technology assigned risk pay online

773-777-1040

You can only mail a check to : Technology Assigned Risk PO BOX 93833 CLEVELAND, OH 44101

overnight address:

Technology Assigned Risk

800 Superior Ave East, 21st Floor

Cleveland, OH 44114  

If you have any questions please call (877) 882-1305

KPMG Personalization

Transforming Technology Risk

Managing technology risk to help build stakeholder trust

• Share Share close
• Download Transforming Technology Risk pdf Opens in a new window
• 1000 Save this article to my library
• View Print friendly version of this article Opens in a new window
• Go to bottom of page
• Home ›
• Insights ›

Most organizations are modernizing their critical information technology — to help improve the customer experience, replace aging software, shift work to the cloud or adopt artificial intelligence systems. Adding to the challenges are evolving regulations, changing customer behaviors, the concept of data as an asset and employee expectations for flexible technology tools to use in a more virtual workplace. Technology risk and compliance need to adjust to this new reality. 

The future of risk is shifting away from a regulatory-driven ‘protect agenda’ to one where businesses leverage risk to enable organization-wide growth and optimization. Boards and shareholders are looking for technology risk teams to be strong partners with the business, utilizing regulatory-focused investments to drive business results. This presents an opportunity for technology risk teams to work more closely with the business and help drive toward an environment with more proactive monitoring and automated controls to address risk events as close to real-time as possible.

This report identifies the key areas technology risk leaders should prioritize to help shape their organizations for the business challenges of today — and tomorrow.

Download PDF (1.02 MB) ⤓

Seven steps toward technology risk transformation

Due to emerging technology risk and regulatory and governmental compliance mandates, large organizations require a holistic risk approach that accelerates strategic value realization and competitive advantage. The goal is an operational risk model built for the accelerated rate of technology change that addresses an organization’s appetite for risk while offering increased opportunities for value creation.

Successful technology risk transformation can enable organizations to increase trust by enhancing risk management—simultaneously reducing the likelihood and severity of adverse outcomes more commercially and transparently.

By gaining these capabilities, the role of the risk function will move beyond a defense-only, reporting-centric activity to a trusted partner that delivers proper safeguards and improves the likelihood of successful implementation and execution of a strategy in line with investor risk appetite.

Digital applications are now providing businesses with a tremendous amount of data, which is used as an asset, to create business value to differentiate product offerings.

The benefit of having structured data is that you can pivot from monitoring controls once or twice a year to monitoring them continuously to uncover those anomalies and events that need attention much faster. Then on the more technical side, there are advanced monitoring solutions around firewall rules and network access controls that can alert risk when there is a policy violation, and risk professionals need to act.

ESG transformation is not without risks, as it requires a paradigm shift involving regulatory obligations, new business models, consideration of new environmental and social performance metrics in decision-making and increased systemic risks to resources.

To effectively manage risks on your sustainability journey, consider these four key elements.

• Internal control: Beyond the statutory obligations, internal control is a way to leverage your ESG transformation. The assurance you can provide is critical for your activity and business partners.
• Process and Governance:  Governance body and operational processes required.
• for your ESG reporting are to be defined at the early stages of your ESG project.
• Tools and data:  Data is the foundation of ESG reporting. It should be the first element to secure before starting any transformation program. ESG tools support data collection, internal control monitoring and ESG reporting.
• Third parties:  Many IT third parties are involved in the production process and in the monitoring of non-financial reporting elements (data collection, analysis, production of KPIs). Obtain and provide assurance on the internal control of these technological third parties.

Leaders should determine what skills reside on their teams, build a plan to fill in the gaps, and provide training to encourage professional growth and advancement that can include rotations in and out of the risk department.

Equally important is making sure employees are cared for so they don’t burn out. Technology risk can look to a trusted co-source provider that can supply the right subject matter expert with the right skill set when the organization needs it.

Finally, intelligent automation is an option that is gaining traction in risk functions. The technology has advanced tremendously, and digital or virtual agents can carry out increasingly sophisticated tasks.

Adoption of new technologies can be an opportunity for the risk function to take a step back and reassess controls and environments to ensure their knowledge of emerging technology is keeping up. Do you have the right controls to mitigate these new risks, and are you taking advantage of pervasive controls across these new technologies?

Technology risk must adapt quickly and effectively to keep up with the organization’s evolving strategy, business and operating models. To help with this journey, here are some recommendations to consider.

• Clearly understand the business strategy purpose and values and how a change would address those issues: Try not to force the technology requirements before understanding the business requirements. Understand your vision and business objectives before vision and business objectives before designing new operating models and adopting new risk technologies.
• Start small: Launch a pilot with limited scope to get a quick win and gain internal support.
• Leverage agile approaches: Complete work in sprints to provide flexibility in scope coverage and allow for more real-time reporting and response.
• Engage with key stakeholders up front and throughout the rollout of your program: Understand which customers and partners are prioritizing digital trust and transparency. Do some campaigning at the start. Make sure people are on the same page with you and get their feedback and recommendations. Then, when you get the entire stakeholder group together, have the benefit of the insights from that whole team.

Jill Farrington

Service network leader, technology risk, kpmg us, connect with us.

