Issue 2: Catastrophic Failure and Systemic Risk

By  |  October 18, 2013
 | 
Issue2

The Problem

 Electronic payments systems are subject to catastrophic risks of failure from software malfunctions and cyber attacks. Isolated failures wreak havoc only on the consumers and businesses directly affected by it. Thousands of customers couldn’t pay their bills or get money out of their accounts when RBS encountered a “glitch” in its software. Broader, systemic, failures are also possible and if they happened could bring much economic activity to a grinding halt. Like nuclear meltdowns events that are highly unlikely but have catastrophic results if they do are worth worrying about and trying to prevent. Of course eliminating risks is costly and society has to weigh the benefits against the costs of risk prevention.

The Question

How can society best insure against the catastrophic failure of the electronic payments system and minimize the consequences of such a failure were it to occur?

Background

The terrorist attacks on the World Trade Center on 9/11 and the subsequent shutdown of air travel for several days exposed a deep flaw in the check-clearing system in the US. Paper checks actually had to be physically transported and the payments system had relied on airplanes for a long-distance movement of checks to clearinghouses for many decades. This didn’t lead to serious disruption as it turned out but it did spur the movement towards check electronification.

Unfortunately, modern systems that depend on software, computers, and communication lines are subject to many kinds of failure. Natural disasters can affect communications. Computers can malfunction. Software can have hard-to-detect and hard-to-fix “bugs”—the sort that leads to the “blue screen” so many of us have encountered. When it is opened up to networks, software can be subject to cyber attacks.

These problems seem to be occurring with increasing frequency as a look at last year shows. On June 19, 2012 the Royal Bank of Scotland’s computer systems stopped tracking debits and credits for depository accounts, mainly for RBS-owned NatWest. Thousands of customers were affected. Checks bounced, paychecks didn’t hit accounts, and people couldn’t get money out. Criminals hacked into Global Payments in April 2012 and stole data for around 1.5 million cardholders. We’re almost used to card theft at this scale but it doesn’t have to stop at this scale. Last year several US financial services institutions including, over this past year, Bank of America, JPMorgan, and Citi were subject to cyber attacks.

Even cash isn’t immune to the problem. After the March 2011 earthquake in Japan, the ATMs at Mizuho, a Japanese bank, broke down delaying more than a million transactions and curtailing access to funds to many people.

That fact is, in most developed countries the preponderance of transactions by value between people and businesses and businesses and businesses is done in way that is touched electronically.

The Solution

Team 2A

According to Team 2A, federal legislation is required to truly address catastrophic failure. This legislation would mandate that all payment system entities, including networks and processors, jointly develop a solution to guard against catastrophe by December 2016. Such a solution might include interoperability among payment processing players so that combined infrastructure can be leveraged in the event of catastrophe. It might also include requiring all payment transactions to flow through a single federally regulated system, like the ACH, with data centers on multiple continents. This system would be a redundancy for all network activity and utilized in the event of systemic failure.

In the event of a catastrophe, we must: “Ensure that commerce and payments can prevail to the lowest denominator.” There needs to be a readiness for availability of cash through a Mobile ATM Trailer Fleet and a supply chain that will allow merchants, money transfer players, ATM’s, etc. to be cash agents to put cash in the hands of consumers.

This would require the involvement of the Fed, FIs, Money Transfer Players, Merchants, Cash and Transit Players, Local and State Government and Law Enforcement.

Team 2B Proposed

    i) a highly distributed, open source, cryptographically hardened, Internet-based standby network built by prize/competition and maintained in the event of its need;
    ii) that that network, as one of its maintenance tasks, remotely monitor SWIFT/FEDWIRE network for statement of health and disaster monitoring for determination of recovery protocols;
    iii) that the network be built to take “point in time” end of day for the 7300 users of SWIFT/FEDWIRE for “break the glass” reconstitution of journal balances, counterparty liabilities and settlement requirements; and,
    iv) that a “break the protocol” protocol be adopted for invoking by trusted authorities in the event that threshold events have occurred.

In the event that the protocol is invoked, this system would become the network used for supplanting the FEDWIRE for an interim period such that a policy decision can be made to replace the SWIFT/FEDWIRE or continue to operate the new network under its management regime.

Although unlikely, the effects of this systemic failure merit an option that could succeed should it be needed. By taking this innovative approach, society can only plan, but not insure, for what occurs should the payments system fail.

Team 2C

Here’s the problem seen by Team 2C. When the traditional payment infrastructure is unavailable and people don’t have access to ATM networks or use of their credit or debit cards an alternative product that can be used as an exchange of value is needed. This network of alternative currencies would require that there is an agreed upon value which can be exchanged for goods and services – no small feat. This is particularly critical for individuals with limited cash reserves and dependence on electronic benefits from government programs – they would be highly impacted by the unavailability of the systems.

The assumptions underpinning the solution we developed include:

  1. Electronic payment systems are not available to process debit, credit, or ATM transactions. Cash is not accessible or not on-hand.
  2. Mobile networks are available and power outage is not a cause of system failure.
  3. Regulators would grant power to the MNO to be money transmitters and special emergency lenders. The fed would set the value of dollars to minutes to control arbitrage schemes.
  4. Electronic benefits could be enabled to deliver emergency funds and benefits to recipients.
  5. Fraud will occur, but by implementing caps on lending and transactions we believe the good outweighs the potential loss.
  6. Requires a settlement and recovery process post-crisis.

The solution elements are:

  1. Individuals will be able to use their mobile phone accounts to exchange minutes, or other pre-stored value, as currency and be a source of emergency funds used to buy things at merchants – who would be able to accept that value.
  2. There is an opportunity for MNO to step-in and provide an alternative system to enable the exchange of value, for example by means of SMS text.
  3. Merchant acquirers would enable merchants to accept this form of value and settle it.
  4. MNOs could market pre-purchase plans and have stored value associated with the customer’s account in preparation for an emergency.
  5. This solution is meant to be limited in duration – 4 to 5 days.
  6. The solution could be backed-up with a cross-border partner, like Canada, to provide diverse location.

Readings

David S. Evans, System Down: Dealing with Catastrophic Risks in Payments RBS Computer Breakdown

<< Back to Intro | Next Issue >>
See More In: