Press release - Central banks propose strategy to improve the security of wholesale payments

The Committee on Payments and Market Infrastructures (CPMI), the global standard setter for payment, clearing, settlement and related arrangements, laid out a strategy on Thursday to improve the security of wholesale payments that involve banks, financial market infrastructures and other financial institutions.

The consultative document, Discussion note – Reducing the risk of wholesale payments fraud related to endpoint security, aims to help focus industry efforts to tackle the increasing threat of wholesale payments fraud. The work will help to maintain confidence in the integrity of the wholesale payment ecosystem and, in doing so, support financial stability.

The strategy was developed by a CPMI task force set up in 2016 and led by Lawrence Sweet of the Federal Reserve Bank of New York and Johan Pissens of the National Bank of Belgium. It sets out seven elements designed to address all areas relevant to preventing, detecting, responding to and communicating about wholesale payments fraud. It stresses the importance of understanding the full range of risks and calls upon all relevant public and private sector stakeholders to take a holistic and coordinated approach.

The stocktaking of current practices undertaken by the task force revealed knowledge gaps and inconsistent approaches among other weaknesses. As a result, potentially important opportunities to strengthen the wholesale payment ecosystem were identified.

“Wholesale payments fraud is becoming increasingly sophisticated and is expected to evolve further. We need to move fast, and together, to guard against any loss of confidence in the system,” said CPMI Chairman Benoît Cœuré.

NBB Governor Smets commented: ”I welcome this proposal for a strategy to cope with that ever increasing cyber challenge in wholesale payments, we have now on the table the blueprint for a strategy for mobilising and coordinating the cyber efforts in the payment industry. When confronted with the cyber threat, a strategy involving all main stakeholders is the best way to pursuit the objective of a sound and safe payment infrastructure.“

The CPMI is now seeking input from relevant stakeholders. After the consultation, it plans to develop guidance on each of the seven elements to help operators and participants of payment systems and messaging networks as well as their respective supervisors, regulators and overseers improve endpoint security. The proposed guidance will be developed by early 2018.  

Comments on the proposed strategy should be submitted by Tuesday 28 November 2017 via e-mail to the CPMI Secretariat. All comments may be published on the website of the Bank for International Settlements unless a respondent specifically requests confidential treatment.