• Find office locations kpmg.findOfficeLocations
• Email us kpmg.emailUs
• Social media @ KPMG kpmg.socialMedia
• Request for proposal

Related content

Discover how leaders are securing value by navigating uncertainty with confidence.

Global IT Internal Audit outlook

2023 KPMG Cloud Transformation Survey

Manage IT risks for business continuity and regulatory confidence.

The right technology, implemented properly, appropriately managed and monitored, can le...

Transforming for a future of value

Connected. Powered. Trusted. Elevate. KPMG firms' suite of business transformation technology solutions can help you engineer a different future – of new opportunities that are designed to create and protect value.

KPMG’s customer centric, agile approach to digital transformation, tailored by sector

Be the competition that others want to beat — with outcome-driven functional transformation made possible by KPMG Powered Enterprise.

Be the competition that others want to beat — with outcome-driven functional...

Build and sustain the trust of your stakeholders.

Unlock financial value quickly and confidently.

• Aerospace Overview
• Light Aircraft
• Construction
• Entertainment
• Financial Institutions
• Food and Agriculture
• Higher Education
• Life Sciences
• Manufacturing
• Nonprofit Overview
• Affordable Housing Insurance and Consulting for Nonprofits
• Human Services Consulting
• Showguard™ Event Insurance
• PEO and Temporary Staffing
• Private Equity and M&A
• Public Sector & K-12 Education
• Real Estate and Hospitality
• Restaurants
• Senior Living
• Transportation
• Alternative Risk & Captives
• Business Continuity Planning and Resiliency Services
• Claims Overview
• Commercial Lines Claims Contacts
• Small Business Lines Claims Contacts
• Home and Property Lines Claims Contacts
• Claims Management & Advocacy
• Claims Management and Third Party Administration
• Commercial Surety Bonds
• Construction Bonds
• Credit and Political Risk
• Crisis Resilience Insurance & Consulting
• Data and Analytics
• Enterprise Risk Management
• Environmental
• Executive and Financial Risk
• Global Risk Management
• Loss Control
• Multinational Services Overview
• Asia Pacific
• Personal Lines
• Product Recall
• Reinsurance
• Small Business
• Supplier Diversity
• Workers Compensation
• Insurance and Risk Management Webinars
• Compensation Consulting and Total Rewards Programs
• Compensation Survey Reports
• Compliance Consulting Overview
• Healthcare Reform Toolkit
• Diversity, Equity and Inclusion (DEI) Consulting
• Employee Communications Consulting
• Engagement Solutions
• ESG Consulting
• Executive Benefits
• Executive Compensation Consulting
• Executive Search Overview
• Executive Career Opportunities
• Health and Welfare Consulting
• Healthcare Analytics Consulting
• Human Resources and Compensation Consulting Overview
• Meet the Human Resource Compensation Consulting Team
• Human Resources Consulting
• Human Resources Technology Consulting
• Individual Life and Wealth Consulting
• Investment and Fiduciary Consulting
• Leadership Advisors
• Multinational Benefits and HR Consulting
• Pharmacy Benefit Management Consulting
• Physical and Emotional Wellbeing Consulting
• Physician Compensation and Valuation
• Research and Insights
• Retirement Plan Consulting

Voluntary Benefits Consulting

• News & Insights
• Investor Relations
• Our Purpose
• Executive Team
• The Gallagher Way
• Gallagher Companies
• Recognition & Awards
• How We Work Overview
• Mission Statement
• Gallagher Better Works
• Tools and Applications
• Merge with Gallagher
• Gallagher Global Network
• Office Locations
• Partnerships
• Inclusion and Diversity
• Global Standards
• Compensation Disclosure

Technology Insurance

Specialized risk management and coverage so you can scale and innovate, how can we help you request a call back., start your journey today..

From privacy breaches to ever-evolving cyber attacks, phishing, and an ever changing regulatory environment, risk is everywhere in the technology sector. Gallagher's technology insurance, consulting and risk management solutions will minimize your exposures so you can focus on innovation and scaling for your success.

Gallagher's technology practice addresses your unique needs with:

• A dedicated technology broking unit led by experienced professionals and subject matter experts for all coverage lines
• Access to an extensive global network of technology-specific carriers that have best-in-class service models with technical insurance expertise
• Experience managing complex and international business risks by leveraging actionable industry insights
• Unique and out-of-the-box risk transfer solutions for growing technology businesses
• Comprehensive mergers and acquisitions support
• Industry-specific risk transfer advice and contract reviews

Experienced in innovation. Committed to listening.

While the technology industry has made historic progress over the past three decades, so too have the vulnerabilities many companies face. Gallagher can identify those unique areas of risk for your organization and outline a suite of solutions and coverages to effectively mitigate or transfer those risks to a third-party insurance carrier or other financial provider.

Gallagher's global technology team is one of the most experienced in the industry, serving a client base of more than 2,000 tech companies, from small shops to large corporations. Our technology broking team has the experience and a dedicated client-focused model to ensure you receive a custom solution backed by cutting-edge industry knowledge.

