Instructions

Partner Escalations

Effective January 17, 2024

Overview

This procedure provides guidance on utilizing the escalation form BankProv has created for partners when reporting an incident or requesting an approval for certain areas. Partners must submit an escalation any time they feel there is a question of Security, Unusual Activity, Red Flag Identity Theft, Data Breach, Customer Complaint, Marketing, Product, or Service Changes as part of your contractual obligations with BankProv.

All escalations should be reported as soon as possible by submitting the Partnership Escalation Form. Any written or pertinent documentation should be attached to the form where prompted.

The Escalation will be assigned to the appropriate BankProv department for resolution/approval upon submission. Please contact your relationship manager with questions about a submitted escalation.

The following resource contains guidance for questions in each section of the form. You can navigate this resource using the Table of Contents above, as well as the “What is the reason for the escalation” section. These links will help take you to that section on this resource.

Submit an Escalation

Tips for Using the Partnership Escalation Form

Escalations may be submitted when either a customer or a non-customer is involved.
Press and hold the CTRL button and click on the reason for escalation under the question “What is the reason for the escalation” to move right to that section.
The bottom of the escalation form has a ‘Comments’ section. This section may be utilized to input any additional information pertinent to the escalation. Ex. Information that was not covered by a question.
Questions with an * before them are required questions.
If a customer or non-customer refuses to answer a question that has a required text field, you may state ‘customer/non-customer refused to provide or did not provide’.

Procedure

Employee Information Section

This section is utilized to enter your company name, contact information for the employee submitting the escalation, and any additional parties that should be contacted about the escalation. The form will automatically input the date and time the form is submitted. This information is extremely important as it directs the Bank who they will be reaching out to if additional information is needed to complete our internal processes.

Escalation Information Section

This section defines if the escalation involves a customer or non-customer, the type of escalation, the date of the incident (may differ from the submission date), and a detailed explanation of the incident.

Does the escalation involve a customer(s) or non-customer(s)?
Select whether a customer and/or a non-customer is involved with the escalation. A non-customer is an individual who does not have any accounts with or does not have a continuing relationship with your company. You may select multiple options here – Yes, single customer; Yes, multiple customers; Yes, non-customer; Yes, multiple non-customers; No.

What is the reason for the escalation?
Select the area(s) that best fit the escalation being submitted. Multiple areas may be selected. Additional form sections will appear with questions specific to the area(s) selected.

Listed below is some clarification of when to select the different types of escalation choices:

Customer Complaint: For the purposes of this process a complaint may be in verbal or written form, inclusive of e-mail, and is defined as the following:
- Any issue received directly from a regulatory agency
- Any issue involving a state or federal law or regulation
- Any issue involving consumer protection law or regulation
- Any issue involving fair lending or anti-discrimination law or regulation
- Any issue involving civil rights law or regulation
- Any issue involving potentially unfair or deceptive practices.
Account Fraud: Elder/dependent abuse, customer account breach, customer reports missing information, check kiting, altered checks, online account takeover, wire transfer fraud, ACH Fraud.
Unusual Activity: Unusual activity encompasses a large range of activities. Please refer to the links below to identify the Bank’s reporting requirements and a list of red flags that would indicate activity where notice should be provided to the Bank.
Red Flag/Address Discrepancy: A ‘red flag’ describes any activity or repeated activities/patterns that are unusual and indicate the possibility of identity theft. Please refer to the below document for further information on what may be considered a red flag incident where notice should be provided to the Bank. In addition, please advise all clients who are victims of identity theft to file a report at the Identity Theft government website listed below.
- Identitytheft.gov
Suspected identity stolen, notice of address change received without making any changes, debit card ordered within 30 days of address change.
Potential Breach: The company has been alerted to a potential compromise involving systems where BankProv/BankProv customer information may be collected, processed, or stored.
Confirmed Data Breach: The company has confirmed that a system which collects, processes, or stores BankProv/BankProv customer information has been accessed by unauthorized parties.
Data Subject Request: A California or EU resident has submitted a Data Subject Request.
Non-Public Personal Information (NPPI) Incident: The company is aware of the loss, access, or unintentional sharing of specific NPPI to parties unauthorized.
Right to Financial Privacy Act (RFPA): Federal government authorities request information about a customer’s financial records. The 1978 Right to Financial Privacy Act (RFPA) establishes specific procedures that federal government authorities must follow in order to obtain information from a financial institution about a customer’s financial records. Document requesting information; Customer name, TIN, DOB, address.
Dispute: A customer is disputing a purchase transaction. Transactions are most commonly disputed because of fraud (unauthorized purchases) and a lack of merchant follow-through (merchandise not as expected, services not performed, credit not issued, etc.)
Marketing Request: A marketing request should be submitted for any marketing updates or posts connected with a product/service that BankProv is supporting prior to publishing. This is a contractual requirement.
Product or Service Change: A product or service change request should be submitted when any product(s)/service(s) supported by BankProv is adjusted or a new product/service that requires support of BankProv will be offered. This request should be submitted before the products or services are launched.
BaaS Due Diligence: This request should be utilized for BaaS partners to submit customer types that require pre-approval to the Bank to review.

