Skip to content

How TD Bank Masters Payment Processing Risk

Risk Management

“You learn a lot by following the money,” a great quote that Sara Pinkus, VP of Payments Risk Management at TD Bank, told me before her PAYMENTS 2016 presentation with TD Auto Finance and ACI Worldwide entitled Hide and Seek: Uncovering Your Internal Originators and the Risks They Pose

Sara shared these seven imperatives to managing payment processing risk for internal departments. Her experience comes from monitoring payments risk from end to end across the bank. One aspect of the monitoring includes how internal departments use payment processing systems. 

Centralize governance

  1. Track the payment processing risk of external and internal groups.
    When managing risk, many people first look at external customers. But do not forget about the internal departments that access payment processing systems. 

  2. Establish a payment processing risk policy to assess strategies and processes, and test key controls.
    The bank established a process to better recognize, account for and approve funds transfers by defining the controls, key performance indicators and monitoring aspects that bring a policy to life.  This increased transparency of internal departments moving money in and out of the bank. 

  3. Establish clear roles and responsibilities for administering the policy cross-functionally.
    Many systems and areas within the organization get involved throughout the process. TD Bank found that you must increase consensus on the activities of each role.

  4. Empower your internal departments with education on how to avoid violating industry rules and government laws.
    TD bank refreshed staff knowledge of how to follow the latest NACHA Rules and government regulations. For example, if an internal department debits consumers’ bank accounts via ACH, it must follow the consumer protection requirements in the NACHA Rules and Regulation E.

  5. Create processes where internal departments review risks before launching new payment processing initiatives.
    By empowering its internal departments, TD Bank increased employees’ proactive risk management. Now employees throughout the bank come to the centralized risk management department with their new initiatives and approach to risk.

  6. Centralize governance of money movement.
    Years ago when an internal department wanted to move money, they called a centralized Operations department. The advent of front-end online systems gave internal departments access to initiate money movement themselves. With money movement happening in a decentralized process, there needs to be centralized governance.

  7. Use controls to spark conversations.
    When controls identify that payment volumes fluctuate beyond defined norms, it sparks a conversation.  The internal department should identify whether there is new activity, growth or a possible error. For example, by putting limits on internal departments' ACH Files, overlimit situations require a review.
Payments innovation continues to grow. 50% of organizations are evaluating at least eight new payment methods, according to ACI & Ovum’s Global Payments Insight survey. TD Bank proves you can innovate while mitigating risk with centralized governance that empowers the entire organization to regularly evaluate risk.