As part of its ongoing education efforts within federal agencies, on Capitol Hill, and at the state and local government level, the ATPC reminds these key stakeholders of the critical nature of the payments processing industry and its related activities. The recognition this list brings is significant as the National Critical Functions are “the functions of government and the private sector so vital to the United States that their disruption, corruption, or dysfunction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.”
There are three items on the list of particular interest to the ATPC and its member companies, one directly related and two with a secondary, indirect relationship.
- Provide Payment, Clearing, and Settlement Services – direct
- Provide Consumer and Commercial Banking Services – indirect
- Provide Funding and Liquidity Services – indirect
The National Critical Functions approach to risk management is featured in the National Cyber Strategy and the DHS Cybersecurity Strategy, and is the foundational element for the development of a “Risk Register.” This process is accomplished with expert representatives from government and industry to provide analysis, policy opinion, and operational insight resulting in a tiered (prioritized) manner based on need of mitigation and collective action.
The ATPC’s international platform – Payments 20, or P20 – performed the first industry-wide cyber “War Games” exercise in October 2018 and is in the process of lining up a second round to stress-test an industry runbook for cyber resiliency and recovery. This type of risk and dependency analysis, coupled with consequence modeling, showcases the inherent need for payments to be included in such considerations moving forward.
The ATPC has a long-standing reputation among Congressional offices as a leading resource on issues related to payments, and greater FinTech, including encouraging the passage of the Cybersecurity Information Sharing Act (CISA) in 2015. In addition, the ATPC’s Transaction Alley Cyber Forum, launched in 2017, convenes the top government and industry cyber experts for information sharing sessions. Through these platforms, and in partnership with others, the ATPC looks forward to leading the industry in these efforts.