What is the date of the incident?
Input the actual date the incident occurred. You will be able to select a current or past date.

Provide a detailed explanation of the incident
Explain the reason for the escalation providing as much detail as possible.

Attach incident documentation here
Documentation containing information about the chosen escalation reason may be attached here. Ex. Copy of customer e-mail containing a complaint being escalated. This is not a required field, however; there is an expectation that associated documentation, when available, will be attached.

Provide the non-customer’s name and contact information
This field will be visible when ‘Does the escalation involve a customer or non-customer’ = Yes, non-customer. Provide the full name (first, last, suffix-if applicable) and contact information of the non-customer involved in the escalation.

Attach document containing multiple non-customer information
Attach a document containing the full names and contact information of all the non-customers involved in the escalation. This will only need to be populated if the ‘Yes – multiple non-customers’ option was selected.

Single Customer Information Section

What is the name of the Customer?
Type the customer’s name as it appears on their account.

What is the customer’s complete physical address?
Provide the address for the customer as it is listed in your system of record.

What is the customer’s phone number?
Include the area code with the phone number.

What is the customer’s account number(s) associated with the escalation?
Input the number utilized to identify the client’s account (this may be a partner specific account number or an account number provided by BankProv depending on your partnership model). If there is not an associated account number, use N/A or No Account.

What is the customer’s debit card number?
This question will appear when ‘Escalation Reason’ = Account Fraud or Unusual Activity. If there is no debit card, enter N/A or No Debit Card.

What is the customer’s date of birth?
This question will appear when ‘Escalation Reason’ = Account Fraud, Unusual Activity or RFPA. Enter the Month, Day, and Year.

What is the customer’s TIN/SS number?
This question will appear when ‘Escalation Reason’ = Account Fraud, Unusual Activity, RFPA or Dispute. Enter the complete Taxpayer Identification number or the Social Security number.

Multi-Customer Information Section

Have all Customers been verified?
Select the appropriate choice from the drop-down menu – Yes or No.

Attach multi-customer document here
See ‘Single Customer Information’ section above and provide the required information for all customers involved with the escalation.

Customer Complaint Section

How was the complaint received?
Select the method in which the complaint was received. Multiple choices may be selected.

Phone – Received via telephone
E-mail – Received via email or through a support chat link. This is inclusive of complaints received through unsubscribe buttons.
Text – Received via text messaging (SMS)
Review Website – Received via a review website or application (ex. Google Reviews, Reviews in the App Store, Better Business Bureau)
Social Media – Received via social media (ex. Facebook, Twitter, Instagram, LinkedIn, YouTube)
Regulator – You were contacted by a regulatory agency regarding a complaint about your company (ex. CFPB, OCC)

Did the customer allude to any regulatory violations?
Select yes or no to identify if the complaint contained language alleging the company violated any federal or state regulations. An example of this would be if the client mentioned a specific regulation within it’s complaint or used words such as ‘unfair’, ‘deceptive’, ‘misleading’, ‘discrimination’.

