Payment Controls – your questions answered
Table of contents
How can Payment Controls help detect and prevent payments fraud against your institution?
Your institution can be targeted by internal or external fraudsters in several different ways, including cyber compromises. Payment Controls allows you to set configurable rules looking at one or a combination of payment parameters, to alert and/or block your outgoing Swift FIN and ISO 20022 payments (MT103, MT202, MT202cov, pacs008, pacs009, pacs004). This can allow you to identify suspicious payments in real-time, preventing potential financial loss and reputational damage. It also provides you with an independent daily record of your incoming and outgoing payment transaction activity (MT103, 202 COV, 202, 205, 205 COV), allowing you to quickly identify if your internal records have been compromised or are incomplete.
How can Payment Controls help address payments fraud targeting your customers and counterparties?
Payment Controls cannot prevent your end-customer from being hacked or scammed, but it can help you protect customers and counterparties against cyber and fraud risks by detecting anomalies before fraudulent messages are released from the Swift network. This helps to enhance the customer experience and limit operational costs related to the recovery of funds and the reporting of fraud.
Payment Controls allows you to detect anomalies at the account level, based on rules that leverage unique data from the entire Swift network. From 2023, you’ll be able to detect new scenarios and duplicate payments on the debtor and creditor account level that may be indicative of fraud targeting your customers and counterparties, or of operational issues.
How can Payment Controls help mitigate the risks of operational payment errors?
Operational payment risks are on the rise and errors can lead to reputational damage, financial loss and regulatory scrutiny. Payment Controls cannot prevent these errors from being made but it can help you detect and block such payment errors before they are released from the Swift network. With rule combinations and account-level insights leveraging Swift network data, there are many ways in which PCS can be configured to address specific risks and flows.
How do Payment Control alerting and reporting supplement each other?
Swift Payment Controls can provide a comprehensive solution with both alerting and reporting capabilities. The Payment Controls Reporting module (also known as Daily Validation Reports “DVR”) is an optional add-on when subscribing to the Swift Payment Controls. This reporting module provides a daily (T+1) independent summary of your inbound and outbound payment flows, based on Swift’s secure record of your transaction activity, and reports on payment risks. Activity Reporting be used to reconcile your institutional records against an independent source; and Risk Reporting can be used to tune rules in the alerting module. You can find out more from your Swift representative.
What message types are covered by Swift Payment Controls?
Payment Controls alerting supports the screening of your outgoing FIN and ISO 20022 payment messages (ie MT103, MT202, MT202 COV, pacs.004, pacs.008, pacs.009). Payment Controls Reporting does this for both sent and received payments. For more information, please refer to this KB article.
Who should use Swift Payment Controls?
Payment Controls specifically addresses the needs of smaller institutions active in the commercial banking area, with limited resources and lower volumes of Swift messages. It is easy to implement, simple to use and affordable, so is ideally suited to the needs of these smaller banks. The service features an optional reporting component, which is already being used by customers to supplement their existing fraud controls. Payment Controls will be used by compliance, operations and payments teams.
When was Swift Payment Controls launched?
Payment Controls was launched in October 2018, following extensive pilot testing. Since then, Swift has continued to enhance the solution based on customer feedback and evolving fraud threats.
What’s the link between Payment Controls and Swift’s Customer Security Programme?
Swift is committed to developing new services to reduce the threat of cyber-attack and fraud, as well as to strengthen areas of potential weakness in your payment processing. Payment Controls was launched as an important part of Swift’s Customer Security Programme (CSP), a community-driven initiative that is enhancing cyber security for the global financial industry.
Swift CSP requires banks to adopt suitable payment business transaction controls and processes, while also securing their local environment. So adding fraud prevention solutions to our Financial Crime Compliance portfolio helps our community better safeguard their operations and fight cyber-crime.
Is Swift Payment Controls a mandatory part of the Customer Security Programme?
Payment Controls is an optional service. Swift does require customers to self-attest to their organisation’s level of compliance with Swift’s customer security controls. This self-attestation is done using the KYC Registry Security Attestation Application.