1. 1 An End-to-End View of Risk in Payments Introduction to the Risk Spectrum and Mitigation Strategies Sayantan Chakraborty North America Head of Payments Citi Global Transaction Services Brian Todd VP Fraud Prevention and Internal Control Citi Global Transaction Services August 09, 2010

2. 2 Table of Contents The Treasury Risk Environment4 The Financial and Franchise Risk Umbrella6 Payments in the Age of Social Networks16 Banks Changing Role in Risk Mitigation21 Case Study23 Conclusion25

3. 3 Agenda 1.The Treasury Risk Environment a.Evolving Risks b.Changing Marketplace c.Opportunities 2.The Financial and Franchise Risk Umbrella a.Payment Systems b.Regulatory/Compliance c.Credit d.Operational e.Fraud 3.Payments in the Age of Social Networks 4.Banks Changing Role in Risk Mitigation 5.Case Study 6.Conclusion

4. 4 The Treasury Risk Environment

5. 5 Paradigm Shift in Risk as a Result of Changes in Payment Trends Old Payments Landscape High volume check processing Electronic payments were less organized with limited channels Relatively slower pace of processing allowed a reactive approach to risk Payments fraud was limited Compliance requirements were simpler New, More Complex Landscape Electronification has eliminated physical controls making validation time-sensitive Monitoring new payment channels requires more diligence and added complexity With rising influence of technology, fraud has become more sophisticated Increased regulation has necessitated increased compliance checks The new payments market presents Banks and Treasury Operations with a new set of challenges as well as opportunities In order to minimize risk in the new marketplace, key stakeholders must be at the forefront of innovation, prioritize controls in infrastructure and be nimble in an increasingly complex environment What this means for Treasury Operations and Banks

6. 6 The Financial and Franchise Risk Umbrella

7. 7 A Deeper Dive Into the Risk Spectrum The nature of payments transaction underscores the importance of monitoring counterparty credit risk The recent financial crisis has further made the topic of counterparty risk extremely relevant Credit Banking and payments regulations are constantly evolving Ensuring compliance with regulations places a burden on Treasury Operations that have limited resources Regulatory/ Compliance Evolving marketplace exposes weaknesses in payment systems and organizations Changes in the payments infrastructure have not penetrated into treasury operations at the same scale External issues can affect ability to effectively operate Payment Systems Risk With increasing complexity, meeting specialized operational requirements can be very demanding Uncontrolled processes can result in financial and franchise risk Operational Fraud schemes are becoming increasingly difficult to expose Perpetrators take advantage of opportunities presented by Economic Downturns, Natural Disasters and Political Strife Fraud

8. 8 Regulatory and Compliance Risks Organizations are subject to Fines, Sanctions and Reputational Risk for non compliance The blurred line between banks and non banks results in legal and financial risk to all counterparties in transaction Enhanced anti money laundering enforcement can add an operational burden on payment initiators and providers Regulatory Changes – HIPAA, OFAC, AML, Fed operating changes –Regulations do not always keep up with payment requirements –Reg CC and Op Circular 3 are undergoing changes to meet todays payment realities Often, there still is a secondary impact –Treasuries and Banks have to comply which causes impact to the units via: Investment dollars Priority shift Resource reallocation Banks can share best practices, market updates and operationally make it simpler for you to remain compliant, e.g. building controls universally within banking processes How can Banks and Treasurers collaborate? Rapidly changing regulations place a compliance burden on organizations

9. 9 Operational Risk Factors Affecting Operational Risk Inadequate separation of financial responsibilities increases payments fraud risk Staffing issues can result in productivity loss As the complexity of processes increases specialized requirements also increase Inadequate or missing Continuity of Business (COB) plans Physical plant costs Controls Stringent hiring policies, rotation of personnel and separation of duties Ensuring adequate coverage of key roles, and sensitive processes Adequately staffed human resources with resources to find appropriate talent Creation and testing of realistic and robust plans that mirror production processes Merging similar functions to eliminate duplication Many banks offer treasury outsource functions and products that can be used by treasuries to reduce operational costs and risks; some of the contingency management can be handled by Banks instead of building multiple redundancies How do Banks and Treasuries Fit Together?

10. 10 Fraud Risk Law firm scams have significantly increased banks and counterpartys risks Dollar values of these items are higher – averaging 300K Law firms are not bound by Patriot Act and other banking regulations, prior to engaging in financial transactions Law firms are protected in many states by favorable LLC (Limited Liability Corporation) laws, that allow them to be exempt from loss liability Law firms have strategic advantage in local courts, if a dispute becomes a civil case Law firms understand that the courts have not caught up, to the new forms of fraud, and the courts do not favorably decide on Reg. CC breaches, regardless of the root cause Counterfeit rings understand banking Counterfeit rings use banking processes against banks and they exploit: Float Banks using rarely used Routing/Transit Numbers Banks operating in diverse regions Holidays National disasters, or national strife The level of sophistication of the counterfeiters is increasing Counterfeiters utilize any situation which can cause a delay in bank processing or perceived control loss Counterfeiters have banking experts working with them, and they understand how to exploit banking systems

