate management
information systems to monitor and
analyze the credit performance and
profitability of the portfolio? Reporting
should provide management with the
necessary information to monitor and
manage all aspects of the product.
8.
Are the loan loss reserves and capital
adequate to support the secured card
activity, especially considering the higher
default rates and higher-risk borrower
credit profile associated with most
secured card programs?
9.
Do the risk management practices adhere
to those detailed in prior OCC guidance
on credit card operations and subprime
lending, specifically comments pertaining
to underwriting, account management,
collection and forbearance activities,
income and loss recognition, and
management information systems?
M. __ Potential Problematic Credit Card
Marketing Programs
1.
Does XYZ Bank refrain from unsafe
and/or unsound credit marketing
programs?
2.
Does management review for potential
problematic marketing for credit
programs that may include the following:
“Up to” Marketing
a.
Promotions for credit cards with
credit limits “up to” a specified
dollar amount are common in the
credit card industry, and such
marketing can be appropriate and
beneficial to customers when the “up
to” amount of credit offered is not
essentially illusory, a meaningful
number of applicants receive a
significant credit line, material
information about the cost and
usefulness of the card is clearly and
conspicuously presented, and
disclosures are made in accordance
with Regulation Z, 12 CFR part 226.
On the other hand, certain practices
present high compliance and
reputation risks.
Accordingly, national banks should not:
b.
Target consumers who have limited
or poor credit histories with
solicitations for credit cards with a
maximum, or “up to,” credit limit
that is far greater than most of these
applicants are likely to receive.
c.
Provide most applicants with a
“default credit line” (the lowest credit
line available) that is significantly
lower than the maximum amount
advertised, while failing to disclose
fully and prominently in the
promotional materials the default
credit line and the possibility that the
consumer will receive it.
d.
Advertise the possible uses of the
card when the initial available credit
line is likely to be so limited that the
advertised possible uses are
substantially illusory.
e.
To further mitigate associated risks,
financial institutions should consider
providing and disclosing readily
exercisable mechanisms for
consumers to cancel the card at little
or no cost when they learn the actual
credit limit granted.
Promotional Rate Marketing
a.
Occasionally, the credit card industry
uses a promotional rate to attract
customers and to induce new and
existing customers to transfer
balances from other credit cards. A
typical promotional rate solicitation
would involve representations that
an applicant or current cardholder
may for a limited time receive a
reduced annual percentage rate
(“APR”) on certain credit card
charges or transactions. The reduced
APR generally will be in effect only
for a specified number of months.
Additionally, the low APR may be
subject to other material limitations,
and other features of the promotion
may limit the consumer’s ability to
benefit from the program.
b.
The promotional rate may apply only
to transferred balances and not to
new purchases during the
promotional rate period, or the
borrower’s payments during the
promotional rate period may be
applied first to balances transferred
pursuant to the promotional rate
solicitation, and only after such
transferred balances are paid off are
payments applied to balances that are
accruing interest at the ordinarily
applicable (and higher) APR. In
addition, consumer benefits from
low initial APRs may be offset by
the imposition of fees on any
balances that are transferred.
c.
Promotional rate offers may be
beneficial to consumers, and the
typical limitations and features
described previously would not,
taken alone, be contrary to law.
Problems may arise, however, if
material terms are not appropriately
disclosed in promotional materials.
Accordingly, XYZ Bank should not:
a.
Fail to disclose fully and
prominently in promotional materials
and credit agreements any material
limitations on the applicability of the
promotional rate, such as the time
period for which the rate will be in
effect, any circumstances that could
shorten the promotional rate period
or cause the promotional rate to
increase, the categories of balances
or charges to which the rate will not
apply, and if applicable, that
payments will be applied to
promotional rate balances first.
b.
Make representations that create the
impression that material limitations
regarding the applicability of the
promotional rate do not exist
c.
Fail to disclose fully and
prominently in promotional materials
and credit agreements any fees that
may apply (e.g., balance transfer
fees) in connection with the
promotional terms
Repricing of Accounts and Other
Changes in Credit Terms
a.
Credit card issuers may increase a
consumer’s APR to address credit
risks that arise when a consumer
fails to make timely payments on the
account, and some credit card issuers
may increase the APR when a
consumer fails to make timely
payments on other accounts, including
accounts with other creditors. Credit
card issuers also may raise the
consumer’s APR for other reasons,
such as the consumer’s increased use
of credit, failure to make more than
the minimum monthly payment on the
account with the issuer, or other
behavior that reflects adversely on
the consumer’s credit rating. Credit
card issuers may take other actions
that also effectively increase the cost
of credit for some consumers, such
as shortening the due date for receipt
of payment or raising the amount of
fees for late payment, exceeding a
credit limit, or obtaining a cash
advance.
b.
These practices may be appropriate
measures for managing credit risk on
the part of the credit card issuer.
However, certain practices in
connection with repricing credit card
accounts and changing terms of
credit card agreements may raise
heightened compliance and
reputation risks.
Accordingly, XYZ Bank will not:
c.
Fail to disclose fully and
prominently in promotional materials
the circumstances under which the
credit card agreement permits the
bank to increase the consumer’s
APR (other than due to a variable
rate feature), increase fees, or take
other action to increase the cost of
credit, such as, if applicable, failure
to make timely payments to another
creditor.
d.
Fail to disclose fully and
prominently in marketing materials
and credit agreements, as applicable,
that the bank reserves the right to
change the APR (other than due to a
variable rate feature), fees, or other
credit terms unilaterally.
e.
While it is good business to market
credit products offered by the
institution, it is important to properly
market products within safe and
sound guidelines, as well as
regulatory requirements.