Helping you effectively navigate technology risk exposures

Whether you're a designer, manufacturer or distributor of technology, we're equipped to build comprehensive insurance and risk management solutions for your business. We take a analytics-driven approach to uncover gaps and misaligned coverage. We can then develop risk management programs that meet the sometimes uncharted and unexpected world of technology. We provide solutions for:

• Electronic components manufacturers
• Medical device companies
• Software and software-management platforms
• Data security providers
• Internet search, auction and advertising companies
• Biotechnology and life sciences
• Government contractors
• Shared economy
• IT and technology supply chain
• Semiconductors
• Technology transportation and stock throughout policies
• E-commerce organizations
• Telecommunication providers, hardware and software

Comprehensive solutions configured to meet your needs

Our technology insurance, consulting and solutions cover everything from global production and manufacturing issues to sabotage and cybersecurity risks, as well as governmental requirements and restrictions. Through our global network and connections, we select lines of coverage specifically to meet the needs of the technology field and their related industries.

We offer a range of proprietary products and processes for the technology sector, and our team will design a package with your success in mind. Some of our offerings include:

• Technology Insurance and Risk Solutions
• Technology Risk Mitigation Consulting
• Cyber Liability/Technology Errors and Omissions
• Management Liability (D&O, EPL, Fiduciary, Crime, Special Risk)
• Property and Casualty
• Workers' Compensation
• International coverage placement and coordination
• Intellectual Property
• Business Interruption
• Certificates of insurance
• Risk transfer and alternative risk financing mechanisms
• Reps and warranty insurance
• Captive and rent-a-captive programs
• Contract review
• Risk identification, mitigation, quantification and risk gap analysis
• Benchmarking and quantities analytics
• Objective modeling to help forecast and mitigate risks
• Improve overall culture with employee engagement tools
• Claims consulting and advocacy
• Specialized loss-control services
• Manuscript policy development
• Cyber risk assessments
• Merger and acquisition consulting

Meet the technology team

Damion Walker

Managing director, technology.

• San Francisco, CA

Technology Summary

• Breadth of coverage options for established and emerging technology
• Data powered insights for overall better risk mitigation and coverage
• Custom solution backed by cutting-edge industry knowledge

Related Products & Services

Cyber liability.

Your networks and data are the lifeblood of your business. Cyber liability insurance from Gallagher lowers the pressure and keeps it flowing.

Management Liability

Invest in the person. Protect the executive and the organization.

The Voluntary Benefits Consulting practice helps you select the benefits that attract and keep top talent.

Related News & Insights

Stay connected with the company that’s connecting the dots with what’s happening in the industry and around the world.

“Marriage Counseling” Can Save an HR Tech Business Relationship

Avoid the 5 worst pitfalls when designing sales compensation, ai and your people: changing times call for changing measures.

Preference Center

Gallagher Preference Center

Receive exclusive Gallagher publications, webinars, bulletins and more to help your organization face the future with confidence.

Start your journey with us today.

Technology Risk

We offer assurance technology assessment and attestation services, fostering audit quality and instilling confidence and trust in the adoption and implementation of emerging technology.

As companies accelerate the adoption of technology solutions in all aspects of their business, specialized knowledge of IT is integral to the execution of high-quality audits and the need to safeguard internal controls.

In Technology Risk, we assist in assessing risks, identifying gaps, mitigating audit risk and enhancing technology-related investments in support of a financial statement audit, audit of internal controls over financial reporting, Service Organization Control Reporting and other forms of attestation services.

These services enable companies to navigate digital complexities with confidence, making informed decisions for their business while promoting trust in the capital markets. 

How EY can help

It audit procedures.

The execution of high-quality information technology (IT) audit procedures and IT business processes in support of a financial statement audit and audit of internal controls over financial reporting creates the foundation of our commitment to protecting investors and the broader economy.

IT Audit services include:

• Integrated audit
• Financial statement audit

Service Organization Control Reporting and Attestation Services

An independent assessment is undertaken to test management’s assertion over business processes and controls in the IT audit environment and to test business process and controls against specific attestation and agreed-upon procedures (AUP) standards. We also assess internal controls around security, privacy, confidentiality, availability and processing integrity.

Attestation services include:

• SOC 1, SOC 2 and SOC 3
• SOC for Supply Chain/Cyber
• Agreed-Upon Procedures (AUP) Examination Reporting
• Digital Services Act (DSA) and Digital Markets Act (DMA) certification
• International Organization for Standardization (ISO) certification
• Cybersecurity Maturity Model Certification (CMMC)
• SWIFT certification
• Heath Information Trust Alliance (HITRUST) certification
• Trusted Information Security Assessment Exchange (TISAX) assessment
• Performance audits

IT system upgrades and implementation assessments

For companies continuing to invest in technology, it is essential to fully understand IT process risks and to proactively identify potential internal control gaps prior to a system upgrade or implementation.

IT pre- and post-upgrade and implementation assessment services include:

• Enterprise Resource Planning (ERP) assessments
• Consolidation tool assessments
• Governance, Risk, Compliance (GRC) program readiness

Cybersecurity

The rapid advancement of technology, coupled with an exponential rise in cyber threats, increases risk exposure to technology infrastructure.

EY teams can help identify the ways in which cybersecurity risks can impact IT audit processes, including financial reporting, business procedures and internal controls.

Technology risk cybersecurity services include:

• Cybersecurity program assessments
• Incident response tabletop simulations
• Breach response and analysis assessments
• Cybersecurity disclosure reporting support
• Vulnerability assessments 

Environmental, social and governance (ESG)

Investors, regulators and society at large are demanding more transparency on nonfinancial performance, especially regarding ESG issues. 

