ALEXANDRIA, Va.—As electronic payments grow to play much larger roles in credit union operations, NCUA has detailed key risks associated with these transactions and shares advice for CUs.
The agency provided the following insights in its November issue of The NCUA Report:
Credit risk: There is risk to a transaction if a party cannot provide the necessary funds for a settlement to take place. This can occur if an originator goes bankrupt or returns come in after settlement. Weaknesses such as a lack of appropriate exposure thresholds or limits, and inadequate originator credit analysis, elevate the potential for credit risk.
Fraud risk: There is the potential that a new transaction will be added to the processing stream for illicit reasons, or an existing transaction will be intentionally altered in an attempt to misdirect or misappropriate funds, NCUA wrote. Inadequate internal controls over physical security, data security, change controls and operational controls increase the potential for fraud and possible losses to a credit union.
Compliance risk: There is the possibility a credit union will fail to comply with regulatory requirements, including—but not limited to—the Electronic Funds Transfer Act, the Bank Secrecy Act, and requirements of the Office of Foreign Assets Control.
Liquidity risk: There is a possibility a credit union will be unable to settle an obligation for full value when it is due, cautioned the agency. This can occur when the credit union chooses not to warehouse ACH items (making funds available prior to effective date of the transaction), there are ineffective controls over overdrafts or management lacks a risk assessment on high-risk activities.
Systemic risk: There is the potential one or more participants in the clearing and settlement network will be unable or unwilling to settle its commitments. This could cause other participants to be unable to settle their commitments on one or more other payment networks.
Operational and transaction risk: There is a possibility that a credit union will have inadequate or failed internal processes, people and systems, stated NCUA. The potential for a non-posting or erroneous posting to a member account is something a credit union’s management must be prepared for. Many financial institutions process payments across different retail and wholesale payment systems. The industry has identified this additional complexity as “cross-channel risk.” In cross-channel risk, fraud can take place across multiple channels or access points a member does business through, such as the branch, call center, debit card, ATM, voice response unit or mobile banking site or application.
Strategic risk: There is the potential for risk when a credit union grows its payment services without adequate planning or offers new payment services without proper vendor due diligence.
Reputation risk: There is a possibility that a credit union will be unable to meet customer expectations with the delivery of retail payment services. Accounting for and mitigating these potential risks can be difficult for even the most seasoned of managers, NCUA explained. Those who are considering providing one or all of these services to their members for the first time face even greater challenges.
Related links