Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
March 8, 2010
Smooth landings for payments call for a checklist
This week's blog features an interview with Devon Marsh, senior vice president and treasury management risk manager at Wells Fargo Bank, N.A. We asked Devon about his thoughts on managing risk in electronic retail payments today.
Devon, retail payments are growing increasingly more complex, creating challenges for risk managers in financial institutions. We know that many of the traditional "tried and true" control processes can still be effective in today's changing environment and understand you are a proponent of compliance checklists as a primary risk management tool for your bank. Tell us a little more about why you value the checklist process.
In more than 1,000 landings as a naval aviator, I never once made a gear-up landing. I don't think I even came close to forgetting the landing gear, but I didn't take any chances. I used a checklist every time I landed. The checklist was necessary not because lowering the landing gear is difficult to remember—of course the gear needs to be down to land! It was necessary because any discrete task—even an important one—can be easy to forget. For this reason we see pilots use checklists all the time on television and in movies to ensure completion of important tasks. We even probably consider the use of checklists to be a defining characteristic of a cockpit environment. But aviation is not the only field in which people can benefit from checklists.
I recently read a new book titled The Checklist Manifesto, by Dr. Atul Gawande. Dr. Gawande is a surgeon and regular contributor to The New Yorker magazine. He has written two previous books based on the practice of medicine that provide useful lessons on risk management and process improvement. His new book offers compelling statistical evidence on how the use of simple checklists cuts down on critical errors.
A key example in The Checklist Manifesto recounts the development of a checklist to guide the procedure for inserting a central intravenous line in intensive care patients. The steps include elementary items such as handwashing. Because its content was so basic, the checklist was initially met with scorn by many practitioners. Nevertheless, consistent use of the checklist dramatically reduced central line infection rates and deaths in ICU wards where it was implemented.
This example seems particularly relevant in financial services since significant problems are often avoided through simple yet proactive control processes. Can you draw some parallels to a checklist that might be effective in ACH processing and describe how it might work?
That's right. Errors in payment processing seldom cost lives the way medical errors might, but they can be as costly as a lost or damaged aircraft. For this reason, I believe the checklist concept has great applicability for many of the risks we address in processing payments. For example, an electronic payment checklist for ACH might help payment originators comply with rules and regulations, avoid human errors, and reduce fraud. A basic electronic payment checklist might include 10 steps.
|Electronic Payment Checklist|
|1. Authenticate the receiver or requester.|
|2. Confirm validity of authorization.|
|3. Verify account number of receiver or beneficiary.|
|4. Verify routing number of receiver or beneficiary.|
|5. Confirm effective date of transaction.|
|6. Confirm payment-related information.|
|7. Confirm sufficient funds in funding account.|
|8. Obtain internal approval for transaction.|
|9. Initiate transaction.|
|10. Confirm transaction.|
Some of the steps are required by rule or by law, while others are simply necessary to route the transaction appropriately. When any one of the steps goes wrong, the resulting error decreases the efficiency of the payment process. It can even cause the entire transaction to be misrouted, possibly without an opportunity for recovery. The eighth step in this checklist is particularly important because it represents a traditional fraud mitigation method called "dual control." This traditional method has proven effective in mitigating the risk that outside entities will attempt to initiate or change a company's transactions by using the credentials of internal employees.
The final step in the checklist, confirming the transaction, is one that is frequently overlooked. It makes sure the financial institution receives the transaction that the initiator intended. This step is critical to ensure a payment has been positively handed off to the next participant in the processing flow.
It is interesting that such a simple control mechanism can still be effective. Why do you think some of the steps you’ve outlined in this checklist get overlooked?
Its utility rests on the fact that creating an ACH transaction involves a series of steps, any one of which can be missed or performed incorrectly. Consistent use of a checklist may help those who initiate payments to ensure each transaction complies with rules, is free of processing errors, and is received by the intended recipient. Financial institutions should consider sharing compliance checklists with customers who initiate payments through the ACH. In the world of payments, these are the elements of a smooth landing.
- In Payments, What I Say May Not Match What I Do
- Organizational Muscle Memory and the Right of Boom
- Remote Card Fraud: A Growing Concern
- Three Views of Noncash Payments Fraud
- An Ounce of Prevention
- Safeguarding Things When They’re All Connected
- Racing Ahead in the Wireless Space
- Insuring against Business Email Compromise Fraud
- The Case of the Disappearing ATM
- The First Step in Risk Management
- November 2018
- October 2018
- September 2018
- August 2018
- July 2018
- June 2018
- May 2018
- April 2018
- March 2018
- February 2018
- account takeovers
- ATM fraud
- bank supervision
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- online retail
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workplace fraud