Page 33 - GS250501
P. 33

Insights and Expertise




        Third-party risks
                                                                       Choosing a resilient payment
        Many financial institutions and payment providers don't
        just  rely  on their  own  infrastructure—they  depend  on   provider means greater stability,
        third-party vendors to deliver critical services. That's       fewer failed transactions and
        where things get complicated.
                                                                          a smoother experience for
        The CrowdStrike outage in 2024 was a wake-up call for       customers—a key differentiator in
        the industry. A single software update caused widespread
        service failures, affecting banks, payment providers and     today's competitive marketplace.
        merchants alike. Some businesses had strong resilience
        plans  in  place  and  recovered  quickly.  Others  were  left
        panicking realizing they had no control over the third-  emergency scenario tests to stress-test their resilience
        party disruptions that took them offline.               plans, confirming that third-party providers are meeting
                                                                compliance standards, and updating incident response
        The FCA made it clear: outsourcing responsibility doesn't   strategies so teams know exactly what to do in a crisis.
        mean outsourcing accountability. Financial institutions
        must actively manage third-party relationships, conduct   The FCA isn't expecting perfection overnight, but firms
        resilience tests and ensure that suppliers can meet regula-  must be able to prove they have made serious efforts to
        tory standards. If a third party fails, the responsibility still   comply. The closer they are to full compliance, the easier
        falls on the regulated firm.                            it will be to refine and strengthen resilience strategies in
                                                                the months ahead.
        For merchants, this adds a layer of risk. If your payment   Why resilience is a competitive advantage
        provider lacks oversight of its third-party dependencies,
        your business is exposed to the same risks.             Meeting PS21/3 standards is more than avoiding regula-
                                                                tory scrutiny; it's about building a stronger, more reliable
        Merchants should ensure that their providers have a clear   business.
        strategy for mitigating third-party disruptions, because if
        they fail, so do you.                                   Customers and merchants will gravitate toward financial

        Payment resilience is business resilience               institutions and  payment  providers  that  can  guarantee
                                                                stability. Payment providers that can prove their resilience
        Payment failures don't just frustrate customers; they im-  will be in a stronger position to win merchant trust and
        pact revenue, trust and long-term business growth. Mer-  secure long-term relationships.
        chants rely on their payment providers to ensure trans-
        actions go through smoothly, but not all providers are   In contrast, those that fall short risk reputational damage,
        equally prepared for PS21/3.                            customer churn and potential regulatory action.

        A resilient payment provider should have the infrastruc-  For merchants, choosing a payment provider that priori-
        ture to prevent reliance on a single processor by incorpo-  tizes resilience is a smart business move. Lost transac-
        rating multi-acquirer setups. They should also be able to   tions mean lost revenue. The ability to process payments
        switch payment traffic dynamically through intelligent   smoothly, even when disruptions occur, will set resilient
        transaction routing when disruptions occur.             businesses apart from the competition.
        Real-time monitoring is essential for detecting and resolv-  The last three years have been about preparation, but now
        ing issues before they impact customers, while transpar-  PS21/3 is reshaping expectations for financial resilience in
        ent resilience plans ensure they meet regulatory expecta-  the UK, and those who haven't adapted will feel the pres-
        tions and maintain trust with merchants.                sure. Firms that have taken resilience seriously will move
                                                                forward with confidence. Those that delayed or down-
        If your payment provider isn't ready for PS21/3, your busi-  played the importance of PS21/3 will have to work even
        ness could suffer the consequences.                     harder to catch up.

        Firms and merchants need to focus on refining and stress-  Ryta Zasiekina, founder of Concryt, is a leading voice in payments
        testing their operational resilience frameworks. Beyond   orchestration and fintech investment. Contact her via LinkedIn at linke-
        compliance, it's about ensuring they can actually function   din.com/in/zasiekina.
        in the face of a disruption.

        For those still finalizing their approach, the most urgent
        priorities include validating their impact tolerances to
        ensure they can recover within set timeframes, running

                                                                                                                33
   28   29   30   31   32   33   34   35   36   37   38