Expert Payments Advisors “Payments Sleeper Risk” November 13, 2014
1129 20th Street, Northwest | Suite 300 | Washington, DC 20036 | 202-721-9120 | www.mcgovernsmithadvisors.com
• Financial industry regulatory expert • Co-author of Gramm-Leach-Bliley Act (GLBA), Data Protection Regulation • 28+ years compliance & risk experience (13 with Department of Treasury in D.C.) • Visionary behind outsourced management compliance products & services Paul Reymann Partner, McGovern Smith Advisors
Payments system risk come from regulations, technology, cyber criminals, fraudsters, consumers, 3rd party vendors, merchants, competition, & innovation. 2
Payments Sleeper Risk Fraud Cyber Crimes EMV & Tokenization Open Source Code Merchant Breaches Reputation
3rd Party Processors Program Managers Merchants Silo Back Office Ops. Enhanced Training Operational
Security
Consumer Compliance; Strategic; Financial; IT; Info Sec; Reputation
Strategic
Regulations
Technology
Card Act AML Durbin Overdraft UDAAP Reg. E Disclosures Op Choke Pt. EMV APPs SmartPhones Mobile Money Credit Cards Debit Cards Prepaid Cards Innovation Apple Pay
Innovation vs. Fast-follower Strategy
Consider your payments strategy: Revenue growth. Build one branch or build a national solution. EMV is coming, but Swipe continues. SmartPhones reaching critical mass. Understand your customers’ needs. Analyze customer transaction data. Security will always be paramount. Vendor management is the next frontier of efficiency. 4
A Prepaid Card Example
Understanding Success Factors
Life of a Card? Sociodemographic? Transaction Frequency?
• Fees • No load vs Reloadable (i.e., type of reload) • Other factors (e.g., alerts, email, OD) • Gender • Nationality • Age & Education Levels
• Direct Deposit (21X/mo.) • Monthly fee (17X/mo.) • Over Draft (23X/mo.) Source: FRB of Kansas City. “General Purpose Reloadable Prepaid Cards: Penetration, Use, Fees and Fraud Risks” (Feb 2014)
5
Credit Card Sales Volume Growth Exceeds Debit Volume
Credit Card Profitability “After Tax Income” 2010 1.8% 2011 4.2% 2012 3.9% 2013 4.4% Source: FDIC QTRLY Banking Profiles – Institutions with managed credit card loans exceeding 50% of total assets. 6
Align Card Issuing Options & Bank’s Goals Card Issuing Infrastructure Spectrum
Agent Bank
Enhanced Agent Bank
• 3rd-party issuer controlled - Owns accounts - No conveyance • Fixed payments to FI (usually per new account + ongoing card renewal payments) • Marketing support 3rd-party issuer has access to FI customer list for marketing purposes
• Same as Agent Bank EXCEPT: - Revenue sharing vs. fixed payments
Servicing Structure
Profit Share
Joint Venture
• FI owns some / all of portfolio
• FI & issuer agree on a P&L measurement structure
• True separate entity created between FI & issuer
• Issuer provides card account servicing on a fee for service basis • All asset risk is FI’s for assets owned • All profits on owned accounts accrue to FI
• Profits are shared as agreed • Investments, costs shared as agreed
• Each party contributes resources as agreed • Value to each party ascribed based upon resources contributed • Profits shared based upon equity stake
Self Issuance
• FI issues cards directly • FI takes all risk / retains all profits • FI either builds or buys needed infrastructure, skill sets
• Numerous strategic, financial & regulatory considerations
7
Evaluate Key Parameters of Card Options Economics
Ease of
Investment Ongoing Commitment
Implementation Management
Risks
Controls
Operational Credit Regulatory Financial & IRR Reputation Strategic
Member Experience Pricing Underwriting Rewards Network Relationships Marketing Bank Resources
Dedicated Accounting Marketing
8
Debit Cards & Interchange
Investments in Debit Issuing
Thumbs Up for EMV Competition
• Members like debit cards • Attractive DDA-based payment • Debit issuers are likely to return to a growth agenda to match consumer demand • Current interchange rates will remain intact
