expert payments advisors - nascus seucrity presentation (reymann).pdf · expert payments advisors...
TRANSCRIPT
Expert Payments Advisors
1129 20th Street, Northwest | Suite 300 | Washington, DC 20036 | 202-721-9120 | www.mcgovernsmithadvisors.com
“Payments Sleeper Risk”
November 13, 2014
2
• Financial industry regulatory expert
• Co-author of Gramm-Leach-Bliley
Act (GLBA), Data Protection
Regulation
• 28+ years compliance & risk
experience (13 with Department of
Treasury in D.C.)
• Visionary behind outsourced
management compliance products &
services
Paul Reymann
Partner, McGovern Smith Advisors
Payments system risk come from regulations, technology, cyber criminals,
fraudsters, consumers, 3rd party vendors, merchants, competition, & innovation.
Payments Sleeper Risk
Consumer Compliance;
Strategic; Financial; IT;
Info Sec; Reputation
Security
Regulations
Technology
Strategic
Operational
Reputation
Card Act
AML
Durbin
Overdraft
UDAAP
Reg. E
Disclosures
Op Choke Pt.
EMV
APPs
SmartPhones
Mobile Money
Credit Cards
Debit Cards
Prepaid Cards
Innovation
Apple Pay
3rd Party Processors
Program Managers
Merchants
Silo Back Office Ops.
Enhanced Training
Fraud
Cyber Crimes
EMV & Tokenization
Open Source Code
Merchant Breaches
Consider your payments strategy:
Revenue growth.
Build one branch or build a national solution.
EMV is coming, but Swipe continues.
SmartPhones reaching critical mass.
Understand your customers’ needs.
Analyze customer transaction data.
Security will always be paramount.
Vendor management is the next frontier of efficiency.
4
Innovation vs. Fast-follower Strategy
Understanding Success Factors
5
A Prepaid Card Example
• Fees
• No load vs Reloadable (i.e., type of reload)
• Other factors (e.g., alerts, email, OD)
Life of a Card?
• Gender
• Nationality
• Age & Education Levels
Socio-demographic?
• Direct Deposit (21X/mo.)
• Monthly fee (17X/mo.)
• Over Draft (23X/mo.)
Transaction Frequency?
Source: FRB of Kansas City.
“General Purpose Reloadable Prepaid Cards: Penetration,
Use, Fees and Fraud Risks” (Feb 2014)
6
Credit Card Sales Volume
Growth Exceeds Debit Volume
Credit Card Profitability
“After Tax Income”
2010 1.8%
2011 4.2%
2012 3.9%
2013 4.4%
Source: FDIC QTRLY Banking Profiles –
Institutions with managed credit card loans
exceeding 50% of total assets.
Profit Share Joint Venture Self Issuance
Card Issuing Infrastructure Spectrum
• 3rd-party issuer
controlled
- Owns accounts
- No conveyance
• Fixed payments to
FI (usually per new
account + ongoing
card renewal
payments)
• Marketing support -
3rd-party issuer has
access to FI
customer list for
marketing purposes
• Same as Agent
Bank
EXCEPT:
- Revenue sharing
vs. fixed
payments
• FI owns some /
all of portfolio
• Issuer provides
card account
servicing on a fee
for service basis
• All asset risk is
FI’s for assets
owned
• All profits on
owned accounts
accrue to FI
• FI & issuer
agree on a
P&L
measurement
structure
• Profits are
shared as
agreed
• Investments,
costs shared as
agreed
• True separate
entity created
between FI &
issuer
• Each party
contributes
resources as
agreed
• Value to each
party ascribed
based upon
resources
contributed
• Profits shared
based upon equity
stake
• FI issues cards
directly
• FI takes all risk /
retains all profits
• FI either builds or
buys needed
infrastructure, skill
sets
• Numerous
strategic, financial
& regulatory
considerations
Servicing StructureEnhanced Agent BankAgent Bank
7
Align Card Issuing Options & Bank’s Goals
8
Economics
Investment
Ongoing Commitment
Risks
Operational
Credit
Regulatory
Financial & IRR
Reputation
Strategic
Ease of
Implementation
Management
Controls
Member Experience
Pricing
Underwriting
Rewards
Network Relationships
Marketing
Bank Resources
Dedicated
Accounting
Marketing
Evaluate Key Parameters of Card Options
• Members like debit cards
• Attractive DDA-based payment
• Debit issuers are likely to return to a growth agenda to match consumer demand
• Current interchange rates will remain intact
Investments in Debit Issuing
• MC, Visa, & PIN debit networks for cross-line applications, opens gates for EMV enabled debit cards
• Home Depot, Target and other data breaches push fraud agenda and EMV
• MC & Visa waive PCI DSS annual validation
Thumbs Up for EMV
• Prepaid has emerged as competitive DDA alternative
• Prepaid and credit card are Durbin exempt
• Debit cards still favored for security & control Competition
9
Debit Cards & Interchange
5 Reasons CU’s May Like Apple Pay
10
Innovation & Apple Pay
One more means to make payments & transactions
Growing percentage of iPhone users
Works with over 50% of cards issued today
Security:
- NFCommunication enabled (except MCX CurrentC network)
- TouchID – Finger print scan on iPhone 6
- Tokenization – Assigns 1-time codes
EMV retrofits likely to include mobile communications
11
Expect Significant Growth in Electronic Wallets
12
Source: Risk Based Security Source: Privacy Rights Clearinghouse
Credit unions' are concerned and focus on data and cybersecurity in
order to safeguard their members.
