ABA Banking Journal
No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
SUBSCRIBE
ABA Banking Journal
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
No Result
View All Result
No Result
View All Result
ADVERTISEMENT
Home Compliance and Risk

The Steps to Managing MFS Risk

December 15, 2016
Reading Time: 4 mins read

By Ruth Razook

It goes without saying that mobile financial services (MFS) are here to stay. The majority of consumers—including millennials—use some type of digital payment service for all of their monetary transactions. Some of them may not have ever experienced something like manually depositing a check at a bank. According to the Consumers and Mobile Financial Services 2016 study completed by the Board of Governors of the Federal Reserve System, 43% of all mobile phone users with a bank account had used mobile banking in the 12 months prior to the survey. This number is up from 39% in 2014 and 33% in 2013.

While some people claim that statistics like these point to the coming extinction of traditional bank branches, it can be argued that banks actually play a key role in MFS risk management. It is important for financial institutions to not only keep up with the times by offering MFS, but to also identify the unique risks associated with such services and establish a plan to mitigate those risks for their own safety, as well as the safety of their customers.

Until recently, identifying MFS risks was a huge problem. In 2015, more than 50 financial institutions were surveyed by Transaction Directory and 97% of them reported having no strategy on how to address internet purchasing. Luckily, new guidance for mobile banking was released this year when the Federal Financial Institutions Examination Council (FFIEC) updated its Retail Payment Services Handbook and added Appendix E – Mobile Financial Systems. These guidelines examined what risk assessments should look like, how financial institutions should monitor risk, what tools should be used, and more.

Step 1: The first step in the MFS risk management process is risk identification. This must include risks associated with mobile devices where the customer implements and manages security settings; unique risks associated with specific devices; and associated risks in the areas of strategy, operations, compliance, and reputation. For example:

  • Short message service (SMS) messages are easily fraudulent as they are unencrypted over widely-used networks.
  • Mobile apps may be unauthorized or contain malware.
  • Mobile payments may be compromised if portable devices are misplaced or stolen.

In addition, financial institutions must identify how providing MFS may create reputational risks, especially in the context of privacy and data security, as public scrutiny of the treatment of customer information continues to grow.

Step 2: After the potential risks have been identified, financial institutions need to begin the process of measuring those risks. They must develop consistent risk criteria and have it published for all decision makers to review, as well as periodically review that risk criteria for potential environmental changes and share their findings with the board.

Along those lines, financial institutions must implement the measurement of the level and types of risks involved in offering MFS, in addition to the measurement of potential risks across all applicable risk categories. It is important to note that this process is ongoing and requires updates whenever a change is implemented.

Step 3: Finally, financial institutions should determine whether their controls are effective and their goals are compatible with the company’s strategic plan in order to best mitigate the identified risks. Implementing effective controls includes communicating policies and procedures during enrollment, authenticating users of MFS, and using well-constructed contracts developed with legal counsel to provide necessary security for both the financial institutions and their customers.

This also requires developers to follow a secure development life cycle, determining whether mobile browsers have available safeguards implemented, employing tools like device fingerprinting, and performing security testing at all post-design phases of the system development life cycle.

Of course, all policies and procedures implemented must comply with laws and regulations. MFS must be included in retail payments systems audits. And security awareness materials must be provided to customers so that they understand their role in security. This includes things like the use of anti-malware and PIN protection. Additional security settings can be added to the digital login process—such as a list of previous account activity with the date, time, and type of device that initiated the login. This allows the consumer to audit all transactions that have taken place from their account.

MFS risk management is much more than installing “safe” digital payment software. It includes identifying potential risks, measuring them effectively, and establishing a plan to mitigate those risks. Not only does taking this seriously allow financial institutions to remain in compliance with the updated FFIEC guidelines, but it also protects their customers and the institutions themselves from multiple types of harmful fraud.

Ruth Razook is founder and chief executive officer of RLR Management Consulting, a consulting firm servicing community banks nationwide in four primary categories: technology, regulations/compliance, operations and M&A. RLR’s clientele includes community and regional banks of all sizes. RLR has offices in both Reno, Nev. and Palm Desert, Calif. LinkedIn. Twitter.

ADVERTISEMENT
Tags: ComplianceDigital bankingMobile banking
ShareTweetPin

Related Posts

FinCEN to propose new rules on money laundering, whistleblower program

Treasury official outlines principles for Bank Secrecy Act modernization

Compliance and Risk
June 18, 2025

The Treasury Department is exploring ways to streamline the filing process for suspicious activity reports and currency transaction reports as part of a broader effort to modernize BSA enforcement, Deputy Secretary of the Treasury Michael Faulkender said.

ABA suggests splitting proposal to expand Fedwire, NSS operating hours

FATF releases revisions to international standard for payment transparency

Compliance and Risk
June 18, 2025

FAFT announced several revisions to its recommendation on payments transparency, which it said will enhance the safety and security of cross-border payments to better detect financial crime.

BAFT releases report on best practices, guidance for ISO 20022 migration

CFPB to delay small-business lending data collection compliance dates

Compliance and Risk
June 17, 2025

The CFPB will issue an interim final rule today to push back by roughly a year the compliance dates for its small-business data collection requirements, according to a filing in the Federal Register.

Is deepfake technology shifting the gold standard of authentication?

Will fraud prevention ever be autonomous?

Technology
June 17, 2025

Anti-fraud systems are learning to anticipate fraud rather than merely react to it. Better anticipatory abilities inch systems closer to full automation.

New infographics provide advice for identifying money mules, check fraud

Banking agencies seek public comment on strategies to combat payments fraud

Compliance and Risk
June 16, 2025

The FDIC, Federal Reserve and OCC issued a request for comment on potential actions to help consumers, businesses and financial institutions mitigate risks related to payments fraud, particularly check fraud.

CFPB claims ‘complex’ pricing drives up cost of financial products

ABA, associations reiterate concerns about CFPB nonbank registry

Compliance and Risk
June 16, 2025

ABA joined two associations in reiterating their concerns about the CFPB’s nonbank registry, which the current bureau leadership has proposed to eliminate.

NEWSBYTES

Treasury official outlines principles for Bank Secrecy Act modernization

June 18, 2025

Report: Bank merger activity continues at steady pace

June 18, 2025

CFPB proposes ending using civil penalty funds for consumer education, financial literacy

June 18, 2025

SPONSORED CONTENT

AI Compliance and Regulation: What Financial Institutions Need to Know

Unlocking Deposit Growth: How Financial Institutions Can Activate Data for Precision Cross-Sell

June 1, 2025
Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

April 25, 2025
Outsourcing: Getting to Go/No-Go

Outsourcing: Getting to Go/No-Go

April 5, 2025
Six Payments Trends Driving the Future of Transactions

Six Payments Trends Driving the Future of Transactions

March 15, 2025

PODCASTS

Podcast: Staying close to clients amid tariff-driven volatility

June 18, 2025

Podcast: Old National’s Jim Ryan on the things that really matter

June 12, 2025

Podcast: What bankers need to know about ‘First Amendment audits’

June 5, 2025
ADVERTISEMENT

American Bankers Association
1333 New Hampshire Ave NW
Washington, DC 20036
1-800-BANKERS (800-226-5377)
www.aba.com
About ABA
Privacy Policy
Contact ABA

ABA Banking Journal
About ABA Banking Journal
Media Kit
Advertising
Subscribe

© 2025 American Bankers Association. All rights reserved.

No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive

© 2025 American Bankers Association. All rights reserved.