Page 17 - gs260502
P. 17
Insights and Expertise
AI functions best
with human AI can detect the signal, but only
humans can challenge the story
assistance behind it.
detect and remediate illegal activity across the payments
ecosystem.It defines three key risk taxonomies: business
risk, operational risk and legal & regulatory risk.
Visa also introduced tiered merchant classifications (Tier
1, Tier 2, Tier 3), along with enhanced requirements such as
acquirer registration and annual certification for higher-
risk merchants. Additionally, Visa's Acquirer Monitoring
Program (VAMP) takes a broader view, evaluating
merchant risk holistically, not in isolation.
Together, regulatory guidance and network programs
reflect that risk is no longer evaluated in silos. Instead,
it is viewed as interconnected across systems, partners
and customer outcomes. This is where AI becomes
By Ken Musante indispensable.
Napa Payments and Consulting Where AI shines
erchant monitoring and third-party over- The payments ecosystem generates massive, continuous
sight are becoming increasingly complex. data streams. AI can ingest, process and analyze millions
Sophisticated fraudsters leverage advanced of data points simultaneously, identifying trends and
M technologies while regulatory expectations outliers far beyond human capacity. Risk doesn't happen in
expand and evolve, creating a challenging environment batch cycles anymore. AI enables always-on surveillance.
for risk managers. It doesn't sleep or take vacations.
To effectively address emerging threats and heightened And, AI is better at pattern recognition across silos. AI
compliance demands, risk teams must combine seasoned can link signals across merchants, processors, banks and
expertise with the power of AI-driven tools. This integrated behaviors, uncovering risks that sit between organizational
approach is no longer optional; it's essential. blind spots.
AI applies consistent rules and models across every
Regulators raising the bar transaction and merchant—without alert fatigue, bias and
Regulatory scrutiny has intensified. In 2023, the FDIC, inconsistency.
Federal Reserve and OCC issued joint final guidance on Where AI falls short
managing risks associated with third-party relationships.
This guidance is uniform and comprehensive, emphasizing As fraud patterns and regulations evolve, AI models
a risk-based approach across the lifecycle of third-party can be continuously updated and retrained, allowing
relationships, from onboarding and monitoring to organizations to respond faster than traditional manual
termination. processes, but AI has limitations. AI:
Also, events have reinforced the need for stronger oversight. • Lacks true context awareness: AI understands pat-
The Evolve Bank & Trust and Synapse situation shifted the terns but not intent.
conversation from traditional vendor risk to a more critical
concern: depositor access risk. The implication: failures in • Struggles with nuance: Edge cases, exceptions and
third-party ecosystems can directly impact customers, not gray areas often require industry experience and
just operations. situational judgment that AI doesn't inherently pos-
sess. If a regulatory environment is not clear, AI
Expanding network-level oversight may not properly categorize the risk.
Card networks are evolving their frameworks. Visa's • Depends on historical data: AI learns from the
Integrity Risk Program (VIRP) was introduced to deter, past. When something new, novel or intentionally
17
