The Clearing House (TCH) submitted a letter responding to a proposed strategy by the Committee on Payments and Market Infrastructures (CPMI) to reduce the risk of endpoint security related fraud in wholesale payment systems. While TCH acknowledges the need to ensure the security of wholesale payment systems and welcomes efforts that facilitate discussions between the private and public sectors about the topic, it has a number of concerns with CPMI’s proposed strategy. These concerns include: (i) CPMI’s suggestion that compromise of a single endpoint may undermine confidence in the entire wholesale payment system, (ii) elements of the strategy that would fundamentally alter the operation of wholesale payment systems and the liability frameworks that apply to them, and (iii) the assignment of certain endpoint security responsibilities to payment system operators that are inconsistent with their role in the wholesale payment system.
Based on these concerns, TCH recommends that CPMI revise its proposed strategy to: (i) allow operators and other stakeholders within each country to work together to create guidelines for endpoint security that consider the legal, supervisory, and regulatory framework applicable to wholesale payment systems and participants in their jurisdiction; (ii) focus endpoint security guidelines on each participant’s ability to secure its own environment; (iii) recognize the role of originating banks and supervisory authorities in reducing endpoint security risk in wholesale payments and allocate responsibilities appropriate to their roles, similar to the approach CPMI took in its recent continuity of access guidance; and (iv) clarify that the strategy (a) is not intended to alter rights and responsibilities of parties to wholesale payments, as determined by applicable law and (b) allows operators in each country to determine the appropriate approach to end point security.
Download the PDF