11. 11 Fraud Risk Why is Fraud Increasing? Counterfeit rings exploit the mailing process –Items intercepted en-route to destination Funds availability –Hold times have decreased based on better collection processes Return check timelines –Investigation time is limited by the requirement to identify and return check settlement items to bank of first deposit in 48 hours Checks and other documents can be easily replicated –Availability of Off the Shelf check printing programs –Availability of Check Stock Sheer Volume Technology Regulation CC Mail Theft Jurisdiction Issues 49.1 billion checks issued annually In 2008, USPS intercepted more than 2 Billion worth of counterfeit checks drawn on U.S. financial institutions Control lapses on print and mail procedures Non-cooperation across international borders Investigations limited to large dollar amounts

12. 12 Fraud Risk Employ stringent hiring procedures with appropriate background checks Restrict employee access to customer file records Destroy obsolete check stock as soon as possible Do not include account number and authorized signatures in correspondence Establish dual control procedures for the handling of any unprinted check stock Best Practices Suggested Best Practices to Prevent Fraud Control Segregate Separate accounts payables functions Segregate the processing of returned checks Monitor Create audit trails and conduct surprise audits Reconcile bank accounts daily

13. 13 Credit Risk Payment transactions have inherent credit risk –Intraday / overnight exposures due to batch (e.g. ACH) and single entry transactions (e.g. Wires) – Risk exposures can be created due to special purpose funds deposited with a financial intermediary Regulatory protection against such exposures is limited –FDIC insurance, where available, is capped to $250,000 Organizations can mitigate credit risk by carefully evaluating their counterparties and by protecting their security interest in such relationships Organizations should carefully evaluate and choose banks and other financial intermediaries Security interest in such a relationship should be protected with an appropriate collateral

14. 14 Payments Systems Risk Payments are settled through a payments infrastructure which interconnects various organizations Such multilateral systems may increase, shift or transform risks in unanticipated ways Consequently organizations can be severely affected : –Either directly due to a system failure at their end Or –Indirectly, due to a failure in the other indirectly connected systems 1.Liquidity Risk : Breakdown in the payments infrastructure can pose liquidity challenges 2.Operational Risk : Payments systems malfunctioning can result in financial implications due to information loss 3.Legal Risk : Potential litigation or inability to enforce a contract could result in significant financial and reputational loss 4.Franchise Risk : Failure to meet payments obligation can result in negative publicity Banks as participants in payments systems, are deeply involved in risk evaluation. The payment system benefits from the collective evaluation Banks can help mitigate the payments systems risk through a disciplined risk evaluation of the payments infrastructure

15. 15 ACH Transactions Due to the batch processing nature and the regulation governing ACH transactions, there are risks that organizations should be cognizant of Credit Risk originates in ACH transactions in the following scenarios: –Counterparty not funding a transaction on their overdrawn account – Intraday and overnight balances – Unsecured deposits ACH rules for identification and reporting of suspicious transactions are different for organizations and individuals –Corporates have 48 hours to report and act against a fraudulent transaction –Individuals have 60 days Lines are blurred between a corporate and an individual transaction Organizations are sometimes left vulnerable due to lack of understanding of the qualification for transactions Credit Risk Fraud Risk

16. 16 Payments in the Age of Social Networks

17. 17 If Facebook were a country it would be the eighth most populated in the world, just ahead of Japan, Russia and Nigeria * Payments in the Age of Social Network The ubiquity of Social Networks cannot be ignored Piper Jaffray predicts that total US revenues from virtual goods will reach $1.0 Bn this year Facebook alone has more than 110 Million unique users in the US (As of March 2010, Source: nicburcher.com ) Growth of Facebook Users (MM) US Virtual Goods Revenue ($MM) Source:http://www.nickburcher.com/ Source: Piper Jaffray, Pay to Play: Paid Internet Services, July 13, 2009 56% CAGR Why should State and Local Government bodies care? * Owyang, J. (2009). A Collection of Social Network Stats for 2009 Retrieved March 20, 2010 ** Source : www.hci.org : Social Networking in Government: Opportunities & Challengeswww.hci.org Social Networks are the channels of the future to connect with citizens –Many state and local government bodies are already using Social Networks –Counties in Texas - Grayson, Collin and Cooke, have started their own Facebook and Twitter sites to make it easier for the public to access important information** 101% increas e

18. 18 Multiple Payment Options in the Virtual Economy Account Funded Credit/Debit Cards Mobile Virtual Currency Traditional Payments Next Generation Payments Virtual Goods/Services Monthly Subscription for Online Games Make payments directly from your bank account with added security Payor enters mobile number and funds are collected via monthly mobile bill Members can use purchased virtual currency to pay other members or buy goods online VisaMastercard PayPalGoogle PaymoMopay QQ Coins Facebook Credits

