Payments risk has never been more important to WesPay’s members than it is today. Challenging operational issues, complex regulatory changes, and more sophisticated fraud scenarios impact all of us. Understanding payments risk and mitigating for those potential risks are essential strategies for successful financial institutions.
Because staying informed about risk issues, best practices, and controls can be challenging, WesPay has developed a comprehensive risk section for members. WesPay’s educational and publication risk resources, industry articles, and tools are all identified. As you continue to refine and update your risk strategy, check here for the latest industry best practices and information.
Types of Risk
There are many types of payments risk that can affect any financial institution. The definitions for seven of the most common types of risk are provided here.
Criminal misuse occurs when someone (either internal or external to an organization) obtains consumer or business data that is used for personal gain. Examples of criminal misuse/fraud include:
- Data breaches
- Identity theft
- Unauthorized access to a computer or data base in order to disrupt daily activities
- New account fraud
Operational Risk results from compromised internal controls, processes, people, or systems. Operational Risk can occur as a result of an external event or internal failure. The term covers a number of activities specific to financial institutions, including:
- Lack of adequate controls for new and existing customers
- Poor employment practice controls
- Damage to a physical asset from a natural disaster or other event
- Disruption of the business due to a system failure
- Failed transaction process management
- Failure of a business partner or vendor
Regulatory Risk results from a failure to comply with the standards and codes of conduct applicable to the banking organization’s business activities and functions. While ignoring regulations and applicable laws may not result in a financial loss for the institution, a failure to comply with established banking regulations leaves the institution open for increased risk and fraudulent activities (both internal and external) and regulatory sanctions.
Credit Risk is the possibility of a loss that occurs due to a failure of a partner, vendor, customer, or other third party who fails to meet a contractual debt obligation or agreement. Credit Risk also is called “credit exposure.”
Competitive Risk is the inability of a financial institution to provide expected services and products. A failure to provide these services can result in lost market share to more aggressive peers and potential nonbank competitors.
Reputational Risk is the probability of a loss of customers resulting from a decline in a financial institution’s reputation. Reputational risk is often discussed when an institution has had a data breach leading to criminal misuse, an operational risk that jeopardizes customer information or funds, or a credit problem resulting from credit default. When problems occur, customers lose confidence in the institution and may move accounts and assets to institutions without such problems.
Systemic Risk is financial system instability caused by factors that affect an entire market segment. It implies the risk of collapse of an entire financial system or entire market, as opposed to a risk associated with one specific entity or group. It can be potentially catastrophic since it involves complex relationships and interdependencies in a system or market. For example, the failure of a large financial institution or payments aggregator could cause a cascading failure, which could potentially bankrupt or bring down the entire system or market.