Technology Risk ESG services include:

• Internal controls pre-assessment
• Evaluations of non-financial systems implementation
• Data pre-assessments
• Gap analysis
• Peer benchmarking analysis

Assurance services

Assurance teams serve the public interest by promoting trust and confidence in business and the capital markets.

On the agenda (4)

Climate change and sustainability services, financial accounting advisory services, forensic & integrity services.

Like what you’ve seen? Get in touch to learn more.

Connect with us

Our locations

Do Not Sell or Share My Personal Information

Legal and privacy

Accessibility

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.

EY | Assurance | Consulting | Strategy and Transactions | Tax

EY is a global leader in assurance, consulting, strategy and transactions, and tax services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com.

© EYGM Limited. All Rights Reserved. 

EYG/OC/FEA no.

This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax, or other professional advice. Please refer to your advisors for specific advice.

Welcome to EY.com

In addition to cookies that are strictly necessary to operate this website, we use the following types of cookies to improve your experience and our services: Functional cookies to enhance your experience (e.g. remember settings), and  Performance cookies to measure the website's performance and improve your experience . , and Marketing/Targeting cookies , which are set by third parties, allow us to execute marketing campaigns, manage our relationship with you, build a profile of your interests and provide you with content or service offerings in accordance with your preferences.

We have detected that Do Not Track/Global Privacy Control is enabled in your browser; as a result, Marketing/Targeting cookies , which are set by third parties   that allow us to execute marketing campaigns, manage our relationship with you, build a profile of your interests and provide you with the content or service offerings in accordance with your preferences are automatically disabled.

You may withdraw your consent to cookies at any time once you have entered the website through a link in the privacy policy, which you can find at the bottom of each page on the website.

Review our  cookie policy  for more information.

Customize cookies

I decline optional cookies

JOIN MAILING LIST

Corporate Disputes

Risk & Compliance

Digital payments: managing risks in high-speed transactions

June 2021   |  TALKINGPOINT  |  BANKING & FINANCE

Financier Worldwide Magazine

June 2021 Issue

FW discusses digital payments and managing risks in high-speed transactions with Kristina Sanger, Kevin Dalvi and Jennifer Lucas at EY.

FW: Could you provide an overview of recent key trends in the digital payments ecosystem? How would you characterise the shift toward high-speed transactions, and the extent of their proliferation?

Lucas: The emergence and growth of digital payments players over the past 12 to 36 months have been staggering. Real-time payments, spurred by government sponsorship in some countries and adoption of innovative services in others, have moved forward to become more mainstream. In the US, we are seeing digital payment adoption across many use cases, such as buy now, pay later, contactless payments, and card not present, among others. It is apparent that global economies are moving past traditional-based economies, as digital expansion of front-end and back-end capabilities continues to accelerate.

Dalvi: The emerging shift toward digital payments is underscored by utility as users, and their networks, shift toward the digital model. The increased global adoption rate is not only driving new entrants and technology innovation into this space, but also forcing traditional financial institutions (FIs) to consider offering digital payments to address soaring customer demand. Heightened awareness and public discourse are fuelling this growth with emerging technologies, such as biometric authentication, mobile points of sale, smart speaker payments, and social media payments becoming embedded in everyday life.

Sanger: We expect that the trend of large global FIs offering digital payment services will continue to become more common as a mechanism for value transfer globally, given the access it provides to financial services for underserved communities. We are also starting to see many non-traditional organisations emerging as players in this space and disrupting traditional payment models, by creating their own payment capabilities or partnering with existing money service businesses (MSBs).

FW: Drilling down, how would you characterise the impact of the coronavirus (COVID-19) pandemic on accelerating digital payment trends?

Lucas: The volume of digital payments volumes has soared since the onset of the coronavirus (COVID-19) pandemic, generating as much as 10 years of growth in just four months. The trend has been spread across business-to-consumer, business-to-business and peer-to-peer spaces, and much of it appears poised to stick. The payments world is transitioning to digital-first and there is no turning back. Since the beginning of the COVID-19 pandemic, we have seen an acceleration of digital payments as contactless transactions skyrocket. Quick response becomes more prevalent as ‘touchless’ commerce becomes a necessity and manual back-office payables and receivables become more challenging in a work from home environment. While payment providers historically have focused on systems resiliency, the need for operational resiliency has become equally important.

Sanger: Payment providers are seizing on adoption rates as an impetus to accelerate digital projects, but significant challenges and risks remain. The move to digital requires stronger security, advanced authentication and better transaction decisioning. From a regulatory perspective, while COVID-19 has certainly changed the format of exams – all virtual – it has not dampened regulator interest in policymaking or enforcement around Bank Secrecy Act (BSA), anti-money laundering (AML) or Office of Foreign Assets Control (OFAC) sanctions. Regulators have been active through providing risk summaries and requests for comment and if anything, the COVID-19 pandemic and the remote nature of exams have reinforced the importance of communication with examination teams.

