• About


    Take On Payments, a blog sponsored by the Payments Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take On Payments and look forward to collaborating with you.

    To see older Take On Payments posts, please see the archived material at Federal Reserve Archival System for Economic Researchicon denoting destination link is offsite (FRASER).

    March 18, 2025

    Data from the Federal Reserve Payments Study Shows the Pace of Payments Accelerating

    The allure of speed plays a role in changing use patterns for all kinds of payment methods, familiar and new. Automated clearing house (ACH) transactions and person-to-person (P2P) payments via depository institution websites are two payment types for which recent growth rates show the importance of speed.

    Data from the Federal Reserve Payment Studyicon denoting destination link is offsite (FRPS) finds that same-day ACH debit transfers grew 39 percent per year by value from 2018 to 2021. Same-day ACH credit transfers also grew by double digits per year—21 percent by value. In comparison, non-same-day ACH transactions by value grew by single digits per year over the period.

    This rapid growth occurred on a small base, so same-day transfers have lots of room to grow. Same-day transfers are a small share of all ACH transfers, 4 percent of credits and debits by value (see chart below). As these charts show, it's important to look at both growth rates and levels to get the whole story on growth in ways to pay.

    Figure 01 of 02: (Bar chart) Value of ACH transfers in trillions of dollars
    Source: Federal Reserve Payments Studyicon denoting destination link is offsite

    P2P payments via depository institution website or app are changing expectations about the timing of funds availability. These grew 51 percent per year by number from 2018 to 2021. In 2021, three-quarters of these P2P payments by number were made immediately available, or in 30 or fewer minutes, to recipients.

    Figure 02 of 02: (Bar chart): P@P payments in 2021 in billions
    Source: Federal Reserve Payments Studyicon denoting destination link is offsite

    The March data release provides comprehensive estimates of ACH, check, wire, and alternative payment methods based on data submitted by depository financial institutions. In addition to detail on speed of payments, the release provides breakdowns by business and consumer payers and domestic and cross border payments. You can review the data hereicon denoting destination link is offsite


    March 10, 2025

    Business Use of Wires Grew Sharply from 2018 to 2021

    Business payments are concentrated in wires, ACH credit transactions, and (still) checks, according to 2021 dataicon denoting destination link is offsite released by the Federal Reserve Payments Study (FRPS) last month. Of these payment types, wires grew most by both number and value from 2018.

    In 2021, most wire payments were made by businesses, 89 percent of all wires by number and almost 100 percent by value. Payments made by businesses using wires grew by double digits from 2018 to 2021. By number, business wires increased 11.9 percent per year to 345.8 million payments. By value, business wires were up 10.9 percent to $1,436.83 trillion.

    Most ACH credit transfers were made by businesses in 2021, 95 percent of ACH credits by number and 97 percent by value. Business ACH credits increased at a slower rate than wire transfers over the three-year period, 8.5 percent per year by number and 8.3 percent by value.

    Perhaps surprisingly, most check payments were made by businesses in 2021, 52 percent by number and 76 percent by value. This is the first year for which the FRPS found that the number of business checks exceeded the number of consumer checks. In addition, check use by value increased from 2018 to 2021; the total value of business checks increased by 2.7 percent per year to $20.64 trillion.

    ACH business debits, while only one in five ACH debit transfers, made up 70 percent of these transfers by value. The number of these transfers declined from 2018 to 2021; the value increased 6.5 percent per year.

    Average values for business and consumer payments differ as you might expect, with values of business payments dwarfing those for consumer payments. The average value of a business wire is more than 40 times the value of a consumer wire. Even the average business check is three times the value of a consumer check. For more data, visit the Federal Reserve Payments Study websiteicon denoting destination link is offsite.

    Value per payment, 2021    Business    Consumer
    Wire    4,155,205    101,889
    ACH debit    15,027    1,600
    Check    3,601    1,249
    General-purpose card    196    54
    Source: Federal Reserve Payments Studyicon denoting destination link is offsite.


    March 3, 2025

    Counterfeit Cards Persist: Is the Magstripe to Blame?

