PAYZILLA ENTERPRISE RISK MANAGEMENT FRAMEWORK
The Board of Directors and owners of PayZilla® Payment Gateway are keenly aware of the dynamic nature of the financial industry in which it operates, and make continuous adjustments to the company’s processes and policies. As a result, the company has created a robust and comprehensive Enterprise Risk Management (ERM) Framework that it will use to identify potential events that could prevent the organization from achieving its planned objectives.
To this end, a risk management policy has been developed to align the company’s Mission and Vision, planning, and risk management systems and integrate them into all areas of PayZilla operations to support effective decision-making; The policy is also intended to foster and encourage a risk-aware culture among the staff, where risk management is viewed as a positive attribute of decision-making as opposed to a corrective measure.
THE FRAMEWORK
The oversight of risk management activities is a critical role of PayZilla Board and Management, The Board will therefore approve the implementation of the ERMF across all aspects of PayZilla operational activities to ensure that an adequate and effective Enterprise Wide Risk Management program is in place for identifying, measuring, monitoring, and controlling all material risks that could have a negative impact on the organization. PayZilla ERM Framework is founded upon the COSO Enterprise Risk Management Framework.
*The Committee of Sponsoring Organizations of the Treadway Commission is a joint initiative to combat corporate fraud. It was established in the United States by five private sector organizations, dedicated to guide executive management on relevant aspects of organizational governance, business ethics, internal control, enterprise risk management, fraud, and financial reporting. COSO has established a common internal control model against which companies and organizations may assess their control systems.*
The Chief Executive Officer (CEO) of PayZilla has the obligation to implement the ERM framework and ensure its efficacy across the organization, based on defined criteria. The CEO will also be responsible to ensure that the Senior Management team at PayZilla is adequately trained and resourced to carry out its management and monitoring mandate under the COSO ERM Framework. PayZilla Board and Senior Management will be trained in Enterprise Risk Management and the following oversight committees will be put in place with their roles herein described:
- The Board; approves the risk management framework, the policy and the risk appetite
- Discussions on risks affecting the company must be included in the Board Meetings
- Strategic, new or emerging risks discussed at the Board meeting which impact the company will be formally noted by the Chief Executive Officer and taken to the Executive Committee meetings where the risks shall be discussed and assigned
- The Asset and Liability Committee (ALCO); will take on the role to formally review the risk reports submitted by the Risk Management Committee, as such, ALCO will review risks and ensure that management is paying attention, and monitoring the risk exposure.
- The Audit Committee; will monitor the risks in line with PayZilla approved and outsourced independent internal audit partner. The Audit Committee reviews the top risks submitted by the ALCO committee and ensures that the Internal Auditors assess the systems implemented to control the risks.
- The Internal Auditors; will incorporate a to process to prioritize the testing of key controls emanating from PayZilla ERM Framework.
- The Chief Executive Officer; will ensure staff are trained at all key levels and involves all key stakeholders across PayZilla in the rollout of the various aspects of Enterprise Risk Management. The CEO ensures that Enterprise Risk Management is placed on the agenda of the Executive management meetings and that the key “Red” risks are reviewed and discussed before they are presented to the Board.
- The Risk Management Committee; is a key function, which shall be in place to ensure the efficient implementation of PayZilla ERM Framework. The committee provides oversight to ensure that standards are met, responses are appropriate and high level risks are treated and escalated.
- The Chief Risk Officer; shall head the Risk Management committee and shall be responsible for formulating and maintaining PayZilla Risk Management Framework. This entails, among other things:
- Drafting, Reviewing and Implementing the Group Risk Management Policy, Standards and Guidelines;
- Ensuring uniformity and roll-out of PayZilla Risk Management Framework, including training of the Management and the Board of Directors on risk management techniques;
- Creating an annual Risk Management Framework development plan;
The Board, Senior Managers and Risk Officers shall be trained in the principles and techniques of identifying risks, along with their roles and responsibilities related to the
ERM Framework and Job Descriptions shall be adjusted to include the role and responsibilities of each member of the committee including the Risk Officer.
PAYZILLA RISK POLICY SUMMARY
PayZilla Risk Policy guides PayZilla ERM framework and incorporates it as part of PayZilla overall Corporate Plan, ensuring that management controls are effectively integrated within PayZilla daily operational activities and it is continuously developed and improved. The Policy governs PayZilla financial services risk-based approach to managing its business which is designed to provide reasonable assurance that the organization’s objectives will be met.
PayZilla financial services approach to risk management is based on the following principles:
- Risk represents both opportunity and threat and therefore effective management is required to manage uncertainty associated with significant risks and increase the potential for reward through opportunities;
- Effective risk management equips management and staff with the tools to make appropriate risk and return decisions and provides greater assurance that PayZilla vision, strategy and objectives will be achieved;
- PayZilla Risk Assessment Reporting Standard requires the reporting of material risks to PayZilla Executive Committee, the Asset and Liability Committee (ALCO), the Audit Committee, and the Board of Directors (BOD)
MEASUREMENT CRITERIA
The following criteria must be used to measure PayZilla Financial Services risk management capability:
- Evidence of documented and up-to-date risk assessments in all PayZilla departments;
- Mitigating controls in all PayZilla businesses for risks with major or catastrophic impact has a gross risk rating between Medium to High; and
- Evidence of ongoing application and monitoring of Management Action Plans.
