This week's blog features an interview with Devon Marsh, senior vice president and treasury management risk manager at Wells Fargo Bank, N.A. We asked Devon about his thoughts on managing risk in electronic retail payments today.

Devon, retail payments are growing increasingly more complex, creating challenges for risk managers in financial institutions. We know that many of the traditional "tried and true" control processes can still be effective in today's changing environment and understand you are a proponent of compliance checklists as a primary risk management tool for your bank. Tell us a little more about why you value the checklist process.

In more than 1,000 landings as a naval aviator, I never once made a gear-up landing. I don't think I even came close to forgetting the landing gear, but I didn't take any chances. I used a checklist every time I landed. The checklist was necessary not because lowering the landing gear is difficult to remember—of course the gear needs to be down to land! It was necessary because any discrete task—even an important one—can be easy to forget. For this reason we see pilots use checklists all the time on television and in movies to ensure completion of important tasks. We even probably consider the use of checklists to be a defining characteristic of a cockpit environment. But aviation is not the only field in which people can benefit from checklists.

I recently read a new book titled The Checklist Manifesto, by Dr. Atul Gawande. Dr. Gawande is a surgeon and regular contributor to The New Yorker magazine. He has written two previous books based on the practice of medicine that provide useful lessons on risk management and process improvement. His new book offers compelling statistical evidence on how the use of simple checklists cuts down on critical errors.

A key example in The Checklist Manifesto recounts the development of a checklist to guide the procedure for inserting a central intravenous line in intensive care patients. The steps include elementary items such as handwashing. Because its content was so basic, the checklist was initially met with scorn by many practitioners. Nevertheless, consistent use of the checklist dramatically reduced central line infection rates and deaths in ICU wards where it was implemented.

This example seems particularly relevant in financial services since significant problems are often avoided through simple yet proactive control processes. Can you draw some parallels to a checklist that might be effective in ACH processing and describe how it might work?

That's right. Errors in payment processing seldom cost lives the way medical errors might, but they can be as costly as a lost or damaged aircraft. For this reason, I believe the checklist concept has great applicability for many of the risks we address in processing payments. For example, an electronic payment checklist for ACH might help payment originators comply with rules and regulations, avoid human errors, and reduce fraud. A basic electronic payment checklist might include 10 steps.


Electronic Payment Checklist
check box 1. Authenticate the receiver or requester.
check box 2. Confirm validity of authorization.
check box 3. Verify account number of receiver or beneficiary.
check box 4. Verify routing number of receiver or beneficiary.
check box 5. Confirm effective date of transaction.
check box 6. Confirm payment-related information.
check box 7. Confirm sufficient funds in funding account.
check box 8. Obtain internal approval for transaction.
check box 9. Initiate transaction.
check box 10. Confirm transaction.

Some of the steps are required by rule or by law, while others are simply necessary to route the transaction appropriately. When any one of the steps goes wrong, the resulting error decreases the efficiency of the payment process. It can even cause the entire transaction to be misrouted, possibly without an opportunity for recovery. The eighth step in this checklist is particularly important because it represents a traditional fraud mitigation method called "dual control." This traditional method has proven effective in mitigating the risk that outside entities will attempt to initiate or change a company's transactions by using the credentials of internal employees.

The final step in the checklist, confirming the transaction, is one that is frequently overlooked. It makes sure the financial institution receives the transaction that the initiator intended. This step is critical to ensure a payment has been positively handed off to the next participant in the processing flow.

It is interesting that such a simple control mechanism can still be effective. Why do you think some of the steps you’ve outlined in this checklist get overlooked?

Its utility rests on the fact that creating an ACH transaction involves a series of steps, any one of which can be missed or performed incorrectly. Consistent use of a checklist may help those who initiate payments to ensure each transaction complies with rules, is free of processing errors, and is received by the intended recipient. Financial institutions should consider sharing compliance checklists with customers who initiate payments through the ACH. In the world of payments, these are the elements of a smooth landing.