Scheme Rules Guide DFSPs

Context

Strong risk management requires guidance

Regulatory standards on DFSP fraud risk management are commonplace and are often captured in central bank or government directives, consumer protection guidelines, licensing requirements for DFSPs, and supervisory guidance. The standards may relay principles or share precise and prescriptive requirements. Regardless, they provide a critical basis for defining DFSPs’ fraud mitigation responsibilities and often have a broader objective of ensuring the overall safety and soundness of the financial system.

For regulatory guidance to be effective, it requires consistent enforcement that includes penalties for noncompliance.

Role of the IIPS

Scheme rules may directly incorporate existing regulatory standards. Importantly, they should strengthen fraud mitigation by mandating DFSPs to implement specific actions and practices in order to participate in the IIPS.

Regulatory guidelines are helpful in highlighting expectations for strong fraud management, but they do not usually define DFSP requirements for participating in specific payments system (exceptions exist).

The IIPS’ scheme rules play a key role in providing that specific guidance and raising the bar on risk management. Scheme rules need to ensure that all DFSPs participating in the system adhere to a set of standards that are designed to keep the IIPS safe and sound by preventing fraud from occurring in the first place, and to minimize its impact.

Strong KYC controls are critical in aligning the level of risk a customer brings to controls to minimize potential impact of fraud if it occurs. End user authentication methods, education, and confirmation of payee provide controls before a payment is initiated. Once a payment is in flight, transaction screening mechanisms, whether at the DFSP or IIPS level (or both), provide a tool for flagging and potentially preventing fraudulent payments.

Even with these controls in place, some fraud will occur. To mitigate the negative impact on end users, accessible and effective mechanisms need to be in place for end users to lodge fraud complaints and request return of funds. DFSPs need to have robust processes to investigate those complaints, determine whether fraud has occurred, and in cases of confirmed fraud, to follow a process to return funds to the end user as quickly as possible.

Importance of collaboration

As fraudster tactics and fraud risks evolve, regulations, laws, and scheme rules will need to follow. The IIPS is well positioned to provide leadership or actively participate in collaborative efforts to evolve rules and standards. A collaborative approach to evolving these will drive alignment, ensure clarity, increase comprehensiveness, and ultimately reduce fraud risk for the entire ecosystem.

—

Scheme rules define a set of requirements, standards and practices necessary for the functioning of an IPS and for participating in a system.

Scheme rules are often supplemented by operating procedures, which provide a more detailed set of technical and operational requirements for participating in the scheme and connecting to the IPS.

Next Topic in this Section: IIPSs Provide Tools