Keeping Canada’s payment systems safe through effective risk and security management

AUTHOR

Peter Dodic

Chief Risk Officer

As Chief Risk Officer at Payments Canada, Peter Dodic’s leadership focuses on embedding effective enterprise-wide risk management across Payments Canada. Peter leads the Risk Management, Legal, Compliance and Internal Audit functions. In his role, Peter protects our critical national payment systems and organization from top and emerging risks and ensures risks are managed within our risk appetite. Peter will participate in the Operational resilience: a leadership imperative panel available as part of The Payments Canada SUMMIT Digital Experience.

Payments Canada operates Canada’s national payment clearing and settlement systems. While it is a little-known entity to most Canadians, Payments Canada plays an essential role in the economy and the day-to-day operations of financial institutions and businesses across the country. Payments Canada’s systems ensure that payments made between financial institutions — more than 450 billion dollars a day — are completed safely and securely.

The safety of Canada's payment systems is our top priority. For this reason, security and risk management are inherent in everything we do. We operate our systems on behalf of our members with Canadians top of mind while facilitating the development of new payment methods and technologies to meet their needs. We do this by ensuring the proper technological and legislative protections are in place so payments are safe and secure today and into the future.

We are guided by our mandate, defined public policy objectives and regulatory standards that govern the safety, security and efficiency of Canada’s clearing and settlement systems. We work closely with the payment ecosystem to establish the legal framework (rules, standards and by-laws) that provide the foundation for safe and secure payment transactions and meet the needs of the evolving payment landscape. In consultation with our members and stakeholders, we maintain a framework of rules and standards that mitigate risk and facilitate the exchange of payments and deployment of emerging payment products and services.

Given that technology and cyber risks evolve rapidly, Payments Canada is continually enhancing its resiliency. We have a Cyber Resilience Strategy that outlines our approach to cyber security: managing risk and fostering preparedness and resilience within our organization and across the financial ecosystem. The plan ensures we are constantly watching for and closing gaps to maintain the resiliency of our operations.

Payments Canada operates within a network of financial institutions, regulators and other financial market infrastructures. We are held to the highest global security standards, including the Principles for Financial Market Infrastructures (PFMIs), Criteria and Risk-Management Standards for Prominent Payment Systems, Guidance on Cyber Resilience for Financial Market Infrastructures and the Swift Customer Security Program.

We also work closely with the Bank of Canada to meet their requirements for mitigating cyber threats through internal and external assessments. In addition to these requirements, we establish rules and standards around the security of payment items and connectivity of systems to which our members must adhere. From a wider, collaborative industry perspective, we work very closely with partners in the financial sector through cyber security industry groups.

We also participate in and lead industry exercises for operational resiliency and cyber resilience and share intelligence with partner agencies and organizations in the cyber community. Further to these collaborations, we are actively engaged in the international cyber risk community with our partners at the Bank of Canada.

Working closely with our members, regulators and vendor partners, we have made great strides in the safe and secure modernization of Canada’s payment systems. This can be seen through the introduction of Lynx, the implementation of ISO 20022 financial messages and enhancements to the Automated Clearing Settlement System (ACSS). To meet the growing demand for secure and innovative new payment products and services, work is also well underway to deliver a real-time payment system that meets the needs of Canadians, through the introduction of the Real-Time Rail (RTR) — Canada’s fastest payment system.

The real-time movement of money enabled by the RTR will give Canadians more control over their finances by allowing payments to be cleared and settled in seconds, not days, and providing greater confidence that payments have been finalized. It will also provide the foundation for new payment products and services to be introduced by members and innovators, leading to greater payment choice and convenience for all Canadians. The safety and security of the RTR is our priority, as for all of our systems. To that end, Payments Canada is leading a collaborative effort to deliver fraud capabilities. With the power of the Canadian payment ecosystem, we will leverage this network advantage against the ever-evolving tactics of fraudsters.

While every organization has a responsibility to protect itself, doing so as a collective is much more effective. Emerging risks, cyber security threats and incidents of fraud are all issues that affect the Canadian economy and our national security as a whole. We must continue to work as a collective to keep Canada’s national payment systems safe and secure.

I look forward to sharing more about this topic at The Payments Canada SUMMIT, Canada’s premier payment event in Toronto from May 29 to 31, 2024. I invite you to use my promo code, SUMM24PCVIP to save $100 on your ticket.

Hope to see you there,

Peter Dodic
Chief Risk Officer
Payments Canada