Risk Management

Featured Risk White Paper

Current Issues in Payments Risk Management This white paper is a look at current payments risk management topics as identified by members, and weaves information from the WesPay survey, the Symposium discussion, and information from the WesPay ACH Self-Audit Guide. Download White Paper ALSO: Appendix A - Complete list of questions and answers to the risk survey used in this white paper (XLSX)

Types of Risk

There are many types of payments risk that can affect any financial institution. The definitions for seven of the most common types of risk are provided here.

Criminal Misuse/Fraud

Criminal misuse occurs when someone (either internal or external to an organization) obtains consumer or business data that is used for personal gain. Examples of criminal misuse/fraud include:

• Data breaches
• Identity theft
• Unauthorized access to a computer or data base in order to disrupt daily activities
• New account fraud

Operational Risk

Operational Risk results from compromised internal controls, processes, people, or systems. Operational Risk can occur as a result of an external event or internal failure. The term covers a number of activities specific to financial institutions, including:

• Lack of adequate controls for new and existing customers
• Poor employment practice controls
• Damage to a physical asset from a natural disaster or other event
• Disruption of the business due to a system failure
• Failed transaction process management
• Failure of a business partner or vendor

Regulatory Risk

Regulatory Risk results from a failure to comply with the standards and codes of conduct applicable to the banking organization’s business activities and functions. While ignoring regulations and applicable laws may not result in a financial loss for the institution, a failure to comply with established banking regulations leaves the institution open for increased risk and fraudulent activities (both internal and external) and regulatory sanctions.

Credit Risk

Credit Risk is the possibility of a loss that occurs due to a failure of a partner, vendor, customer, or other third party who fails to meet a contractual debt obligation or agreement. Credit Risk also is called “credit exposure.”

Competitive Risk

Competitive Risk is the inability of a financial institution to provide expected services and products. A failure to provide these services can result in lost market share to more aggressive peers and potential nonbank competitors.

Reputational Risk

Reputational Risk is the probability of a loss of customers resulting from a decline in a financial institution’s reputation. Reputational risk is often discussed when an institution has had a data breach leading to criminal misuse, an operational risk that jeopardizes customer information or funds, or a credit problem resulting from credit default. When problems occur, customers lose confidence in the institution and may move accounts and assets to institutions without such problems.

Systemic Risk

Systemic Risk is financial system instability caused by factors that affect an entire market segment. It implies the risk of collapse of an entire financial system or entire market, as opposed to a risk associated with one specific entity or group. It can be potentially catastrophic since it involves complex relationships and interdependencies in a system or market. For example, the failure of a large financial institution or payments aggregator could cause a cascading failure, which could potentially bankrupt or bring down the entire system or market.