    I recently traveled to London for a few days without any cash or coin. I brought my United States (US)-issued debit card and a couple of US-issued credit cards and tapped them around the city, no signature or PIN required. Sometimes, I used embedded payments through apps. Not once did I swipe a magstripe-enabled card.

    That's because the United Kingdom (UK) began migrating to EMV chip-card technology in 2002. In 2007, the UK started issuing EMV chip cards for contactless and mobile tapping payments. No PIN required. No magstripe included.

    Magstripe information is received in the clear by the card reader and can be easily intercepted for cloning. Mastercard and Visa organized EMVCo in 1999 to combat card-present fraud across the globe. Migration to EMV chip-card technology was intended to lower card-present fraud, especially counterfeit fraud.

    Fumiko Hayashi, a payments economist at the Kansas City Fed, has been tracking the effect of EMV technology since its introduction. Recently, in "Did Card-Present Fraud Rates Decline in the United States After the Migration to Chip Cards?icon denoting destination link is offsite" she found that even though counterfeit fraud rates of debit cards used with a PIN have been trending down, debit card fraud rates are trending up when used without a PIN.

    I blame the magstripe for these findings. Magstripes are still on every card in the US. Although harder with the EMV-chip dip, every swipe could potentially be skimmed and cloned to counterfeit. Unfortunately, I can't prove my theory with data. Therefore, I concur with the article's conclusion, that more research is needed to understand why counterfeit, lost-or-stolen, and overall card-present fraud rates have not declined in the US.

    While I was in London, I visited with researchers at UK Finance, a trade association responsible for collecting and analyzing payments data for the UK. Its latest Fraud Report icon denoting destination link is in an Adobe PDF file formaticon denoting destination link is offsite states that in 2022 "cases of counterfeit cards have fallen to the lowest levels ever reported due to the success of Chip and PIN." Chip and PIN: all good. But, I think the report left out another source of the decline in counterfeits— the lack of magstripes.

    I believe growing use of contactless payments, and removal of magstripes will likely make a huge dent in counterfeit cards. However, then we must talk about lost and stolen card fraud. Stay tuned for more on that topic.

    February 24, 2025

    Can Banks Afford to Delay ISO 20022?

    I recently attended a panel discussion titled, "Overrated vs. Underrated Topics in Payments". There was lively debate over crypto use cases, instant payments, and AI, but what caught my attention was when a panelist said ISO 20022 was, in their opinion, the most underrated topic of 2024—and going forward, of 2025. Their rationale was that banks were losing potential revenue to competitors while continuing to pay for inefficient legacy systems ultimately leaving money on the table. Why are banks slow to implement the new global standard, and what does this mean for global payments?

    ISO 20022 was introduced by the International Organization for Standardization (ISO) in 2004 as a global standard for financial messaging. It allows banks and business to send and receive payment messages in a standard format with tons of data. To put it another way, ISO 20022 is like a professional email while legacy payment systems are like texts to friends. In texts with your friends, you might use abbreviations, emojis or gifs to express your point. In a professional email, you would take your time to detail all relevant information in a structured manner, aiming to be clear and concise.

    Email also allows you to automate your messages, letting colleagues know when you're out of office or will automatically direct responses to certain folders. The ISO 20022 structure also provides the added ability to automate. For example, if a payment involves a high-risk jurisdiction or an entity on a sanctions list, the data in an ISO 20022 message can trigger a compliance check. Rather than manual reviews, financial institutions can leverage AI and analytics to assess the risk level instantly, improving fraud detection.

    For example, many older systems use open fields with character limits for address lines, allowing address information to appear anywhere within the lines. ISO 20022 syntax codes each element of the address separately in structured fields, as shown in the following table.