What action has already been taken?
Describe what action has been taken by your company to this point in trying to resolve the complaint. Attach any relevant documentation to the ‘Incident Attachment’ field in the Escalation Information section.

Account Fraud Section

Click here to view Fraud Terminology

What country does the customer reside in?
Input the country the customer resided in at the time of the incident being escalated.

What type of identification was used by the customer?
Provide the type of identification used by the customer (ex. Driver’s License).

What is the identification number?
Provide the number listed on the customer’s identification.

What state was the customer identification issued in?
Provide the state on the customer’s identification. If the customer used a non-USA passport, provide the issuing country here.

What is the customer’s occupation?
Provide the occupation of the customer.

What is the suspect name and contact information?
Provide the first, Last, suffix (if applicable) of the suspect name along with a valid phone number and/or email address.

Is law enforcement involved?
Select the appropriate selection from the drop-down menu – Yes or No.

*The following questions will appear when ‘Is law enforcement involved’ = yes

What is the name of the law enforcement contact?
Provide the name of the law enforcement individual you spoke with.

What is the contact information for the law enforcement individual?
Provide the phone number and/or email address for the law enforcement individual you spoke with.

Attach law enforcement document(s) here
Attach any documents provided to you by law enforcement here. Multiple documents can be uploaded. (ex. Police report)

Which bureau office is involved?
Provide which law enforcement bureau is involved. (ex. Anytown local police dept.)

What is the law enforcement report number?
Provide the report number if a report was opened by law enforcement.

Unusual Activity Section

What country does the customer reside in?
Input the country the customer resided in when the incident took place.

What type of identification was used by the customer?
Provide the type of identification used by the customer (ex. Driver’s License).

What is the identification number?
Provide the number listed on the customer’s identification.

What state was the customer identification issued in?
Provide the state on the customer’s identification. If the customer used a non-USA passport, provide the issuing country here.

What is the customer’s occupation?
Provide the occupation of the customer.

Is law enforcement involved?
Select the appropriate choice from the drop-down menu – Yes or No.

*The following questions will appear when ‘Is law enforcement involved’ = yes

What is the name of the law enforcement contact?
Provide the name of the law enforcement individual you spoke with.

What is the contact information for the law enforcement individual?
Provide the phone number and/or email address for the law enforcement individual you spoke with.

Attach law enforcement document(s) here
Attach any documents provided to you by law enforcement here. Multiple documents can be uploaded. (ex. Police report)

Which bureau office is involved?
Provide which law enforcement bureau is involved. (ex. Anytown local police dept.)

What is the law enforcement report number?
Provide the report number if a report was opened by law enforcement.

Red Flag/Address Discrepancy Section

Is this regarding an address discrepancy?
Select the appropriate selection from the drop-down menu – Yes or No.

Is this identity theft?
Select the appropriate selection from the drop-down menu – Yes or No.

*If address discrepancy = yes, the following questions will appear

How did you verify the address?
Provide the method and/or type of documents utilized to verify the address.

Attach the address verification documentation here
Attach documentation showing the address verification here. Multiple documents can be uploaded.

Was a debit card ordered within 30 days of the address change?
Select the appropriate selection from the drop-down menu – Yes or No.

Potential or Confirmed Breach Section

Has the breach been confirmed?
This question confirms the breach status. This question only appears when Escalation Type = Potential Breach.
Yes – Change the reason for escalation to ‘Confirmed Breach’.
No – Continue to next question

What type of information is affected?
List all types of information potentially exposed by the breach.

What is the name and contact information of the individual responsible for resolution?
Provide the full name and contact information of the individual from your company responsible for resolution.

Are external parties involved?
This question determines whether external parties have been contacted. Select the appropriate choice from the drop-down menu – Yes or No.

