Payment Messaging Systems
Financial institutions, corporations, and other organizations employ wholesale payment message systems to originate payment orders, either for their own benefit or for a third party. These systems are indispensable components of funds transfer activities. Unlike payment systems, which transmit actual debit and credit entries, message systems process administrative messages and instructions to move funds. The actual movement of the funds is then accomplished by initiating the actual entries to debit the originating customer's account and credit the beneficiary's account at one or more financial institutions. If the beneficiary's account or the beneficiary institution's account is also with the originator's institution, the institution normally handles the transaction internally through a book transfer. If the beneficiary related accounts are outside the originating customer's institution, the parties will complete the transfer by use of a payments system such as Fedwire Funds Service or CHIPS. The means of arranging payment orders range from manual methods (e.g., memos, letters, telephone, fax, or standing instruction) to electronic methods using telecommunications networks. These networks may include those operated by the private sector, such as SWIFT or Telex, or operated internally by or for the institution. The internal networks can be for inter-company purposes only or connected to customer sites.
Since the payment order is the institution's authorization to act on behalf of the customer, it is imperative that a system is in place to establish the authenticity and time of receipt of the order. These two elements are the primary components cited by the Uniform Commercial Code Article 4A (UCC4A) in establishing responsibility for the execution of a payment order. Even though the transfers initiated through systems such as SWIFT and Telex do not result in the immediate transfer of funds from the issuing institution, they do result in the issuing institution having an immediate liability, which is payable to the disbursing institution. Therefore, the physical and logical controls surrounding payments messaging systems should include:
- Physical controls limiting access to only those staff members assigned responsibility for managing the payment messaging system;
- Logical access controls restricting access on a need to know basis;
- Assigning access to payment messaging application and data based on functional job duties and requirements; and
- Identification and authentication controls used to authenticate access to payment messaging systems.
Internally Developed and Off-The-Shelf Funds Transfer Systems