    Non-ISO Format     ISO 20022 Format
      
    120 South LasSalle Street, (Address Line 1; up to 35 characters)
    Chicago 60690-0834 (Address Line 2; up to 35 characters)
    Illinois (Address Line 3; up to 35 characters)
        <PstlAdr>
    <Dept>Procurement Services</Dept>
    <StretNm>South LaSalle Street</StrtNm>
    <BldgNb>120</BldNb>
    <PstCd>60690-0834</PstCd>
    <TwnNM>Chicago</TwnNm>
    <CtrySubDvsn>IL</CtrySubDvsn>
    <Ctry>US</Ctry>
    </PstlAdr>
    Source: FRBServices.org icon denoting destination link is in an Adobe PDF file formaticon denoting destination link is offsite

    This structured approach makes it possible to gather and analyze more information about each transaction. For example, purpose codesicon denoting destination link is offsite which are contained within the ISO 20022 message structure, classify transactions based on their intent. Through purpose codes like salary payment, loan payment, trade settlement, banks gain deeper insights into customer transaction patterns, leading to more personalized services and offers. Compared to payment information in Standard Entry Class (SEC) codes for Automated Clearing House (ACH) or Merchant Category (MIC) codes for card, which classify transactions based on broad type or origin, ISO 20022 purpose codes provide the exact reason for the transaction, offering a richer dataset. Improved data quality also enhances fraud detection by providing detail that previously wasn't included in legacy systems.

    A case study published by the Society for Worldwide Interbank Financial Telecommunications (SWIFTicon denoting destination link is offsite) reported that financial institutions that have implemented ISO 20022 are already seeing a decrease in transactions falsely flagged as potential fraud. Historically, 5 to 10 percent of all transactions are flagged as potentially fraudulent. When investigated, approximately 99 percent of those are false positives, leading to manual reviews that increase processing times and decrease customer satisfaction. ISO 20022 messaging enables approximately 84 percent of messages to be reviewed through automation while decreasing false positives. SWIFT estimatesicon denoting destination link is offsite that financial institutions could reduce false positives 25 to 30 percent.

    Twenty years later, why are banks lagging? A report by American Bankericon denoting destination link is offsite found that 40 percent of US banks are falling behind on their implementation plan with 10 percent stating they have no definitive timeline. Across North America and Europe, only 40 percent of banks felt "highly confident"icon denoting destination link is offsite with their readiness. A major obstacle has been upgrading legacy payment systems that cannot support ISO 20022. This is especially true with small to midsize banks, which may not have the capital to modernize their payment systems. Although adopting ISO 20022 is expected to increase efficiency, reduce fraud losses, and improve the client experience, the financial gains will most likely be realized over the long term. For many smaller institutions, that means delaying ISO 20022 deployment in favor of more urgent near-term plans.


    February 10, 2025

    Teaching an Old Dog New Payments Tricks with Stablecoin

    My colleague, Chris Colson, recently posted a blog about the growth of stablecoins that sparked my need to find out how retailers accept stablecoins. Chris found that a large movie theater chain was offering a 10 percent discount on movie tickets and concessions purchased with stablecoin. And thus, a Sunday afternoon field trip to the movie theater ensued.

    Learning how to purchase stablecoin and use it to make purchases took some research. After a 45-minute discovery lesson in the theater's lobby, I purchased my movie tickets, my popcorn, and my soda using stablecoin.

    If you were wondering why anyone would use stablecoin or why merchants would be interested in taking it, we encountered some of the same questions at the beginning of the pandemic with contactless payments. If we remember, financial institutions scrambled to make debit and credit cards available in our mobile wallets, but at the register, the clerks and payment systems didn't know how to complete the transaction without the actual card.

    We had a post, "Contactless Pay: A True Life Story - Federal Reserve Bank of Atlanta" back in August 2020 which reviewed the painful process of making purchases without a physical card present. But the consumer eventually found the ability to make a purchase using their mobile device faster and more convenient. The opportunity for a different payment option for consumers and lower merchant fees may allow stablecoin digital purchases to take off.

    Come along as we make a purchase using stablecoins!

    Step One: Establish a digital wallet using one of the movie theater's suggested digital wallets (be prepared to include your social security number, home address, email address, birthdate, and phone number). Establish multifactor authentication. I did not have to pay for my initial setup of the digital wallet, and I received an "incentive reward" of $3 in Bitcoin.

