Payment infrastructures - do we care enough about their risks?
This week I attended one of The Financial Services Club events in London - a debate on whether payments infrastructure risk has been largely forgotten. The debate's outcome was "no, it hasn't been", but the discussion raised some interesting points and provided a lot more colour to the answer.
The general consensus was that operational risks are well understood and mostly well managed. At least in the UK, the interbank infrastructures for BACS, CHAPS and Faster Payments schemes are very resilient with glitch events extremely rare. The very fact that the payments infrastructure works so well can lead to complacency and the impression that the risks they pose might be forgotten.
Layered resiliency is certainly one way of managing business continuity risk; the other is to have multiple providers with easy interchangeability between them - currently, that's not the case in the UK, as the schemes are too different to just simply redirect say BACS traffic to Faster Payments infrastructure and vice versa. Could and should these schemes converge going forward?
On the other hand, liquidity risk certainly can generate shocks in the system. Do banks know how to manage counterparty risk from the operational perspective? What happens if one party cannot settle intraday? How do you know if and when to pay out? In crisis situation, is straight through processing (STP) really that good or would you rather approve outgoing payments manually?
Again, the participants were confident that banks would know what to do, but all agreed that many of them would rely on individual rather than institutional knowledge, i.e. on those deeply experienced people that all banks have somewhere deep in their payments and risk departments. But will this enough to satisfy FSA and other regulators? Banks have to take stress testing seriously and put their payments infrastructures through challenging but realistic scenarios to increase confidence in the whole system.