TPPPA and KirkpatrickPrice Announce Partnership in TPPPA’s Compliance Management System (CMS) Certification Program

by KirkpatrickPrice / January 13th, 2015

Sarah Morris
800-977-3154 x207



TPPPA and KirkpatrickPrice Announce Partnership in TPPPA’s Compliance Management System (CMS) Certification Program

The Third Party Payment Processors Association (TPPPA) and KirkpatrickPrice are excited to announce their partnership in the TPPPA’s Compliance Management System (CMS) Certification program. The TPPPA CMS is expertly crafted model policies specifically designed for third-party payment processors and financial institutions that have payment processors as their clients. All policies have been designed to address the oversight of relevant regulatory agencies, including FDIC, OCC, FRB, CFPB, and FinCEN.

The processor module contains policies to help processors comply with regulatory guidance and establish best practices for the industry. Processor policies include Bank Secrecy Act and Anti-Money Laundering (BSA/AML), consumer protection policies such as Unfair, Deceptive or Abusive Acts and Practices (UDAAP), and Consumer Complaints, Information Security, Privacy Policies, and more.

The financial institution module is a single policy that helps frame a distinct and cohesive third-party payments processing program, utilizing and integrating existing bank policies and disciplines. Together these modules close the compliance gaps that have existed in third-party payment processing relationships in the past.

“This product is designed to help responsible processors and financial institutions distinguish themselves, from those that give third-party payment processing a bad name,” said Marsha Jones, President of the TPPPA, “However, policies are just words on paper unless they are implemented and applied. The TPPPA CMS Certification is designed to help processor members to apply the CMS and to be able to demonstrate this through third-party review.”

The TPPPA CMS Certification is based on an SSAE 16 Audit that is built on a control framework determined by the TPPPA. The first year of certification, the member will have a SOC 1 audit performed validating that the controls are in place. The SOC 1 Type I process helps the processors ensure that they have the proper control framework and make necessary adjustments to align with the TPPPA established controls. In subsequent years, the certification will consist of a SOC 1 Type II audit, measuring the control is in place over time. “We like this framework because it is understandable and readily recognized by auditors and examiners, and the graduated approach allows members to strengthen their controls over time,” said Jones.

“Utilizing the SOC 1 is a great choice in allowing the use of an established audit framework to provide third-party validation for the payments processors’ internal controls as they relate to their regulatory and client requirements,” said Todd Stephenson, Vice President of Sales and Marketing, KirkpatrickPrice. “We are very excited about our partnership with TPPPA. It allows us both to leverage our unique strengths to educate, empower, and inspire the payments industry to greater levels of assurance to meet their challenging compliance goals.”

About the TPPPA

The Third Party Payment Processors Association (TPPPA) is a national not-for-profit industry association representing and promoting the interests of payment processors, their financial institutions and their merchants. Financial institutions and processor members have access to our exclusive Compliance Management System (CMS) as a part of their member benefits. Members must apply and be accepted into the TPPPA and agree to abide by a strict Code of Conduct.

About KirkpatrickPrice

KirkpatrickPrice is a licensed CPA and PCI QSA firm, registered with the PCAOB, providing assurance services to over 300 clients in more than 40 states, Canada, Europe, and Asia. The firm has over 100 years of combined experience in information security by performing assessments, audits, and tests, which strengthen information security and compliance controls. KirkpatrickPrice most commonly provides advice on PCI, SSAE 16, SOC 2, HIPAA, ISO 27001, FISMA, and CFPB frameworks.