Dalvi: The COVID-19 pandemic has changed the way we live in many ways. It has certainly expedited the transition to the gig economy. The fate of the gig economy, where freelancers are connected with customers using digital platforms, seemed uncertain prior to the spread of COVID-19. While global electronic commerce and mobile delivery predated COVID-19, such conveniences moved from consumer habits to necessities. Practical use cases for rapid, borderless payments began to emerge as the world descended into lockdown. The pandemic led to the booming popularity of instant global commerce that is becoming somewhat reliant on digital payments. This phenomenon can be simultaneously viewed either as temporary or as a harbinger of a future world that necessitates the wider acceptance of digital payments.

“ Going forward, expect to see greater adoption of machine learning and artificial intelligence both for authentication and in risk management models. ”

FW: What kinds of risks are attached to digital payments processes, including high-speed transactions? How have these risks evolved in recent months?

Sanger: The money laundering and terrorist financing risks associated with digital payments vary greatly depending on the customers served, specific products and services offered, and geographic access available through the product. On the lower end of the risk spectrum, a low value, domestic automated clearing house (ACH) network payment between two US-based retail customers would typically be considered at lower risk of money laundering and terrorist financing because of the ability to ascertain customer identity and ‘follow the money’. On the higher end of the risk spectrum, digital asset transactions potentially allow for obfuscation of beneficial ownership, high velocity and a lack of geographic boundaries, particularly with the use of anonymising services.

Lucas: As payments become digital and real-time, fraud is on the rise, centred most notably on higher volumes of ‘card not present’ transactions and scams in the P2P arena. At the same time, providers with unsophisticated fraud prevention strategies were forced to adapt to changes in customer behaviours, such as buying 10 bottles of hand sanitiser at 3am. Going forward, expect to see greater adoption of machine learning and artificial intelligence both for authentication and in risk management models and the development of risk and analytical tools that can leverage big data in new and innovative ways.

Dalvi: While risks have evolved, the fundamentals remain very similar to traditional payment services. Credit risk remains when a party cannot provide the necessary funds for a settlement to take place. Liquidity risk remains where there is an inability to settle an obligation. Systemic risk has taken on a new form as the newly established networks and upstream and downstream dependencies evolve across these new platforms. We have certainly seen financial crimes and fraud risk face new challenges. Evolution of the techniques used by criminals means that compliance and risk professionals must continue to evolve in their use of innovative technology to identify and mitigate fraud and money laundering risk.

FW: How are regulators addressing digital payments in their oversight of the banking and finance industry?

Sanger: Regulatory expectation and oversight are evolving quickly with the changes to traditional payment overall – particularly in high value payments, real time payments, cryptocurrency and new product development. Payment processors, including peer-to-peer services, meet the definition of a ‘financial institution’ as MSBs and are therefore considered within scope of the requirements shared by the  Financial Crimes Enforcement Network (FinCEN) and other regulatory agencies, and subject to BSA/AML regulatory requirements. In January 2021, Congress enacted the National Defense Authorization Act (NDAA), further reinforcing its commitment to BSA/AML compliance. As it relates to digital asset payments, while the impact of this legislation is far from settled, the Act expanded the definitions within the BSA to incorporate digital payments into the BSA framework.

Dalvi: Globally, the Financial Action Task Force (FATF) has been active since 2014 in identifying the risks associated with digital assets. Most recently, in March 2021, draft FATF guidance has prompted concerns from industry players related to the expanded definition of virtual asset service provider (VASP), the FATF’s statements related to the risks associated with peer-to-peer transactions and additional requirements related to the FATF Travel Rule, which requires VASPs to collect and share identifying information about counterparties in transfers of $1000 or more. Financial industry regulators are focused on the risks associated with the wider adoption of digital asset payments and have increased efforts to evolve oversight capabilities.

Lucas: We expect to see the continued emergence of multi-agency examinations in payments. These examinations will be looking for end to end ownership of particular payment activities and risk, focusing on third-party risk management, resiliency, cyber and other vectors of risk that can affect payments. Regulators are also looking closely at emerging neo-banks that are being established for the underbanked. As more cash is taken out of society, the pressure will increase to provide services to those who do not have bank accounts. Regulators will continue to focus on this area and the risks it poses.

“ Financial industry regulators are focused on the risks associated with the wider adoption of digital asset payments and have increased efforts to evolve oversight capabilities. ”

FW: How important is for companies and payment intermediaries to view compliance with anti-money laundering (AML) and combatting the financing of terrorism (CFT) regulations as more than a standard, check-the-box risk mitigation exercise?

Sanger: AML compliance goes beyond a check-the-box exercise for payment processors and is fundamental to business growth and sustainability. Failures in this area can result in regulators preventing licensure and limiting business activities. Beyond the threat of regulatory action, many FinTechs and VASPs are in a period of rapid growth, and sound compliance and risk management practices are fundamental in building and maintaining customer trust and investor interest. With a complex global regulatory landscape that is rapidly changing, it is critical that FIs invest in taking these regulatory obligations seriously. It is important to embed risk appetite and AML obligations into business expansion plans and the offering strategy.

Lucas: The cost of an ineffective AML programme or regulatory findings has the potential for significant business repercussions, including increased regulatory scrutiny, negative financial impacts and amplified reputational risks. These all have the ability to not only cap business growth but also put an FI out of business.