    Step Two: Establish the account and tie a bank account or card to the wallet for funding purposes. Accept the terms and conditions.

    Step Three: Purchase USDC stablecoin through your digital wallet by selecting "Buy" and choosing "USDC". Input the amount to be purchased using the bank account or card connected in Step Two. Hold the amounts in the digital wallet until a purchase is to be made with the retailer. I did have to pay a conversion fee to buy USDC—my $20 US was converted to $19.51 USD Coin—but I earn a 4.10 percent annual percentage yield as a "Reward Rate" that I keep in my digital wallet. So far, I've earned $.02!

    Step Four: Download the SPEDN app from the app store. The third-party company uses this app and has an agreement with the movie theater chain. Set up an account and take note that, as part of the terms and conditions, do not hold more funds in the app than what you are willing to spend.

    Step Five: "Add Funds" to your SPEDN account. Select the USD Coin. Again, you will receive a reminder "Do not add more USDC than you are willing to spend". Click that you understand. Copy the address to add to your digital wallet.

    Step Six: Go back to your digital wallet. Select "Transfer" and "Send Crypto". Paste the copied address from SPEDN. Select USDC. Then select the "network" (block chain) you want to use. You will need to select "Base".

    Step Seven: Add the amount you want to transfer, preview the transfers, and select "Send Now".

    Step Eight: Go back to SPEDN and touch the USD Coin blue bar in center of the screen. Click the "Spend" button. Select your retailer. I selected the large chain movie theater.

    Step Nine: A QR code is displayed which will be scanned by the retailer as a gift card transaction for the purchase of the tickets and concessions.

    Easy!

    While this wasn't the smoothest payment process, I got the promotional 10 percent off my ticket and concessions. My next purchase at a popular fast food Mexican restaurant was easier, though I did not receive any bonus, discount, or reward. I did, however, get a puzzled look from the cashier.

    It may take some time for stablecoin payment transactions to become a "go to" option, but let's not forget how slowly it took contactless payments to become commonplace. We may need to revisit this field trip by end of this year to see what has changed (or not)...To Be Continued.


    February 3, 2025

    Quantum Payments: A Leap into the Future?

    When I hear conversations surrounding the topic of quantum computing, I think of the 1989 television series, Quantum Leap. The sci-fi hit entertained viewers by the characters ability to travel through time and correct wrong decisions. While quantum computing won't let us send payments into the future through time travel, it will impact and change current computing and payment processing!

    We need to begin understanding what quantum payments mean to the financial industry We don't need to make a quantum leap whenever quantum computing becomes part of everyday life.

    You may be asking:

    • What is quantum computing?
    • How and why is quantum computing going to impact payment processing?
    • Why is it so important to have a strategy and investment in quantum?
    • What are the risks?
    • Where do you start with understanding quantum computing in payments?

    Well, this payments expert needed to find answers to these questions, so I joined the Quantum Project Team with the Payments Innovation Alliance icon denoting destination link is in an Adobe PDF file formaticon denoting destination link is offsite (PIA) last year. Being a novice, I had one of our team members describe quantum computing to me by comparing today's computer logic to a light switch. You turn it on and off by flipping the switch back and forth. In contrast, quantum computing is like a dimmer switch. It's not just zeros and ones anymore. And let's note that this difference requires a change in hardware and the process by which the light is turned on and off.

    This analogy helped me to make sense of the processing potential, but I needed to learn more. So, I worked with the project team to develop the white paper, "Protecting Payments in the Quantum Era: What You Need to Know icon denoting destination link is in an Adobe PDF file formaticon denoting destination link is offsite." The paper provides a basic explanation of how quantum differs from classical computing, the potential it has in the financial industry focusing on payments, and the threats quantum computing poses to current cryptographic standards.

    Think of quantum computing as a supercomputer able to complete tasks with lightning speed and an impressive degree of accuracy. The paper's opening statement explains that the technology behind quantum computers place the "computing world on the cusp of a paradigm shift that is unlocking unprecedented computational power." It's anticipated by some technologists that by the end of the decade, quantum computing could "provide substantial innovation in finance, payments, fraud detection, anti-money laundering detection and behavior analysis."

