Use Case for Assessing Risk on Account-to-Account Transfers
Why assess the risk? In managing risk, the bank should understand the full scope of its liability in A2A transactions. The sender assures compliance with internal and external (network and regulatory) dollar limits. The bank may contract with other parties for various services but is legally responsible for the transactions processed on their behalf. Appropriate due diligence in outsourced processes is important to safety and soundness, as lack of appropriate measures could considerably increase risk and threaten product adoption. The applicable payment network rules address this point; some systems assign liability to the sending financial institution. The network’s automated exception processing tool offers a means of allowing the sending and receiving financial institution to reverse a chargeback, assuming that agreement between the institutions is reached. Other risks:account authorization risk; transaction risk; technology risk, compliance risk and fraud risk.
Who should assess the risks? Electronic Banking Officer, Chief Operating Officer, Cash Management Officer, Information Technology Officer, Security Officer, Data Security Officer, BSA Officer
How to assess the risk: Rate the KRIs to determine if a threat would successfully exploit a vulnerability and to justify expenditures to implement countermeasures to protect the bank’s assets or reputation. Use the “Focus Risk Assessment” tool for in-depth analysis of risks and mitigation techniques.