1 / 27

An End-to-End View of Risk in Payments

An End-to-End View of Risk in Payments. Introduction to the Risk Spectrum and Mitigation Strategies Sayantan Chakraborty North America Head of Payments Citi Global Transaction Services Brian Todd VP Fraud Prevention and Internal Control Citi Global Transaction Services. August 09, 2010.

Gabriel
Télécharger la présentation

An End-to-End View of Risk in Payments

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An End-to-End View of Risk in Payments Introduction to the Risk Spectrum and Mitigation Strategies Sayantan Chakraborty North America Head of Payments Citi Global Transaction Services Brian Todd VP Fraud Prevention and Internal Control Citi Global Transaction Services August 09, 2010

  2. Table of Contents

  3. Agenda • The Treasury Risk Environment • Evolving Risks • Changing Marketplace • Opportunities • The Financial and Franchise Risk Umbrella • Payment Systems • Regulatory/Compliance • Credit • Operational • Fraud • Payments in the Age of Social Networks • Banks’ Changing Role in Risk Mitigation • Case Study • Conclusion

  4. The Treasury Risk Environment

  5. What this means for Treasury Operations and Banks Paradigm Shift in Risk as a Result of Changes in Payment Trends Old Payments Landscape New, More Complex Landscape • Electronification has eliminated physical controls making validation time-sensitive • Monitoring new payment channels requires more diligence and added complexity • With rising influence of technology, fraud has become more sophisticated • Increased regulation has necessitated increased compliance checks • High volume check processing • Electronic payments were less organized with limited channels • Relatively slower pace of processing allowed a “reactive” approach to risk • Payments fraud was limited • Compliance requirements were simpler The new payments market presents Banks and Treasury Operations with a new set of challenges as well as opportunities In order to minimize risk in the new marketplace, key stakeholders mustbe at the forefront of innovation,prioritize controlsin infrastructure andbe nimblein an increasingly complex environment

  6. The Financial and Franchise Risk Umbrella

  7. Regulatory/ Compliance • Banking and payments regulations are constantly evolving • Ensuring compliance with regulations places a burden on Treasury Operations that have limited resources Operational • With increasing complexity, meeting specialized operational requirements can be very demanding • Uncontrolled processes can result in financial and franchise risk Fraud • Fraud schemes are becoming increasingly difficult to expose • Perpetrators take advantage of opportunities presented by Economic Downturns, Natural Disasters and Political Strife Payment Systems Risk • Evolving marketplace exposes weaknesses in payment systems and organizations • Changes in the payments infrastructure have not penetrated into treasury operations at the same scale • External issues can affect ability to effectively operate Credit • The nature of payments transaction underscores the importance of monitoring counterparty credit risk • The recent financial crisis has further made the topic of counterparty risk extremely relevant A Deeper Dive Into the Risk Spectrum

  8. Rapidly changing regulations place a compliance burden on organizations Regulatory and Compliance Risks • Organizations are subject to Fines, Sanctions and Reputational Risk for non compliance • The blurred line between banks and non banks results in legal and financial risk to all counterparties in transaction • Enhanced anti money laundering enforcement can add an operational burden on payment initiators and providers • Regulatory Changes – HIPAA, OFAC, AML, Fed operating changes • Regulations do not always keep up with payment requirements • Reg CC and Op Circular 3 are undergoing changes to meet today’s payment realities • Often , there still is a secondary impact • Treasuries and Banks have to comply which causes impact to the units via: • Investment dollars • Priority shift • Resource reallocation How can Banks and Treasurers collaborate? Banks can share best practices, market updates and operationally make it simpler for you to remain “compliant”, e.g. building controls universally within banking processes

  9. How do Banks and Treasuries Fit Together? Operational Risk Factors Affecting Operational Risk Controls • Stringent hiring policies, rotation of personnel and separation of duties • Ensuring adequate coverage of key roles, and sensitive processes • Adequately staffed human resources with resources to find appropriate talent • Creation and testing of realistic and robust plans that mirror production processes • Merging similar functions to eliminate duplication • Inadequate separation of financial responsibilities increases payments fraud risk • Staffing issues can result in productivity loss • As the complexity of processes increases specialized requirements also increase • Inadequate or missing Continuity of Business (COB) plans • Physical plant costs Many banks offer treasury outsource functions and products that can be used by treasuries to reduce operational costs and risks; some of the contingency management can be handled by Banks instead of building multiple redundancies

  10. Counterfeit rings understand banking • Counterfeit rings use banking processes against banks and they exploit: • Float • Banks using rarely used Routing/Transit Numbers • Banks operating in diverse regions • Holidays • National disasters, or national strife • The level of sophistication of the counterfeiters is increasing • Counterfeiters utilize any situation which can cause a delay in bank processing or perceived control loss • Counterfeiters have banking experts working with them, and they understand how to exploit banking systems Fraud Risk Law firm scams have significantly increased bank’s and counterparty’s risks • Dollar values of these items are higher – averaging 300K • Law firms are not bound by Patriot Act and other banking regulations, prior to engaging in financial transactions • Law firms are protected in many states by favorable LLC (Limited Liability Corporation) laws, that allow them to be exempt from loss liability • Law firms have strategic advantage in local courts, if a dispute becomes a civil case • Law firms understand that the courts have not caught up, to the new forms of fraud, and the courts do not favorably decide on Reg. CC breaches, regardless of the root cause

