The CMS Controls
The TPPPA Compliance Management System (CMS) contains a set of control standards tailored to the specific compliance requirements of TPPPA bank and processor members and are designed to address the oversight of relevant regulatory agencies, including CFPB, FTC, OCC, and FinCEN.
Control requirements address the holistic compliance requirements that payment processors must adhere to in order to keep themselves and their banks in compliance, including:
How do we do it?
The TPPPA CMS Certification Audit is an SSAE 16 audit utilizing the TPPPA CMS control framework. The first year of certification, KirkpatrickPrice performs a SOC 1 audit, validating that the controls are in place. In subsequent years, the certification will consist of a SOC 1 Type II audit, measuring the controls are in place over a period of time.
Successful completion of the certification audits will result in certification by the TPPPA.