PAYZILLA RISK APPETITE SUMMARY
Risk Appetite Statement
PayZilla Risk Appetite Statement is the articulation of the aggregate level and types of risk that the company is willing to accept, or to avoid, in order to achieve our objectives. It includes qualitative statements expressed relative to earnings, capital, risk measures, liquidity and other relevant measures as appropriate.
See summary table below.
| RISK | APPETITE |
| i. Industry Risk | Moderate |
| ii. Legal & Regulatory Risk | Low |
| iii. Settlement Risk | Low |
| iv. Credit Risk | Moderate |
| v. IT & Data Security | Low |
| vi. Technology Risk | Low |
| vii. Change Risk | Moderate |
| viii. Third Party Risk | Low |
| ix. Governance Risk | Low |
| x. Strategic Risk | Moderate |
| xi. Operational Risk | Low |
| xii. Reputational Risk | Zero |
| xiii. Market Risk | Moderate |
This Risk Appetite Statement characterizes PayZilla tolerance for each risk as low, moderate, or high, according to the following definitions:
High – The level of risk will not substantially impede our ability to achieve our mission, goals, or strategic objectives. Controls are prudently designed and effective.
Moderate – The level of risk may delay or disrupt achievement of our mission, goals, or strategic objectives. Controls are adequately designed and are generally effective.
Low – The level of risk will impede the ability to achieve our mission, goals, or strategic objectives. Controls may be inadequately designed or ineffective.
Zero – The level of risk will significantly impede the company’s ability to achieve its mission, goals, or strategic objectives.
PayZilla business activities are subject to the risk types below:
| FINANCIAL RISK | NON-FINANCIAL RISK | |
| Market
Ø Foreign Exchange Risk Ø Interest Rate Credit Ø Counterparty Ø Concentration Liquidity Ø Funding Ø Capital |
Operational Risk
Ø People Ø Transactional Processes Ø IT Systems Ø External Events Ø Business Continuity Ø Money Laundering /Counter Financing of Terrorism Ø Cyber security Ø Political Ø Social Media Ø Compliance Risk Ø Regulatory Risk |
Strategic
Ø Strategy Development and Implementation Ø Profitable Growth Ø Competition Ø Market Share Ø Economic/External Risk Ø Relevance |
| Reputational Risk | ||
ANTIMONEY LAUNDERING RISK MANAGEMENT
PayZilla will maintain a robust risk based Anti-Money Laundering (AML) programme to give effective oversight over its Monetary business activities and its partner network. Once engaging new and continuing users on our platform, all transactions with registered users shall be reviewed using a risk-based approach in order to safeguard the business from fraudulent activities. Dedicated analysts and network officers shall be assigned to users based on their risk type; geographic and user account type. In light of the high incidence of fraudulent activities in electronic payment activities, PayZilla Compliance department shall employ a robust high end technology for the monitoring of financial transactional activities on our platform.
KNOW YOUR CUSTOMER (KYC)
PayZilla shall have a zero tolerance approach to AML risks, as such front-line staff will ensure that full KYC documentation is obtained from a user once financial transaction is initiated and all relevant questions asked at the first point of engagement of users to ensure smooth and effective transaction processing and monitoring. This in effect allows the front line to obtain and collate all the relevant information needed to make the most appropriate decision.
PayZilla requirement to ‘Know Your Customer” shall involve satisfactorily identifying the customer and establishing details pertaining to the customer’s occupation, economic activity, personal financial track record, source of wealth, source and or purpose of funds that will be involved in the transaction.
All PayZilla KYC Policies and Procedures shall be approved by the Board and readily accessible to all staff. All employees also sign a code of conduct and an Attestation and Adoption document indicating their awareness of PayZilla Compliance Policies and Procedures.
TRAINING
Training is key to the successful management of PayZilla compliance programme. In addition to training conducted at onboarding for new staff and new partners, all front-line staff shall be trained annually. We shall also provide regular training to address weaknesses detected during monitoring of financial transactions. Training of all employees and sub-agent owners, managers and staff are mandatory. Our Compliance team will implement an automated eLearning management tool powered by Ksmart Solutions Int’l LTD (PayZilla parent company). This learning management tool will allow all PayZilla staff and sub-agent owners and their staff to log onto a portal and participate in self-guided AML/CFT, Fraud & Proliferation prevention training.
PREPARED BY:
KSMART SOLUTIONS INTERNATIONAL
Dr Innocent Ogbue
Chief Executive Officer, KSmart Solutions Int’l LTD
Phone : +234 806 288 7330 (Nig),