  11. Why is Fraud Increasing? Fraud Risk Sheer Volume • 49.1 billion checks issued annually • In 2008, USPS intercepted more than 2 Billion worth of counterfeit checks drawn on U.S. financial institutions • Control lapses on print and mail procedures Technology • Checks and other documents can be easily replicated • Availability of “Off the Shelf” check printing programs • Availability of Check Stock Regulation CC • Funds availability • Hold times have decreased based on better collection processes • Return check timelines • Investigation time is limited by the requirement to identify and return check settlement items to bank of first deposit in 48 hours Mail Theft • Counterfeit rings exploit the mailing process • Items intercepted en-route to destination Jurisdiction Issues • Non-cooperation across international borders • Investigations limited to large dollar amounts

  12. Suggested Best Practices to Prevent Fraud Fraud Risk Best Practices • Employ stringent hiring procedures with appropriate background checks • Restrict employee access to customer file records • Destroy obsolete check stock as soon as possible • Do not include account number and authorized signatures in correspondence • Establish dual control procedures for the handling of any unprinted check stock Control Segregate • Separate accounts payables functions • Segregate the processing of returned checks Monitor • Create audit trails and conduct surprise audits • Reconcile bank accounts daily

  13. Organizations can mitigate credit risk by carefully evaluating their counterparties and by protecting their security interest in such relationships Credit Risk • Payment transactions have inherent credit risk • Intraday / overnight exposures due to batch (e.g. ACH) and single entry transactions (e.g. Wires) • Risk exposures can be created due to special purpose funds deposited with a financial intermediary • Regulatory protection against such exposures is limited • FDIC insurance, where available, is capped to $250,000 • Organizations should carefully evaluate and choose banks and other financial intermediaries • Security interest in such a relationship should be protected with an appropriate collateral

  14. Banks can help mitigate the payments systems risk through a disciplined risk evaluation of the payments infrastructure Payments Systems Risk • Payments are settled through a payments “infrastructure” which interconnects various organizations • Such multilateral systems may increase, shift or transform risks in unanticipated ways • Consequently organizations can be severely affected : • Either directly due to a system failure at their end Or • Indirectly, due to a failure in the other indirectly connected systems • Liquidity Risk : Breakdown in the payments infrastructure can pose liquidity challenges • Operational Risk : Payments systems malfunctioning can result in financial implications due to information loss • Legal Risk : Potential litigation or inability to enforce a contract could result in significant financial and reputational loss • Franchise Risk: Failure to meet payments obligation can result in negative publicity Banks as participants in payments systems, are deeply involved in risk evaluation. The payment system benefits from the collective evaluation

  15. Due to the batch processing nature and the regulation governing ACH transactions, there are risks that organizations should be cognizant of ACH Transactions Credit Risk • Credit Risk originates in ACH transactions in the following scenarios: • Counterparty not funding a transaction on their overdrawn account • Intraday and overnight balances • Unsecured deposits Fraud Risk • ACH rules for identification and reporting of suspicious transactions are different for organizations and individuals • Corporates have 48 hours to report and act against a fraudulent transaction • Individuals have 60 days • Lines are blurred between a corporate and an individual transaction • Organizations are sometimes left vulnerable due to lack of understanding of the qualification for transactions

  16. Payments in the Age of Social Networks

  17. Why should State and Local Government bodies care? “If Facebook were a country it would be the eighth most populated in the world, just ahead of Japan, Russia and Nigeria “ * 56% CAGR 101% increase Payments in the Age of Social Network • The ubiquity of Social Networks cannot be ignored • Piper Jaffray predicts that total US revenues from virtual goods will reach $1.0 Bn this year • Facebook alone has more than 110 Million unique users in the USᅡ ᅡ(As of March 2010, Source: nicburcher.com ) US Virtual Goods Revenue ($MM) Source: Piper Jaffray, “Pay to Play: Paid Internet Services”, July 13, 2009 • Social Networks are the channels of the future to connect with citizens • Many state and local government bodies are already using Social Networks • Counties in Texas - Grayson, Collin and Cooke, have started their own Facebook and Twitter sites to make it easier for the public to access important information** Growth of Facebook Users (MM) Source:http://www.nickburcher.com/ * Owyang, J. (2009). A Collection of Social Network Stats for 2009 Retrieved March 20, 2010 ** Source : www.hci.org : “Social Networking in Government: Opportunities & Challenges”

  18. Multiple Payment Options in the Virtual Economy Traditional Payments Credit/Debit Cards Visa Mastercard • Virtual Goods/Services • Monthly Subscription for Online Games Account Funded • Make payments directly from your bank account with added security PayPal Google Mobile Paymo Mopay • Payor enters mobile number and funds are collected via monthly mobile bill Virtual Currency QQ Coins Facebook Credits • Members can use purchased virtual currency to pay other members or buy goods online Next Generation Payments

