Wrestling with Exposure Limits with Guest Sean Carter

Wrestling Payments Podcast: Season 3 - Episode 07

This episode of Wrestling Payments tackles the critical topic of exposure limits in modern payments. Host Joe Casali and guest Sean Carter, President & CEO of NEACH Payments Group, dissect an article by Jordan Bennett of Nacha, which focuses on payment modernization and digital transformation. Sean highlights a common misconception: viewing exposure limits solely through the lens of credit risk. He argues for a broader perspective, emphasizing operational risks like account takeovers and business email compromise.

Sean explains how current exposure limit practices often focus on the unlikely event of a business's complete failure, rather than the more frequent occurrences of chargebacks and return items. He advocates for a more holistic review process, considering IT security practices and overall risk management. Sean also discusses the challenges financial institutions face with third-party senders and the importance of consistent due diligence.

Finally, Sean challenges the common practice of assigning uniform exposure limits. He urges listeners to consider the unique risks of each originator and leverage available tools for efficient limit monitoring and enforcement. This episode provides valuable insights for financial institutions looking to strengthen their payment processes and mitigate risk.

Download Episode Transcript

Guest-at-a-Glance

💡 Name: Sean Carter
💡What they do: President & CEO
💡Company: NEACH Payments Group
💡Noteworthy: Payments risk expert advocating for holistic exposure limit reviews.
💡 Where to find them: LinkedIn
 

Key Insights

Rethinking Exposure Limits

Exposure limits are often mistakenly viewed solely through the lens of credit risk. This narrow focus overlooks the significant operational risks prevalent in today's digital payment landscape, such as account takeovers and business email compromise. A more comprehensive approach considers a company's IT security practices, overall risk management, and the potential for fraud, ensuring a more robust and effective risk mitigation strategy. Shifting the focus from the unlikely scenario of complete business failure to the more frequent occurrences of chargebacks and returns offers a more practical and relevant assessment of risk.

Third-Party Sender Oversight

Financial institutions must extend their rigorous risk management practices to third-party senders. While institutions may have robust internal controls, neglecting the oversight of third-party partners creates a vulnerability. Ensuring these partners adhere to the same level of due diligence and risk assessment is crucial for maintaining a strong security posture and protecting the institution from potential fraud and operational failures. This includes implementing agreements and monitoring processes to guarantee consistent security practices across the payment ecosystem.

Challenging Uniform Limits

The common practice of assigning uniform exposure limits to all originators is inefficient and potentially risky. Every originator presents a unique risk profile based on their transaction volume, industry, and security practices. A tailored approach to setting exposure limits, based on a thorough risk assessment of each originator, allows institutions to allocate resources effectively and mitigate risk more precisely. This may involve creating tiered policies based on transaction amounts and requiring more stringent reviews for higher-risk originators.

The Importance of Periodic Review

Setting exposure limits isn't a one-time task; it requires continuous monitoring and periodic review. Regular assessments of originator activity, including transaction volumes, return rates, and security incidents, are essential for maintaining the effectiveness of exposure limits. These reviews should encompass the holistic relationship between the originator and the financial institution, adapting to changes in the originator's risk profile and the evolving payments landscape. This proactive approach allows for timely adjustments and ensures ongoing protection against emerging threats.

Episode Highlights

The Disconnect Between Credit and Operational Risk

Timestamp: [00:01:00 - 00:05:00]

Sean and Joe discuss the disconnect between how exposure limits are typically set (focusing on credit risk) and the actual risks facing businesses today, which are primarily operational. They use a real-world example of setting up a merchant account versus establishing ACH exposure limits to illustrate how easily credit card processing is approved compared to ACH, despite the lower likelihood of chargebacks for the latter. This highlights the need for a more nuanced approach to risk assessment in payments.

"When you think about exposure limits, right, in an ACH context or even accepting card payments, it's really about what you expect to go wrong and how do you protect yourself?"

Managing Third-Party Sender Relationships

Timestamp: [00:16:30 - 00:19:00]

This section explores the complexities of third-party sender relationships and the risks they pose to financial institutions. Sean emphasizes the importance of applying the same rigorous risk management standards to third-party senders as to direct originators. He points out that many institutions fall short in this area, weakening their overall risk mitigation efforts. This oversight can have serious consequences, especially in areas like payroll processing, where direct deposit fraud is on the rise.

"If you have 10 payroll companies, and they're not doing anything right, they're doing a handshake and asking the customer what their payroll is, and then you're telling everybody how safe you are, I think you're missing the point."

Pre-Funding Misconceptions and Best Practices

Timestamp: [00:13:30 - 00:16:30]

Sean addresses common misconceptions surrounding pre-funding and clarifies how some practices, while labeled as pre-funding, don't truly eliminate risk. He explains that using non-final funds from RDC deposits to fund ACH transactions still exposes the institution to potential losses from returned checks. He also challenges the idea that pre-funding negates the need for exposure limits, emphasizing the importance of a holistic review that considers all potential risks. He advises exploring alternative systems and tools beyond core systems for more efficient and comprehensive limit monitoring.

"So when you say pre-funding, and when you're talking to your regulator, they're assuming you mean you have zero risk on that money because that's how they define pre-funding."

The Challenge of Scaling with Static Exposure Limits

Timestamp: [00:23:30 - 00:27:00]

Joe raises the question of whether static exposure limits can hinder the scalability of originators as they grow and add more customers. Sean explains how consistently high limits can impact regulatory reviews and potentially limit growth. He suggests a tiered approach to setting limits, based on factors like transaction volume and risk profile, allowing for more efficient resource allocation and regulatory compliance. This tailored approach ensures appropriate risk management without stifling growth.

"So don't let the existence of the overabundance of small originators make you go, oh, this is too hard to redo because it's really not. It's actually an easy process, and at the end, it becomes more efficient."

To hear this episode and many more like it, subscribe to Wrestling Payments on Apple Podcasts, Spotify, or anywhere else you listen to podcasts, or listen above.