    In the paper, we look at the current state of computing using the Four Corner Model for processing payment transactions. The padlock in the diagram below stands for security protection, which is coding or encryption around the transaction. Each corner is storing, sending, and receiving encrypted data using current standards. Cracking the code and breaking the lock opens data to be harvested and misused by bad actors. A quantum computer can quickly calculate the encryption code, putting data at risk.

    Figure 1 of 1: Diagram depicting Data Encryption in the Four-Corners Model

    In the paper, we point out the threat quantum poses on the financial industry at its current state, as "research indicates a potential of up to $3.3 trillion in indirect losses," is very possible. The National Institute of Standards and Technology (NIST) reports that quantum computers "could break the current encryption that provides security and privacy for just about everything we do onlineicon denoting destination link is offsite."

    The solution for payments network participants: Fight quantum with quantum. Advanced cryptographic algorithms in quantum computing have additional layers of calculated code, resulting in greater data protection and making payments more secure. NIST in its oversight role as the authority for security standards has approved three advanced algorithms with a higher level of security necessary for protecting payments data. NIST recommends technology experts begin working on implementing the new framework as soon as possible.

    Like a new light switch, quantum computing will require upgrades to hardware and software. Full implementation could take years. Building a strategy to implement quantum computing within your information security program needs to be on your "to do" list today. Continue to learn and make sure that individuals within your financial organization understand the importance of preparing for upgrades now!


    January 27, 2025

    Will the European Union's Instant Payments Regulation Force the Hand of US Payments?

    We are all familiar with the 10-second countdown to the new year. Imagine receiving money from a friend in a different country that clears and settles in that same amount of time. Cross-border payments may typically take days to clear and settle. The European Union (EU) has made steps to change this. As of January 9, 2025, banks and payment service providers (PSPs) located in euro area member states must be set up to receive instant payments, while they have until October 9, 2025, to implement send capabilities. By 2027, all Single Euro Payments Area (SEPA) countries must offer instant payments. SEPA includes more than 30 countries located both outside and inside the European Union.

    The Instant Payments Regulationicon denoting destination link is offsite (IPR) requirements are intended to increase the adoption of the SEPA instant credit transfer, which launched eight years ago:

    The efforts of the European payments industry have not proven sufficient to ensure a high uptake of instant credit transfers in euro at Union level. Only a widespread and rapid increase in such uptake could unlock the full-scale network effects of instant credit transfers in euro, leading to benefits and economic efficiency gains for payment service users and PSPs, reduced market concentration, and increased competition and choice of electronic payments, in particular for cross-border payments at the point of interaction. (Resolution 2)

    In contrast, both US instant payment systems, FedNow and Real-Time Payments (RTP) from The Clearing House (TCH), are currently used to make domestic payments only. In addition, the US does not have a regulation that mandates payment providers to offer instant payments. While there has been growth in instant payment usage, the US still has a big hill to climb. TCH reportedicon denoting destination link is offsite that RTP network payment value was $246 billion in 2024—compared to the roughly $2 trillion in payments that TCH clears each day for all products. At the writing of this post, TCH listsicon denoting destination link is offsite that 676 financial institutions are connected to the RTP network, and the Fed listsicon denoting destination link is offsite 1196 participants on the FedNow network.

    Even though the largest US financial institutions, representing 70 percent of US bank accounts, can access instant payments, we do not have widespread adoption yet. The EU regulation is set to affect that, since it includes transactions that may originate in US dollars but convert to euro or vice versa. Either way, US payment providers, will want to take note of the new regulation.

    The IPR timelineicon denoting destination link is offsite offers a staggered approach with the most stringent deadlines for euro area member states. Non-euro area member states have until 2027 to comply with both the receive and send mandates.

