With its record-breaking $17.9 billion initial stock offering, San Francis-co-based Visa shook off its legacy as a
decentralized association of member
banks and reasserted itself as a centrally
coordinated, albeit highly distributed,
payment services and technology provider reaching virtually every corner of
global commerce. Although the organization, predominantly run and overseen
by bankers, was no stranger to various
aspects of credit and operational risk,
he joined Visa. Richey was a vice chairman at Providian from 1999 to 2005.
At the time of the Wamu takeover she
was head of enterprise risk management
and chief legal officer, and at Wamu her
titles were senior vice president of ERM
and executive vice president of card services.
Richey, who has a B.A. degree in linguistics and Far Eastern languages from
Harvard University and a J.D. from Stanford Law School, says that her banking
was outward-looking, having to do with
risk to the payment system and relating
to the success of the Visa brand. Second
was member risk, or settlement risk – the
risk that client financial institutions don’t
pay us what they owe on a given day. In
other words, when you use your card, you
create a debt that the card-issuing bank
has to pay through our system, so that
we can pay out to the acquiring bank the
money that is owed to the merchant.
Visa has invested heavily in system
redundancy; downtime over the last
15 years has totaled only 13 minutes.
Isn’t that much the same as counterparty risk in a wholesale payments or trading network?
Yes, except we are not a bank so do not
do the settlement ourselves. We rely on
a bank to do the actual settlement mechanics.
the IPO called for new systems and disciplines. “One of the things we needed to
do immediately when Visa reorganized
and went public was to develop the kind
of world-class internal control and risk
management system that hadn’t been as
big a priority in the association model,”
Richey tells Risk Professional.
Richey took her position in September 2007, four months after the new
Visa Inc. was formed in advance of the
IPO and as the successor of the Visa
International association. By that time,
veteran bank card industry executive Joseph Saunders was in place as chairman
and CEO. Both Richey and Saunders, to
whom she reports, had previously worked
at Providian Financial Corp., a pioneering marketer of highly customized and
subprime credit cards, and at Washington Mutual, which had acquired Providian in 2005 and has since become part
of JPMorgan Chase & Co. Saunders led
Providian for four years before serving as
Wamu’s president of card services until
experience, particularly at institutions that
ran into credit problems, has been useful
in helping to advise Visa and its banks
through recent economic troubles. The
bottom line for Visa has been impressive.
For the fiscal year ended September 30,
net income shot up to $2.35 billion from
$804 million, while operating revenues
rose to $6.91 billion from $6.26 billion.
The shares that went for $44 at the IPO
touched a 52-week high of $78 after the
October 27 earnings announcement.
“I have been impressed with the value attached, and receptiveness, to our
team,” says Richey. “Risk has been pri-oritized.”
Did Visa have a centralized risk
function or CRO before the reor-
ganization?
There was a risk function at Visa International, which was the umbrella organization for all the Visa regions. At that
time there were three main functions.
First was data security and fraud, which
And the third risk function?
There was an ERM system in place, a
risk identification and assessment program. It was what has become common
today, conducting surveys and identifying the top risks to the enterprise. That
and the other risk functions were administered regionally, with central oversight
from Visa International.
How has that approach changed?
We have built on that foundation. Visa
Inc. has a centralized, U.S.-based corporate structure, rather than the previous
regional association structure. Data security and fraud is still a very important
priority – the integrity of the brand is a
key corporate priority – and is managed
more centrally. We still concern ourselves,
particularly in the financial crisis, with
the settlement risk, also managed more
centrally. On the enterprise risk side we
have formed an internally facing team,
dealing with Visa Inc. as opposed to the
payment system or client financial insti-