Who are the external parties involved?
This question will appear when ‘Are external parties involved’ = Yes. Select from: Local Law Enforcement, Federal Law Enforcement, Insurance Company, Consultants, Forensic Team. Multiple choices may be selected.

What action has already been taken?
Describe what action has been taken by your company to this point in trying to resolve the escalation.

Attach breach documentation here
Attach any documentation relevant to the breach here.

Has the breach been resolved?
Select the appropriate response to whether the breach has been resolved – Yes or No.

Attach incident report here
This field will appear when ‘Has the breach been resolved’ = Yes. Attach the completed incident report here.

Data Subject Request Section

Reminder: Data Subject Requests are only accepted from CA and EU residents.

Was this person verified?
Select the appropriate drop down.
Yes – The person making the request was verified and has the proper authority
No – The person was not verified or does not have the authority to make the request

How was the person verified?
Provide the method and/or documents utilized to verify the person making the request.

What type of request is this?
Select the appropriate type of request from the drop-down – Deletion or Information.

Who is the subject of the request?
Provide the name of the person/entity the request is about.

Attach data subject documentation here
Attach written data request here.

Non-Public Personal Information Incident (NPPI) Section

NPPI Incidents may require BankProv to file reports with various other agencies, please be as detailed as possible when providing information. If a copy of the information is available, please attach it to this request.

What NPPI was compromised?
Please provide a detailed explanation of the information that was compromised.

Attach NPPI documentation here
Attach information pertaining to the compromise. Ex. – Copy of the letter and/or email containing NPPI.

Right to Financial Privacy Act (RFPA) Section

What type of RFPA is being escalated?
Select the RFPA type from the drop-down menu. Multiple choices may be selected.

Lien/Levy – The government placed a legal claim against property due to neglect or failure to pay a debt. i.e., IRS Tax payment/Child Support
Subpoena – Court order for documents and information on account(s). i.e., divorce
Summons of Trustee – Court documents for pending court case-need to seize funds and hold as requested

Attach RFPA documentation here
Attach documentation related to the RFPA escalation here.

Dispute Section

What is the transaction type?
Select the type of transaction being disputed.

ACH – Direct debit/credit to an account
Check – Physical check
Debit Card – Card attached directly to a checking or savings account
Deposit – Funds deposited into an account
RTP – real time payment
Wire – Method of transmitting money electronically between people or businesses in which no physical money is exchanged
Withdrawal – Removing funds from a bank account

What is the dollar amount of the transaction?
Input the full dollar amount of the transaction (ex. $10.25).

What is the date of the transaction?
Select the date the transaction that is being disputed took place. A future date will not be allowed to be entered here.

Attach dispute documentation here
Attach relevant documentation pertaining to the dispute here. Always include a copy of the transaction when it is available. Some examples of information to include in addition to the transaction: Information of originator (for ACH); copy of front and back of check (for Check); vendor information (for Debit Card); type of deposit (check, cash, ach) and who the deposit was from (for Deposit).

Marketing Request Section

Which type of approval is being requested?
Select the appropriate approval type being requested. Multiple choices may be selected.

Copy change – This is a wording change to existing advertisements or website language.
Existing Media Update – This is a change to marketing materials previously approved by the Bank.
New Media – This is new marketing material or posts that require review and approval prior to launch.

Provide a description of the Marketing Plan
Provide a brief description of the marketing plan for the advertisement or marketing material submitted.

Attach draft for approval
Attach the draft(s) of the marketing materials requiring approval.

Will the marketing be targeted?
Targeted marketing means the advertisement will be marketed to specific groups, people or locations based on common characteristics. Select the appropriate dropdown – Yes or No.

Provide details of the targeting
This question will appear when ‘Will the marketing be targeted’ = “yes”. Include in the details, who will the marketing be focused on and where will the marketing be targeting. Specifically, include any characteristics or factors that will be utilized for the targeted marketing.