Dalvi: It is imperative that digital payments industry participants embrace the spirit of AML and combatting the financing of terrorism (CFT) regulations, as this asset class is more susceptible to criminal abuse. Crimes such as child exploitation, human trafficking and elder abuse continue to plague our societies and are made possible through the misuse of our financial system. Business leaders must view AML/CFT compliance as a foundation for sustainable growth. Aside from the potential for regulatory action, criminal misconduct facilitated by indifference from payment providers can serve to delegitimise innovative payment products.

FW: In what ways can technology assist with managing risks in high-speed transactions? What advice would you offer to companies on assessing the solutions on offer?

Lucas: Real-time payments driven by technology means fraud checks, authentication, authorisations and data analysis cannot happen later – they have to happen in the moment. So, technology is completely integral to payment orchestration. We are also seeing application programming interface (API) connectivity between a bank and its customers proliferating, enabling payments to happen in a constant stream rather than in a bulk file format. One of the major benefits of real-time payments is the data – making information available about the payment, in real-time, to both the sender and receiver, is extremely valuable in providing certainty, so it is incredibly important to have digital channels and alert notifications in place. As this money moves in real-time, there is no batch processing – the technology throughput and ability to make decisions in real-time, whether it is a risk decision, limit decision or authorisation decision, will continue to be accelerated.

Sanger: Innovative, customer centric and frictionless technology is at the cornerstone of all successful payment processors. Customers expect a user-friendly experience not burdened by compliance requirements which has led to the use of new technologies to collect and verify identity. Compliance professionals must have some level of technology fluency in order to continuously evolve their programme to keep pace with the rapidly evolving nature of the payments business. FinTechs are not burdened by many of the issues facing traditional FIs, such as legacy systems, infrastructure built through acquisition and legacy customer interfaces.

Dalvi: Unlike cash payments, digital payments are backed by an electronic audit trail and, in some cases, as seen with digital asset payments on the blockchain, an immutable ledger that is publicly visible. As a result, advanced forensic software can identify illicit actors that transact digitally, and alert the involved FIs. Furthermore, the development of capabilities to detect electronic account access using malicious internet protocol addresses, such as Tor exit nodes, can help manage fraud incidents. Companies operating in the digital payments space should direct significant investment toward advanced analytical capabilities to properly manage risk. Failure to implement the available technology solutions can result in significant monetary losses and external scrutiny.

“ Innovative, customer centric and frictionless technology is at the cornerstone of all successful payment processors. ”

FW: What steps should companies take when designing and implementing an efficient solution to mitigate the risk of financial crime arising from high-speed digital payments? What are some of the typical challenges they need to overcome during this process?

Sanger: The foundation of a successful financial crimes compliance programme is a meaningful risk assessment that articulates the unique risks facing the business, defines the control environment and, most importantly, guides the business to areas of focus, aligning the firm’s activities with its risk appetite and identifying control gaps. Many payment processors in today’s environment are challenged with building and sustaining a compliance programme that can flex to large surges in customer demand, while managing cost. Business spend is typically focused on growth in these organisations and compliance must be accretive to this strategy, focusing on managing risk while promoting a positive customer experience.

Lucas: There needs to be a balance between frictionless, enjoyable customer experiences, and ensuring that compliance obligations are met. With the move to digital payments, customers expect an experience that includes fast onboarding to use the platform and payments that can be made immediately. These should be business priorities, but compliance obligations cannot be an afterthought. Finding that balance will be key going forward.

Dalvi: A key challenge for payment processors is managing risk for cross-border transactions that function as high-speed digital payments. Monitoring processes should prioritise efforts to adequately review, assess and detect any suspicious behaviour associated with these payments, moving away from traditional, rule-based scenarios. This is where some of the advanced technologies geared toward digital payment monitoring can make a difference and combat financial crime-related behaviour.

FW: How do you predict the digital payments landscape will unfold in the years ahead? Are companies sufficiently prepared to mitigate risk in a cashless society, or does more need to be done?

Dalvi: This truly feels like just the start of the digital payments landscape. Just as the internet revolutionised the world as we know it, the digital payments space looks to revolutionise finance. As it stands, almost every FI is currently having a conversation and mobilising on the topic, and every day FIs take a step toward further digitalising their payments ecosystems. In the years ahead, these products and services will be as embedded in society as physical cash is now. For example, we expect to see biometric authentication, a larger shift to both centralised and decentralised digital currencies, and contactless payments become commonplace. Companies are rapidly revamping their risk assessments to understand the risks associated with operating in this space and preparing to become a player. Just as fast as companies are looking to operate, we expect the same discipline to be followed when establishing a sound risk and compliance programme.

Sanger: Beyond the activity of digitally native firms, the expansion of traditional FIs, first into digital payment services and now into digital assets, demonstrates the shift that is happening toward a cashless society. One of the most significant challenges for risk and compliance professionals in this new world is the ability to attract and retain staff with an appreciation of the unique risks associated with the new products being offered, including digital assets. The ability to keep pace with product innovation is fundamental to the design of appropriate controls, technology enablers and a risk management programme that will sustain an evolving regulatory environment and business strategy.

Lucas: More needs to be done and will be done as more and more companies embrace fully digital and faster payments. From accounts payable and receivable to processes and communications in between, the years ahead will be critical in moving to a digital payment ecosystem. We expect that future innovation will drive future adoption, and we are excited to see what is to come.