19. 19 P2P Payments Gaining Traction on Social Networks The new TwitPay will provide a means of quick and easy donations for Twitter users using retweets Charities looking for donations can simply tweet a request, and donors can respond by retweeting the message, which opens up a authorized payment transfer from the users account TwitPay collects up to 5% on these transactions Traditional P2P on Facebook P2P for Charity on Twitter Buxter is ClickandBuy's Facebook application that allows members to make P2P payments in either Euros or Dollars Allows Facebook users to: –Send money to other Facebook users –Receive money from other Facebook users –Request money from other Facebook users –Withdraw money to their ClickandBuy account –Purchase Facebook applications Users are only charged for withdrawals (1.9%) BuxterTwitPay

20. 20 Risk Management in the New Paradigm Authenticating the actual user or payor becomes increasingly difficult Sophisticated hackers can steal or create false identities easily Information security becomes increasingly important as social network IDs are now linked to users payment accounts Fraud Operational Legal Existing laws and regulations does not contemplate payments in the virtual context Inconsistent across markets (e.g. China outlaws use of virtual currency to buy real goods, while Korea allows virtual to real transactions) The taxation laws around gaming revenues are vague Payment processors must find balance between processing large volume micro payments efficiently without risking processing errors Payment monitoring must now extend beyond actual dollars, but must extend to how users are using their virtual currencies

21. 21 Banks Changing Role in Risk Mitigation

22. 22 Responding to Priorities Specialization State and Local Governments are grappling with todays economic realities How can Banks help? Drive InnovationEmbedded Partnerships Assisting in reaching higher levels of electronification while optimizing processes around residual paper-based payments Tools and analytics to proactively manage treasury-wide liquidity and funding strategy Industry expertise and advise on next generation of development in financial and treasury related processes Understanding and leveraging emerging consumer behavior to create bundled offerings like mobile top up or consumer directed payments Offering innovative solutions for all evolving payment needs along the entire paper to electronic payments spectrum from traditional check disbursements to virtual payments Cooperation: access market-ready platforms, product capabilities and a globally connected network and proven expertise Extend participation beyond treasury & operations to procurement and HR Collaborative innovation with evolving risks in m-commerce, secure digital identity, prepaid services and virtual payments paradigm Re-capitalization and asset stabilization with bail-out of entire industry sectors Increasing complexity of processes due to end consumers constant demand for additional services Budget pressures driving efficiency initiatives to reduce costs and increase productivity

23. 23 Case Study The Direct and Secondary Impact of Fraud

24. 24 International Checks Fraud What went wrong? –A crime ring infiltrated a postal vendor in the UK –They were able to identify and intercept pension payment mails –The names on the check were altered to fraudulently withdraw funds International check payments for a major public sector entity were intercepted at a mail vendor and tampered to fraudulently withdraw funds Banks can help you.. Innovate to stay one step ahead of counterfeiters –Measures like beneficiary name matching has been very successful in filtering fraudulent cases Communicate and exchange information with external vendors –Daily reconciliation with external vendors –Regular internal audits and reviews Plan comprehensively for recovery –Establish, Review, and Improve recovery plans in all locations taking the local regulations into account –Create internal measures for quick identification and priority processing for recovery related to fraud

25. 25 Conclusion

26. 26 Up-to-date information about regulation and compliance Fraud prevention Risk evaluation of payments systems Technology and Innovation Conclusions Risks to Treasury Operations are significant and are constantly evolving Regulatory environment is increasing the financial burden on Treasury Operations Fraud is increasing in sophistication New payment channels are also giving rise to new risks Banks can provide expertise to mitigate payments risk at a lower cost

27. 27 © 2010 Citibank, N.A. All rights reserved. Citi and Citi and Arc Design are trademarks and service marks of Citigroup Inc. or its affiliates and are used and registered throughout the world. efficiency, renewable energy & mitigation In January 2007, Citi released a Climate Change Position Statement, the first US financial institution to do so. As a sustainability leader in the financial sector, Citi has taken concrete steps to address this important issue of climate change by: (a) targeting $50 billion over 10 years to address global climate change: includes significant increases in investment and financing of alternative energy, clean technology, and other carbon- emission reduction activities; (b) committing to reduce GHG emissions of all Citi owned and leased properties around the world by 10% by 2011; (c) purchasing more than 52,000 MWh of green (carbon neutral) power for our operations in 2006; (d) creating Sustainable Development Investments (SDI) that makes private equity investments in renewable energy and clean technologies; (e) providing lending and investing services to clients for renewable energy development and projects; (f) producing equity research related to climate issues that helps to inform investors on risks and opportunities associated with the issue; and (g) engaging with a broad range of stakeholders on the issue of climate change to help advance understanding and solutions. Citi works with its clients in greenhouse gas intensive industries to evaluate emerging risks from climate change and, where appropriate, to mitigate those risks.