Does this include a promotion or a bonus?
For example, a short-term marketing strategy such as ‘Complete 10 transactions this month and receive a $5 credit.’ A bonus is a premium, gift, award, or other consideration worth more than $10 in a year in exchange for opening, maintaining, renewing, or increasing an account balance. Select the appropriate drop-down – Yes or No.

Provide promotion details
This question will appear when ‘Does this include a promotion or a bonus’ = “yes”. Include the length of the promotion along with specific details of how the promotion or bonus will work. What must the customer do to receive the promotion or bonus? Are there any special requirements to qualify?

How will this be advertised?
Select the method(s) that will be used to advertise the marketing – E-mail, Phone Text, Press Release, social media, Website, Other. Multiple choices may be selected.

Provide media types that will be used not listed above
This question will appear when ‘How will this be advertised’ = ‘Other’. Input the media that will be used to advertise the marketing.

Does this include an endorsement from a client?
An endorsement means any advertising message (including verbal statements, demonstrations, or depictions of the name, signature, likeness or other identifying personal characteristics of an individual or the name or seal of an organization) that consumers are likely to believe reflects the opinions, beliefs, findings, or experiences of a party other than the sponsoring advertiser, even if the views expressed by that party are identical to those of the sponsoring advertiser. Select the appropriate drop down – Yes or No.

Attach endorsement authorizations form
Anytime an endorsement is used, the FTC requires an authorization be collected and retained. This field will appear when ‘Does this include an endorsement from a client’ = ‘Yes’. Attach the completed endorsement form here.

What is the expected release date?
Provide the date the marketing is expected to be released. This field will accept a past, current, or future date.

Product/Business Change Section

Is this a new or existing product or service?
A new product or service is one that the Bank has not yet reviewed and approved, and an existing product or service is one that the Bank has conducted due diligence on and approved the support of. Check the appropriate box – Existing or New.

Provide the name of the product or service and describe what is changing.
Provide the product or service name and a description of what will be changing.

Will current activity be changing (Volume (unit) and Velocity (dollars) inclusive of Wires and ACH; Geographies, and Primary Occupation or Business Types served)?
*If yes, an additional question will appear and ask to describe the changes.

Does this change impact the information collected on your customers and/or has the method for collecting your customers information changed?
*If yes, an additional question will appear and ask to describe the changes.

Will this change impact the current ACH payment activity or its structure (consumer vs. commercial use, Third-party Sender, Nested Third-party Sender, etc.)?
*If yes, an additional question will appear and ask to describe the impact.

Will marketing materials require updating?
Select whether the marketing materials for the product or service listed require updating – Yes or No.
*Answering yes to this question will open the ‘Marketing’ section that will need to be completed. Please visit that section for question assistance.

How will the customer be impacted?
Positive impact could be when a product or service requires a minimum balance, but that requirement is being removed. Negative impact could be when a fee for a service or a feature of the product is added or increased. Check the appropriate box regarding customer impact – Positively, Negatively, No Customer Impact.

Explain the customer impact
This field will appear if ‘How will the customer be impacted’ is answered ‘Positively’ or ‘Negatively’.

Do the changes being made require that any of the disclosures or terms and conditions for this product/service be updated?
Select the appropriate response from the drop-down – Yes or No.

Updated Disclosure Attachment
Attach the updated disclosures reflecting the changes in the product/service for review and approval.

What is the anticipated date of release?
Input the date the product/service change is anticipated to be active.

BaaS Due Diligence Section

Potential Customer Name?
Provide the Name of the potential customer being submitted to the Bank for review.

Potential Customer Occupation/Business?
Provide a description of the potential customer’s business or their occupation.

Potential Customer’s Geography?
Provide a description of the location of the potential customer and/or the geography of the potential customer’s clientele.

Review Due Date?
Provide the Bank with the date that you need the review completed.

BaaS Due Diligence Attachment: Provide any attachments or documentation in support of the request for the potential customer to be reviewed.