Kristina Sanger is a lead principal supporting financial crimes compliance efforts across traditional and digital topics. Her work is focused on BSA/AML regulatory response, process improvement and the delivery of innovative solutions, leading to better business outcomes and increased regulatory compliance. She has worked closely with many of the industry’s largest banks, insurance providers, broker-dealers, FinTech and digital asset firms in the design and improvement of their BSA/AML and sanctions compliance programmes. She can be contacted on +1 (714) 258 6690 or by email: [email protected].

Kevin Dalvi leads EY Americas West region financial crime technology practice. He is experienced in designing innovative technology solutions for BSA/AML, know your customer, fraud, transaction monitoring, risk assessments, sanctions screening, financial investigations, unit transformations and other global regulatory compliance topics. He has a diverse technology and financial services background, helping build leading-edge solutions for many of the world’s largest companies, including banking and capital market, FinTech and digital asset clients. He can be contacted on +1 (415) 894 8595 or by email: [email protected].

Jennifer Lucas leads EY Americas payments consulting services. She is an industry veteran, blazing her trail through the emerging payments space. She is a driven innovator and visionary strategist in this space, holding several patents and authoring frequent thought leadership. She is passionate about the future of payments and a globally connected ecosystem. She can be contacted on +1 (704) 444 9821 or by email: [email protected].

© Financier Worldwide

THE PANELLISTS

Kristina Sanger

Kevin Dalvi

Jennifer Lucas

Ernst & Young LLP

Notice: Passwords are now case-sensitive

Register a new account, forgot your password.

Technology Insurance Named Assigned Risk Plan Carrier

Wednesday, november 15, 2017 | 1920 | --> 0, purchase this story for only $7.99 add to cart, for access to all of our articles, check out our subscription options ., related articles.

Introducing RemoteInsight - for unmatched insight into remote worker experience

Ebooks, guides, & reports • 13 min read, managing online payment risks in payment systems.

Written by IR Team

In the payments world, cash payments are almost universally being replaced by online payments. Businesses, Payment Service Providers (PSPs), financial institutions and other players in the digital payments space are all too aware of the constantly hovering shadow of online payment risk management.

Risk management is primarily concerned with the analysis, management and reduction of risk – from both a regulatory and an operational perspective in online payments. In every payments ecosystem, risk management measures are specifically designed and implemented to control, identify, understand, and mitigate those risks when they occur.

With digital payments now an accepted way of life, organizations need to understand how to mitigate risks while processing digital payments, particularly now with the added complexity of new fintech players in this already complex terrain.

Read our blog Top 6 Payments Trends Shaping 2023

What exactly is payment risk.

Payment risk refers to the potential of losses due to a contract default or other payment event such as fraud, security breaches or chargebacks. Companies regularly handling a high volume of online payments are subject to such risks.

The implementation of payment risk management strategies must be carefully balanced to avoid damaging a company's reputation. For example, it's important to correctly assess whether a transaction is actually legitimate, or an act of fraud. An incorrect evaluation either way can cause inconvenience, financial loss and major upheaval in the payment process.

Anyone in payment services knows that it's an on-going process managing the detection of suspicious activities and protecting their financial system from the likelihood of criminal misuse.

In this blog, we'll cover in more detail the ways in which businesses and other institutions in the digital payments and online payments space can mitigate the risks to consumers, as well as their own companies.

Defining Risk Appetite and Risk Tolerance

When comparing risk appetite vs risk tolerance, risk appetite focuses on the level of risk that an organization deems acceptable whereas risk tolerance focuses on the acceptable level of variation around those rules and risk objectives.

Within risk appetite parameters a business will not accept risks that could potentially result in a significant loss of its revenue base.

With risk tolerance , a business may, for example, decide not to accept risks that would cause revenue from its top 10 customers to diminish by more than 10%.

Online payment risk: the 3 most significant issues for financial institutions

In the payments ecosystem, the risk landscape is wide and varied, and can occur throughout many digital channels, as every online business is aware. The three key areas are:

Chargebacks

Card data security

Every business faces the risk of heavy financial loss due to wrongful or criminal activity, enacted either on their company or their customers. Now that real time payments and faster payments are being accepted globally, more sophisticated ways to carry out scams are emerging.

Additionally, with the increased competition from other market participants and non-traditional payment providers, fraudulent activity in all its forms is no longer confined to a single payment channel.

The risks of fraudulent activities are growing, and as payment channels become more complex and interconnected, every business has to work harder to manage it. Fraud risks occur in three main areas, where cyber-criminals will steal either personal property, money, or sensitive information.

Image source: Firstsixlastfour

Identity Theft – According to recent data , approximately one-third of US citizens have been victims of identity theft at some point in their lives. This is more than double the global average. Identity theft usually means online criminals steal personal information and banking details, and use the information to make purchases. 

Friendly Fraud – Also known as chargeback fraud, this refers to a purchase with a credit or debit card, then the customer disputing the charge with their bank, even if they don’t have a legitimate reason to do so.

Clean Fraud – This is one of the most challenging types of fraud facing an eCommerce business today, because it's one of the most difficult to detect. It refers to the act where a criminal uses a credit card to make a purchase by using stolen payment information to maneuver around a company's payment protocols and fraud detection systems.