    Some requirements may be difficult for legacy systems to handle:

    • The payer must be assured via verification of payee that the correct person or entity is being paid.
    • Users of instant payments must be checked daily against the European Union sanctions list and others as applicable.
    • After verification and confirmation of payee, the payment must be received in 10 seconds. If not, the transaction must be cancelled, and may incur penalties.

    Connecting to instant payments requires significant infrastructure upgrades, operational adjustments, and regulatory compliance. As with other landmark European legislation, the IPR may affect frameworks for global financial regulation. US firms operating in the EU will need to understand the IPR and develop strategies for implementation. It begs the question: Will the European Union's Instant Payments Regulation force the hand of US PSPs?

    For updated question and answers, see the “clarifications of requirements” document on the European Commission's websiteicon denoting destination link is offsite.


    January 13, 2025

    Here a Coin, There a Coin, Everywhere a Stablecoin

    Cryptocurrencies have been around for over a decade, yet the way they operate, their value, and their impact on traditional payments remains puzzling—even to me. While Bitcoin and Ethereum dominate the headlines, stablecoins are quietly becoming a significant part of our daily lives.

    When I first heard about stablecoins, they were a niche tool for crypto traders seeking to avoid volatile price swings. Today, stablecoins are moving into the mainstream and showing up in unexpected places like food delivery services, gas stations, and retailers. This evolution made me wonder: how did stablecoins go from being a safe haven for crypto investors to a credible payment method?

    Stablecoins first gained attention around 2014 with Tether (USDT) which offered the speed and efficiency of digital currencies without wild price swings. Pegged 1:1 to real-world assets like the US dollar or commodities like gold, stablecoins brought the stability that Bitcoin and Ethereum lacked, making them practical for everyday transactions. Over time, they have bridged traditional finance and blockchain technology. Today, the total value of all stablecoins in circulation exceeds $200 billionicon denoting destination link is offsite, of which more than 98 percent are backedicon denoting destination link is offsite by US dollars. To put this into perspective, their value is comparable to the gross domestic product of countries like New Zealand or Greece.

    Figure 01 of 01: Total Stablecoin Supply line chart

    Stablecoins have grown beyond trading tools. Retailers such as Overstock, Chipotle, Whole Foods, and GameStop now accept them, though their impact is minimal. Stripe recently enabled merchants to accept USD Coin (USDC), the second most popular stablecoin. Regal Cinemasicon denoting destination link is offsite offers a 10 percent discount on tickets and concessions for USDC payments, becoming the first major movie theatre chain to do so.

    So why are businesses suddenly embracing stablecoins? They reduce transaction fees, settle almost immediately, and attract crypto-savvy customers, helping businesses stay competitive in a digital-first world. Beyond retail, platforms like Travalaicon denoting destination link is offsite lets users book travel services with USDC or USDT. Bitrefillicon denoting destination link is offsite meanwhile, enables customers with gift cards purchased with stablecoins to shop at merchants like Amazon, Walmart, and Starbucks even if those merchants don't directly accept digital assets.

    The future of stablecoins as a payment method is still unfolding, but as digital assets gain wider acceptance, their adoption could grow, potentially rivaling credit or debit cards. However, risks remain, including concerns over the stability of the assets backing them, regulatory uncertainty, and security vulnerabilities like cyberattacks. Stablecoins used in decentralized finance platforms also face risks such as smart contract failures and liquidity issues. Despite these challenges, ongoing development and regulation will shape stablecoin's future in payments.

    While it's hard to predict whether or not stablecoins will become a universal payment method, the foundation is forming. Once seen as a hedge against crypto volatility, stablecoins are establishing themselves as a new, innovative payment type. These digital currencies are influencing the future of payments such as purchasing a coffee with a gift card purchased with stablecoins or buying a ticket for a movie at a discount.

    One thing is certain: the future of payments looks a lot more stable.

    Keep an eye out for more posts on stablecoins as we continue to explore this growing market.