  19. P2P Payments Gaining Traction on Social Networks The new TwitPay will provide a means of quick and easy donations for Twitter users using “retweets” Charities looking for donations can simply tweet a request, and donors can respond by retweeting the message, which opens up a authorized payment transfer from the users account TwitPay collects up to 5% on these transactions Traditional P2P on Facebook P2P for Charity on Twitter Buxter TwitPay • Buxter is ClickandBuy's Facebook application that allows members to make P2P payments in either Euros or Dollars • Allows Facebook users to: • Send money to other Facebook users • Receive money from other Facebook users • Request money from other Facebook users • Withdraw money to their ClickandBuy account • Purchase Facebook applications • Users are only charged for withdrawals (1.9%)

  20. Risk Management in the New Paradigm Authenticating the actual user or payor becomes increasingly difficult Sophisticated hackers can steal or create false identities easily Information security becomes increasingly important as social network IDs are now linked to user’s payment accounts Fraud Operational • Payment processors must find balance between processing large volume micro payments efficiently without risking processing errors • Payment monitoring must now extend beyond actual dollars, but must extend to how users are using their virtual currencies Legal • Existing laws and regulations does not contemplate payments in the virtual context • Inconsistent across markets (e.g. China outlaws use of virtual currency to buy “real” goods, while Korea allows virtual to real transactions) • The taxation laws around gaming revenues are vague

  21. Bank’s Changing Role in Risk Mitigation

  22. Responding to Priorities State and Local Governments are grappling with today’s economic realities • Re-capitalization and asset stabilization with bail-out of entire industry sectors • Increasing complexity of processes due to end consumer’s constant demand for additional services • Budget pressures driving efficiency initiatives to reduce costs and increase productivity How can Banks help? Specialization Drive Innovation Embedded Partnerships • Assisting in reaching higher levels of electronification while optimizing processes around residual paper-based payments • Tools and analytics to proactively manage treasury-wide liquidity and funding strategy • Industry expertise and advise on next generation of development in financial and treasury related processes • Understanding and leveraging emerging consumer behavior to create bundled offerings like mobile top up or consumer directed payments • Offering innovative solutions for all evolving payment needs along the entire paper to electronic payments spectrum from traditional check disbursements to virtual payments • Cooperation: access market-ready platforms, product capabilities and a globally connected network and proven expertise • Extend participation beyond treasury & operations to procurement and HR • Collaborative innovation with evolving risks in m-commerce, secure digital identity, prepaid services and virtual payments paradigm

  23. Case Study The Direct and Secondary Impact of Fraud

  24. International check payments for a major public sector entity were intercepted at a mail vendor and tampered to fraudulently withdraw funds • Innovate to stay one step ahead of counterfeiters • Measures like beneficiary name matching has been very successful in filtering fraudulent cases • Communicate and exchange information with external vendors • Daily reconciliation with external vendors • Regular internal audits and reviews • Plan comprehensively for recovery • Establish, Review, and Improve recovery plans in all locations taking the local regulations into account • Create internal measures for quick identification and priority processing for recovery related to fraud International Checks Fraud What went wrong? • A crime ring infiltrated a postal vendor in the UK • They were able to identify and intercept pension payment mails • The names on the check were altered to fraudulently withdraw funds

  25. Conclusion

  26. Conclusions Regulatory environment is increasing the financial burden on Treasury Operations Risks to Treasury Operations are significant and are constantly evolving Fraud is increasing in sophistication New payment channels are also giving rise to new risks Banks can provide expertise to mitigate payments risk at a lower cost • Up-to-date information about regulation and compliance • Fraud prevention • Risk evaluation of payments systems • Technology and Innovation

  27. © 2010 Citibank, N.A. All rights reserved. Citi and Citi and Arc Design are trademarks and service marks of Citigroup Inc. or its affiliates and are used and registered throughout the world. In January 2007, Citi released a Climate Change Position Statement, the first US financial institution to do so. As a sustainability leader in the financial sector, Citi has taken concrete steps to address this important issue of climate change by: (a) targeting $50 billion over 10 years to address global climate change: includes significant increases in investment and financing of alternative energy, clean technology, and other carbon-emission reduction activities; (b) committing to reduce GHG emissions of all Citi owned and leased properties around the world by 10% by 2011; (c) purchasing more than 52,000 MWh of green (carbon neutral) power for our operations in 2006; (d) creating Sustainable Development Investments (SDI) that makes private equity investments in renewable energy and clean technologies; (e) providing lending and investing services to clients for renewable energy development and projects; (f) producing equity research related to climate issues that helps to inform investors on risks and opportunities associated with the issue; and (g) engaging with a broad range of stakeholders on the issue of climate change to help advance understanding and solutions. Citi works with its clients in greenhouse gas intensive industries to evaluate emerging risks from climate change and, where appropriate, to mitigate those risks. efficiency, renewable energy & mitigation

More Related