NAFCU's October 2014 Economic & CU Monitor Survey
Retailer Breaches Hit CUs
The Air Academy Federal Credit Union said it had blocked about $20,000 in potentially fraudulent activity tied to debit cards compromised in the Home Depot breach.
“A lot more activity off this one than Target," chief financial officer Brad Barnes said. About 5,800 debit cards out of his credit union's 25,000 total debit cards were compromised by the breach, he added.
Credit unions were socked with $28 million in costs for the Target breach, according to research from NAFCU. The Home Depot attack could result in even greater damages.
Source: Fraudulent charges from Home Depot breach surface (CBS MoneyWatch, September 24, 2014)
The Target data breach will cause financial institutions to lose $480 million in card replacement costs and other expenses, according to estimates by NAFCU.
13
14
CREDIT UNIONS WORK HARD TO PROTECT MEMBERS AND ADDRESS
DATA SECURITY ISSUES
PR Newswire
Up to 63% of security infractions & business
disruptions attributed to suppliers & vendors.
16
Sky Rocketing Cost &
Complexity
Intelligent Operational Resources
Outsourcing Savings & Simplicity
SellingCustomer
ServiceRevenue & Profits
Your Core
Focus
The Next Frontier of Operating Efficiency
Competitive Landscape
New Products &
Services
Speed to Market
Economies of Scale
Complexity of
Technology
Compliance Tsunami
Consumer Compliance
Cybersecurity Breaches
Manage Risk to
Company & Consumer
Need Intelligent Expertise
New
Ch
all
en
ges
3rd Parties / Vendor Management Risk
Increasing enforcement activity from third party relationships.
116 Regulatory VM Publications.
Develop a plan tailored to:
17
Inherent Risk
Benefits Complexity
Customer Interaction
Information Security
Contingency Planning
Compliance Oversight
Strategic Validation of 3rd Party Business Needs
Contract Development, Review, &
Performance Monitoring
• Develop and negotiate contracts that address the 18
elements outlined by the OCC.
• Identify and incorporate mutually beneficial performance
indicators and key risk indicators into contracts to enable
effective quantitative monitoring of performance against
anticipated outcomes.
• Review existing contracts on critical vendors, as material
changes warrant.
• Renegotiate at the earliest opportunity, if problems are
identified.18
Getting More Attention
Just Announced on 11/4/14
19
Quick Reference Resources- NAFCU Data Security Website
- CFPB RFI on Mobile Financial Services (June 2014)
- FRB of Boston Payment Strategies
- FRB of Boston Mobile Payments Industry Workgroup
- Other Fed Payments Groups & Research:
• FRB of Atlanta Retail Payments Risk Forum
• FRB of Philadelphia Payment Cards Center
• FRB of Kansas City Banking & Payments Research
• FRB of Kansas City - General Purpose Reloadable Prepaid Cards: Penetration, Use, Fees and Fraud Risks (Feb 2014)
Paul Reymann
P: 410-212-5955
twitter.com/paulreymann
www.mcgovernsmithadvisors.com
20