The Committee on Payments and Market Infrastructures (CPMI) has set out seven elements that form part of its strategy to reduce the risk of wholesale payments fraud. The CPMI, a committee of the Bank for International Settlements (BIS), is the global standard setter for payments, clearing, settlement and related arrangements. This week it set out a common strategy to improve the security of wholesale payments that involve banks, financial market infrastructures and other financial institutions.

Integrity of wholesale payments essential for financial stability

The CPMI's Chair Benoît Cœuré commented: “Sophisticated fraud incidents in recent years have highlighted the importance of strengthening the security of wholesale payments to ensure lasting trust in the global financial system. The success of this plan depends on clear ownership and active engagement by all stakeholders, public and private sector alike.”

And Mark Carney said recently at the BIS Global Economy Meeting (GEM): “Maintaining confidence in the integrity of wholesale payments is essential for financial stability. Governors of the major central banks today committed to play their part. I encourage everyone involved in making or receiving wholesale payments to take action in line with this new strategy so that we can collectively meet the security challenge.”

The strategy, which covers all areas relevant to preventing, detecting, responding to and communicating about fraud in payments and is aimed at operators of wholesale payment systems or messaging networks, as well as participants in those systems, involves the following seven elements:

1. Identify and understand the range of risks related to endpoint security, including risks related to the potential loss of confidence in the integrity of the payment system or messaging network itself.
2. The operator of a wholesale payment system or a messaging network should have clear endpoint security requirements for its participants as part of its participation requirements. Such requirements should include those for the prevention and detection of fraud, for the immediate response to fraud and, when appropriate, for alerting the broader wholesale payments network community to evolving fraud threats.
3. Based upon the understanding of the risks and the endpoint security requirements of a wholesale payment system or a messaging network, the operator and participants of the payment system or messaging network should have processes as necessary to help promote adherence to their respective endpoint security requirements.
4. Provide and use information and tools that would enhance their and each other’s respective capabilities to prevent and to detect attempted wholesale payments fraud in a timely manner.
5. The operator and participants of a wholesale payment system or a messaging network should have procedures and practices, and deploy sufficient resources, to respond to actual or suspected fraud in a timely manner.
6. Support ongoing education, awareness and information-sharing about evolving endpoint security risks and risk controls.
7. Monitor evolving endpoint security risks and risk controls, and review and update their endpoint security requirements, procedures, practices and resources accordingly. In addition, the operators and, to the extent practicable, participants of different wholesale payment systems and messaging networks should seek to coordinate approaches for strengthening endpoint security across systems and networks.