• MC, Visa, & PIN debit networks for cross-line applications, opens gates for EMV enabled debit cards • Home Depot, Target and other data breaches push fraud agenda and EMV • MC & Visa waive PCI DSS annual validation
• Prepaid has emerged as competitive DDA alternative • Prepaid and credit card are Durbin exempt • Debit cards still favored for security & control
9
Innovation & Apple Pay
5 Reasons CU’s May Like Apple Pay One more means to make payments & transactions Growing percentage of iPhone users
Works with over 50% of cards issued today
Security: - NFCommunication enabled (except MCX CurrentC network) - TouchID – Finger print scan on iPhone 6 - Tokenization – Assigns 1-time codes
EMV retrofits likely to include mobile communications
10
Expect Significant Growth in Electronic Wallets
11
NAFCU's October 2014 Economic & CU Monitor Survey
Source: Risk Based Security
Source: Privacy Rights Clearinghouse
Credit unions' are concerned and focus on data and cybersecurity in order to safeguard their members. 12
Retailer Breaches Hit CUs The Air Academy Federal Credit Union said it had blocked about $20,000 in potentially fraudulent activity tied to debit cards compromised in the Home Depot breach. “A lot more activity off this one than Target," chief financial officer Brad Barnes said. About 5,800 debit cards out of his credit union's 25,000 total debit cards were compromised by the breach, he added. Credit unions were socked with $28 million in costs for the Target breach, according to research from NAFCU. The Home Depot attack could result in even greater damages. Source: Fraudulent charges from Home Depot breach surface (CBS MoneyWatch, September 24, 2014) The Target data breach will cause financial institutions to lose $480 million in card replacement costs and other expenses, according to estimates by NAFCU. 13
CREDIT UNIONS WORK HARD TO PROTECT MEMBERS AND ADDRESS DATA SECURITY ISSUES 14
PR Newswire
Up to 63% of security infractions & business disruptions attributed to suppliers & vendors.
3rd Parties / Vendor Management Risk
The Next Frontier of Operating Efficiency Customer Service
New Challenges
Selling
Competitive Landscape Compliance Tsunami
New Products & Services Consumer Compliance
Your Core Focus
Revenue & Profits
Speed to Market
Economies of Scale
Complexity of Technology
Cybersecurity Breaches
Manage Risk to Company & Consumer
Need Intelligent Expertise
Increasing enforcement activity from third party relationships. 116 Regulatory VM Publications. Sky Rocketing Cost & Complexity
Intelligent Operational Resources
Outsourcing Savings & Simplicity 16
Strategic Validation of 3rd Party Business Needs
Develop a plan tailored to: Inherent Risk
Benefits
Complexity
Customer Interaction
Information Security
Contingency Planning
Compliance
Oversight
17
Getting More Attention
Contract Development, Review, & Performance Monitoring • Develop and negotiate contracts that address the 18 elements outlined by the OCC. • Identify and incorporate mutually beneficial performance indicators and key risk indicators into contracts to enable effective quantitative monitoring of performance against anticipated outcomes. • Review existing contracts on critical vendors, as material changes warrant. • Renegotiate at the earliest opportunity, if problems are identified. 18
Just Announced on 11/4/14
19
Quick Reference Resources - NAFCU Data Security Website - CFPB RFI on Mobile Financial Services (June 2014) - FRB of Boston Payment Strategies - FRB of Boston Mobile Payments Industry Workgroup - Other Fed Payments Groups & Research: • FRB of Atlanta Retail Payments Risk Forum • FRB of Philadelphia Payment Cards Center • FRB of Kansas City Banking & Payments Research • FRB of Kansas City - General Purpose Reloadable Prepaid Cards: Penetration, Use, Fees and Fraud Risks (Feb 2014) Paul Reymann P: 410-212-5955
[email protected] twitter.com/paulreymann www.mcgovernsmithadvisors.com 20