    January 6, 2025

    Mobile Wallet Purchases Skyrocket on a Small Base

    Mobile wallets are used to store digital versions of cards on a mobile device, typically a smart phone. Consumers can make in-person payments by tapping or waving their phone at a payment terminal and remote payments via apps and at websites. Mobile wallet payments can be transmitted over general-purpose card networks or made with private-label accounts or cards. As you can see from the charts below (and perhaps from your own behavior), purchases made using mobile wallets have skyrocketed since 2018. Growth in these purchases from 2021 to 2022 exceed that of prior periods—53 percent by number and 45 percent by value.

    Charts 1 and 2 of 2: Purchases using mobile wallet in number and in value

    The surprise for me in this data is the strong showing of mobile wallets for in-person purchases, which approached 60 percent of mobile wallet purchases in 2022. This leads me to conclude that consumers increasingly appreciate security features like tokenization and the convenience of not having to use a physical wallet.

    The Federal Reserve Payments Study first collected mobile wallet data in 2015 and has collected this data annually since 2020. During these years, purchases have made up more than 90 percent of mobile wallet payments. Besides purchases, mobile wallet payments include person-to-person and “other”—that is, not classified—payments.

    The charts above reveal a couple interesting patterns. First, you can see the average dollar values of mobile wallet purchases haven’t changed much over the years. Second, the trajectory illustrated in both charts shows consistent growth rates by number and value. Other takeaways: Average values fluctuated in the mid-$30s over the charted years. Also, compared to in-person purchases, remote purchases averaged higher values, fluctuating between $44 and $47. This is the case for general-purpose card payments overall.

    Despite their steady growth, mobile wallet payments remain uncommon compared to general-purpose card payments. In calendar year 2022, mobile wallet payments were just 9 percent of all general-purpose card payments by number and fewer than 5 percent by value. (This rough estimate potentially overstates the importance of mobile wallet payments in the card ecosystem, because it does not include private-label card payments.)


    December 16, 2024

    Risk Management Matters in Financial Institutions and Everyday Life

    Over the past few months, I have had experiences with several catastrophic natural disasters. My grown children and grandson were in the path of tornados in Nebraska. My father, sisters, and friends were in the path of flash floods in Minnesota, Iowa, and South Dakota. As a Floridian, I had to execute my own risk management strategies to prepare for the impact of hurricanes Helene and Milton and plans for recovery in the aftermath. In the face of such threats, knowing what is needed to take care of our families, homes, communities, and ourselves—especially when it comes to basic needs like food, water, and shelter—becomes an immediate priority.

    The same view can be applied to a financial institution's risk management strategy. Over the last 20 years, risks have increased significantly for the financial industry. Data breaches, cyberattacks, and financial crimes are familiar occurrences, unfortunately. At the same time, we're reading more about the importance of risk management. For example, regulators are issuing formal agreements and consent orders more frequently. They're also emphasizing well-developed risk management strategies with board of director oversight.

    Risk management can sometimes feel overwhelming and—given the steady emergence of new risks—like a moving target. An effective risk management strategy includes regular internal communications that identify which new risks could affect specific areas within the financial institution. Newly identified risks should be assessed right away. A risk assessment will provide a critical roadmap for setting a program to control and mitigate risks.

    Similar to the aforementioned basic food, water, and shelter needs, below are what I consider to be the core components of a risk management program.

    • Board-approved policies that identify risks and actions to reduce them
    • Procedures that explain how the institution will put board policies into action
    • Periodic audits to test if the components of the risk management program are operating as intended
    • Regular reporting to keep the board informed and to understand the board's risk appetite
    • Routine updates to the risk management strategy and program, in response to emerging risks and when new systems and processes are implemented
    • Staff training (Employees are vital to risk management!)

    Additional guidance on risk management programs is available to financial institutions. This includes resources offered by the Federal Financial Institutions Examination Councilicon denoting destination link is offsite and Federal Reserve Board of Governorsicon denoting destination link is offsite. Previous Take On Payments posts have also explored effective risk management programs. We will continue to keep you informed of actions that can help you maintain solid risk management strategies.

    If you haven't already, it's time to prepare for the risks your financial institution could face. That is, before the disaster happens, before your regulator finds inadequate risk management, and before your financial institution ends up in the news.


    Recent Posts


    Categories