This year’s Sibos in London proved, yet again, that the payments industry is changing at breakneck speed – and the UK is at the forefront. Retail payments are already settled instantly in the UK through Faster Payments. Now, through innovations such as SWIFTgpi and SWIFT’s ‘gpi Instant’ – which recently saw a pilot cross border payment settle in just 13 seconds – cross border payments will also be settled in near to real-time.
The reduction in processing time is a leap forward in customer experience, but it is not without risks to operational stability and resilience. In her speech earlier this week, Victoria Cleland, the Bank of England’s Executive Director for Banking, Payments and Innovation, highlighted the need for organisations managing payment systems to strengthen incident management and to reduce major outages across CHAPS – the Sterling real-time settlement system now under the Bank’s watch. As cross-border payment becomes more seamless and instant, it is likely that regulators globally will expect banks to pay similar attention to their own payments infrastructure, and accordingly implement a robust operational risk framework around it.
Meeting the symbiotic challenge of innovation and resilience requires sophisticated technology upgrades and data harmonisation, and firms’ understanding of associated risk management must keep in step with upgrades in the payments industry. Three particular risk considerations for the payments industry in the year ahead stand out:
The use of Cloud technology: The benefits of moving data from costly, legacy on-premises infrastructure onto more agile Cloud-based solutions offer banks flexible scaling capabilities and advanced analytics tools. However, understanding the associated risk landscape and implementing a tailored, robust controls framework is critical, particularly when dealing with sensitive client data.
Financial crime considerations: Transparency in payments is essential for financial institutions to meet their sanctions and anti-money laundering obligations, as well as to prevent criminals from using payment systems for transferring illegal funds. Knowing who is ultimately receiving and sending funds forms an essential part of dealing with money laundering and terrorist financing – the more complex or global the payment chain, the easier it is for this data to get ‘lost’.
Global payments messaging standardisation: The last piece of the jigsaw is the introduction of ISO20022 – a global standard for payment messaging and data requirements. This offers a global common language for payments and enables greater innovation, transparency, and resilience in the settling of payments. However, the scale and complexity of change will pose significant operational challenges just as the industry shifts towards seamless and instant global payments.
This should not be a cause for alarm. Instead, banks should view the implementation of ISO20022 as an opportunity to examine their strategic architecture. Going down the tactical route and opting to convert existing message formats into ISO and vice versa at entry/exit points is an attractive option, but consideration must be given to the benefits associated with going full ISO-compliant. This more wholesale approach provides further revenue-generating opportunities, as well as improved financial crime and cyber risk monitoring capabilities.
The banks who are most nimble and strategic in their approach will see the advantages that the richer data sets and standardised messaging format offer: greater transparency and reliability of data affords the opportunity for more forward-looking approaches to the way payment risks might be identified and managed in the future. There will also be opportunities to save costs in the back office by improving straight-through-processing (STP) rates and reducing manual payment investigations.
To stay ahead of the curve, banks need to give payments risk the same attention as they do to more traditional types of risk. Trying to shoehorn their current risk strategy, controls frameworks and technology to fit the ever-changing demands on their infrastructure will not be enough. Banks need to understand the ever-developing payments environment and adapt their approach to payments risk accordingly.