3. Card Data Security

Cyber-criminal activity is becoming more sophisticated and protecting the security of personal data is one of the fastest growing risks in the payments business. One of the more vulnerable areas is card financial data that has been collected during the acceptance of card payments.

The Payment Card Industry Data Security Standard (PCI DSS) is a globally mandated institute standard adopted by banks and Card Schemes to increase the level of security to this type of data.  It deals with data leak prevention (DLP) and the exposure of credit card details and other sensitive information to the wrong parties. The PCI DSS has the power to regulate the storage of credit card databases

Read our blog Empowering merchants with the payments data they need

Best practices for digital payment risk management.

Malicious attacks against governments, companies, and business customers are increasing. In the 2021 Association of Financial Professionals Payments Fraud and Control Report , sixty-six percent of businesses said their companies experienced fraudulent check activity.

Below: A breakdown of the different types of payment methods experiencing fraud.

The payment market is currently flooded with payment options. Cash transactions are quickly being replaced by cards and contactless systems, mobile wallets and QR-based payment systems.

The future of the payment card industry is likely to be shaped by even faster developing technologies such as the rise of blockchain and artificial intelligence. These developments bring even more risk to the payment table, and will also impact management, marketing and financial planning. Risk management professionals will need to focus on strategies to plan for both short and long-term changes in the industry.

Implementing robust risk management involves proactively assessing threats and planning mitigation measures to minimize risk impact on a business. This can be done by taking the following steps:

Regular employee training

It should be part of the risk management process for any business to keep employees up to date with regular training, so that they can easily identify suspicious behavior across all payment technologies. For example, training sessions should teach employees not to accept damaged cards from customers, confirm the identity of customers, and never manually enter card numbers.

Being aware of unusual transaction activity

Unusually large purchases could potentially signify fraudulent activity. A business should scrutinize such transactions closely to determine and confirm the identity of customers. Other unusual activity for example, is a succession of purchases made with a card in a short time period, possibly indicating that someone other than the owner has access to the card.

Two-factor authentication 

Another way of mitigating payment risks, is for a business to add an additional layer of protection in the form of two-factor authentication, also commonly referred to as 2FA. This ensures those with online accounts are who they claim to be.

Customers are required to enter their username and a password, but instead of immediate access, they need to provide another piece of information to confirm their identity. It could be either:

Something you know, like a secret question, PIN or password

Something you have, such as a credit card, smartphone or token

Something you are, including biometric fingerprint, iris scan or voice identification.

Image source: Imperva

Tokenizing customer card data

Tokenization has been created to secure customers sensitive data by replacing it with an algorithmically generated number, referred to as a token. A customer’s primary account number (PAN) is replaced with a series of randomly-generated numbers, and this data can be securely passed through the internet or wireless network systems to process payments without exposing actual bank details.

Image source: Payments Industry Intelligence

Why managing payment risks is important today

It goes without saying that security within a payments infrastructure is paramount, otherwise all your payments could be at risk.

Proper risk management within the financial market empowers businesses, banks, financial institutions and PSPs with the necessary tools to identify and mitigate potential risks.

Read our guide RTGS for High Value Payments - Minimizing Risk with HVP Settlements

How ir can help.

As card transaction volumes and online payments continue to grow, banks, FIs, other financial services organizations and merchants need actionable insights to help make informed business decisions and deliver a seamless, secure purchasing experience.

IR Transact suite of payment solutions enables real-time access to information on all transactions, turning data into intelligence and allowing you to capture value and data analytics opportunities within complex environments.

IR Transact enables you to monitor card performance across all banking channels, look out for unusual transaction activity, and through analyzing data, gain a deeper understanding of customer behavior and channel profitability.

Payments analytics tools are vital to grow and protect business within every sector of the payments space. IR's solutions  can help strengthen any business by providing in-depth payment analytics, insightful reports and clear visibility of your entire payments ecosystem.

Topics: Payments Payment processing eBooks, Guides & Reports Transact

Related Articles

Unlocking Fast Transactions: How Instant Payments..

Traditionally, nothing moves fast in the world of payments. But driven by consumer demand...

eBooks, Guides, & Reports • 11 MIN READ

Seamless Real-time Payment Management Solutions

New payment processing technology is constantly emerging and evolving, and this is...

eBooks, Guides, & Reports • 10 MIN READ

Understanding Funding Liquidity Risk & How To..

It's no secret that the global financial crisis sent shock waves throughout national...

eBooks, Guides, & Reports • 9 MIN READ

Subscribe to our blog.

Stay up to date with the latest Collaborate, Transact and Infrastructure industry news and expert insights from IR.

Ready to get started? You're just one click away.

• Enterprise UC
• Service Provider
• Contact Centers
• Customer Experience Testing
• Collaboration Space Management
• High Value Payments
• Card Payments
• Real-time Payments
• Infrastructure
• Partner Program
• Customer & Partner Forums
• Partner Community

Supported Platforms

• Microsoft Teams
• Skype for Business
• Group of Companies
• Leadership Team
• Board of Directors
• Corporate Governance
• Investor Relations
• eBooks, Guides & Reports
• Customer Stories
• Service Status

™ IR is a U.S. Registered Trademark of Integrated Research Ltd.

• Terms of Use
• Privacy Policy