EFTA01382704.pdf

X- I/A Table of Contents and key injection; deployment, set-up and telephone training; equipment services; repair and replacement; remote terminal software updates; technical support; customized reporting; and conversions. We provide these services to our direct and indirect channel merchants. • Output Services - Our output semi= team manages the printing and mailing of cardholder statements and other communications, such as account notices, as well as the printing, embossing, personalization and mailing of plastic cards. This includes full support of newer payment technologies such as HMV. Remittance Processing - Our remittance team provides lockbox processing services in 8 state-of-the-art facilities throughout the United States. We support processing of all methods of payment to banks and corporations. such as card issuers and telecommunications companies, who receive payment remittances by postal mail from thcir clients. Our Controls Organization We face a range of strategic, reputational, financial, operational, and compliance risks inherent in our business. The objective of our controls organization is to understand those risks and effectively manage, mitigate. and/or monitor those risks to protect First Data, our clients, and our partners, as well as meet regulatory obligations. Reporting to the CEO, the Chief Control Officer (the CCO) leads our Controls Organization and provides regular reporting on the state of controls to the Risk and Audit Committees of the Board. We have made significant investments in strengthening controls. Our model includes three lines of defense: First Line ofDefense Business unit ownership. Our business unit, shared services and function executives are responsible for identifying, assessing, managing, and controlling the risks they take or arc exposed to while conducting their activities. Additionally, we assign control officers for each business, who are responsible for monitoring risk, advising on planned mitigation strategies, and monitoring corrective actions to address process and control deficiencies. SecondLine ofDefense Oversight of the organization. Our compliance, anti-money laundering. OFAC, anti-bribery and corruption, privacy, third-party risk management. enterprise risk management. operation risk, and credit risk functions all report to our CCO. These functions facilitate and monitor the implementation of effective risk management practices. They are responsible for providing oversight to the busine.ss as well as independent guidance and advice to the business in implementing risk policies. The second line of defense is also accountable for owning and developing the risk and control frameworks, which the first line of defense uses to discharge its responsibilities. ThirdLine ofDefense Assurance through Audit. Our internal Audit functions, which provide independent assurance over the key risks to the organization, including an independent annual assessment of the risk management and internal control systems to the Audit Committee of the Board of Directors. Our Chief Auditor reports to the Chair of the Audit Committee of the Board. 146 http://wnw.see.gov/Archi vestedgar/data=3980/000119312515334479/d31022dsla.htmill0/14/2015 9:06:38 AM] CONFIDENTIAL - PURSUANT TO FED. R. CRIM. P. 6(e) DB-SDNY-0082165 CONFIDENTIAL SONY GM_00228349 EFTA01382704