Booklet: Retail Payment Systems Section: Retail Payment Systems Risk Management Subsection:

Previous Subsection Table of Contents Next Subsection

Action Summary

From the initiation of a retail payment transaction to its settlement, financial institutions are exposed to certain risks. For individual retail payment transactions, risk resulting from compliance issues and potential operational failures, including fraud, is always present. Operational failures can increase costs, reduce earnings opportunities, and impair an institution’s ability to reflect its financial condition accurately. Participation in retail payment systems may expose financial institutions to credit, liquidity, and operational risk, particularly during settlement activities. In addition, a financial institution’s credit, liquidity, and operational risk may be interdependent with payment system operators and third parties.

The board of directors is responsible for PSR policy compliance and should ensure management establishes sound internal operating practices, including compliance with applicable banking laws and carefully managing retail payment system-related financial risks. At a minimum, a financial institution’s board of directors should:

The failure of any payment system participant to provide funding for settlement may precipitate liquidity or credit problems for other participants, regardless of whether they were party to payments to or from the failing participant. Operational and credit risk can also contribute to legal (compliance) risk if financial institutions do not follow prescribed regulations and clearinghouse and bankcard association rules and bylaws. In addition, financial institutions have significant reputation risk if they do not correct deficiencies.

Risk profiles vary significantly based on the size and complexity of the financial institution’s retail payment system products and services, information technology infrastructure, and dependence on third parties. All financial institutions should maintain an effective internal control environment commensurate with the level of retail payment products and services they offer. Effective internal controls should include the financial, accounting, technical, procedural, and administrative controls necessary to minimize risks in the retail payment transaction, clearing, and settlement process. These measures reduce operational and credit risks, ensure individual transactions are valid, and mitigate processing and other errors. Effective controls also ensure supporting information technology systems and network infrastructure promote retail payment transaction integrity, confidentiality, and availability.

Financial institutions engaging in retail payment system services should be aware of the risks inherent in the activity. Even newer, Internet-based, electronic services have substantial credit and operational risks. Financial institutions should be cognizant of the reputation and strategic risk of newer services, which may lack consumer acceptance. Often, participants will also face uncertainty regarding how state and federal laws and regulations will apply to new payment systems.

Financial institutions have always offered a variety of retail payment services. Advances in information technology continue to expand the variety of services. The industry trend is moving from traditional paper-based transactions to all-electronic transaction services. The newer electronic services increasingly rely on information and network technology, which require financial institutions to develop strong risk management practices.

Financial institutions should establish internal risk management systems that are commensurate with the size and complexity of their operations. The systems should be capable of evaluating operational risk exposure and the effectiveness of current controls.

Previous Subsection Table of Contents Next Subsection           Home IT Booklets Glossary Resources Presentations