June 24, 2013
The Forgotten Check
The paper check—remember those things that came 25 to a packet along with a vinyl cover? You could get them in basic solid colors, with floral designs, monogrammed, or even with your favorite sports team or your pet's picture. You would have to actually sit and write out all that information and even had to record the amount you needed twice, once in figures and once spelled out. (Does "fifty" have an "e" or not?) If you had the style that contained a duplicate to help you remember checks you’ve written to record in the register, you had to press down hard and put the divider in so the duplicate on the next check wouldn’t pick up the writing. It's no wonder that, when electronic bill payment and other alternative payment methods came along, they were so widely and quickly accepted.
Over the last three decades, there has been an ever-decreasing use of checks, especially by consumers. Aided by the advent of Check 21, image capture, and ACH conversion, volumes have decreased to the point that by 2010, the Federal Reserve System had consolidated its 45 check processing centers to a single operation at the Atlanta Fed. Still, despite the rapid decline in volume on the consumer side, the check remains a key payment instrument for commercial customers.
Despite physical security enhancements such as watermarks and holographs and services such as positive pay to detect unauthorized checks, the low-technology aspects of the paper check make it an appealing target to the less-sophisticated criminal. With knowledge of the routing-transit number and account number, criminals can quickly create a counterfeit check displaying high-quality graphics. Since signatures are generally checked only on a random basis and on extremely large dollar items by the drawee bank due to bulk filing process, passing "bad paper" at a number of locations in a short period of time can result in sizeable losses. Based on the Financial Crimes Enforcement Network's 2012 SAR [Suspicious Activity Report] Activity Review—By the Numbers, the number of check-fraud SARs increased 6 percent over 2011 and represented the largest category of fraud-related SARs in 2012.
While much of the risk management effort these days is focused on electronic payments, be sure not to forget about the paper check. It is obvious the crooks haven't.
By Dave Lott, a retail payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference The Forgotten Check:
April 02, 2012
What defines an efficient market?
"There was an active debate on whether the Reserve Banks should be involved in card-based systems, but we concluded that card systems were not something that the Reserve Banks needed to become operationally involved in. [We concluded] that the private sector was developing these systems appropriately on their own, and that it didn't need public sector intervention." (From Louise Roseman's keynote address at the November 2011 Retail Payments Risk Forum conference, "The Role of Government in Payments Risk and Fraud.)
I recently re-watched video clips from Louise Roseman's keynote address at our November 2011 Retail Payments Risk Forum conference. In these clips, Roseman, who is the director of Reserve Bank operations and payment systems at the Board of Governors, explained that the Fed occasionally, but not always, provides payments services. She mentioned that when credit cards started to appear, the Fed debated whether or not they had a role in that market. However, the Fed determined that the market was functioning well enough on its own and that intervention was not justified.
Roseman discussed a contrasting example of when the Fed did intervene in a market: check clearing in the 1910s. In the 20th century, paper checks had to be physically presented at the bank they were drawn on in order to clear. While this process was easy for checks drawn on and deposited at banks located in the same major city, it was much more difficult for checks that had to travel inter-city or were drawn on country banks. To process these out-of-town checks, banks had to manage multiple correspondent relationships. Across banks and clearinghouses, this meant frequent handling and duplication of effort. And when a receiving bank did not have a correspondent relationship with the paying bank, these checks did not clear at par—that is, paying banks charged presentment fees for settling checks with noncorrespondents.
To minimize presentment fees, banks would sometimes send checks on a circuitous route. What follows is a real example of one check's meanderings. (This journey is documented in Clearing Houses and Credit Instruments, a 1911 publication of the National Monetary Commission.) Woodward Brothers of Sag Harbor, NY, wrote a check for $43.56 from its account at the Peconic Bank to Berry, Lohman, and Rasch of Hoboken, NJ. The check was deposited at the Second National Bank of Hoboken. The Second National Bank of Hoboken sent the check to Harvey Fisk and Sons, of New York, who sent the check to the Globe National Bank of Boston, who sent it to the First National Bank of Tonawanda (on the far western border of New York). From Tonawanda, the check made its way to the National Exchange Bank of Albany, was forwarded to the First National Bank of Port Jefferson, went on to the Far Rockaway Bank, and ended up going back to the Big Apple at Chase National Bank. From Chase, the check went to Queens County Bank of Brooklyn, and finally back to the Peconic Bank of Sag Harbor!
At the time, many bankers pushed for the Fed to provide check clearing to reduce these inefficiencies. The Fed obliged, which resulted in savings to the whole market and all checks clearing at par.
Check clearing is just one example of a payment system in which the Fed could improve the overall efficiency of clearing and settlement processes. Are there other markets for which we could replicate this success? What defines an efficiently functioning market?
By Jennifer C. Windh, a senior payments risk analyst in the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference What defines an efficient market?:
May 02, 2011
The check's in the mail, but it might be fraudulent
Amid the constant hubbub of emerging fraud schemes, research shows us that criminals are rational consumers of the nth degree. They instinctively move to the path of least resistance. While the exciting and glamorous fraud topics today involve wire fraud, account takeovers, ID theft, and skimming, the results of the Association for Financial Professionals' (AFP) annual corporate fraud survey remind us that the most fraud vulnerable instrument available today is the paper check. Why? Because check fraud is a decidedly low-tech practice whose ingredients include a bit of thievery, a good copying machine, and possibly, but not necessarily, some magnetic ink.
Corporate experiences with check fraud
The AFP's study tabulated survey results from around 400 public, private, nonprofit, and government organizations across a wide range of sizes. Over 70 percent of the respondents reported that they had been the victim of fraud in 2010. Of those, 93 percent reported fraud involving checks, compared to 25 percent with ACH debit fraud and 23 percent with consumer card fraud. Moreover, of the fraudulent methods used, checks also experienced the highest rate of increase, with 30 percent of organizations reporting an increase in check fraud. And check fraud accounted for 53 percent of the reporting organizations’ financial losses. Interestingly, while actual fraud losses were deemed to be modest in total dollar terms, 84 percent of the respondents had made efforts to protect themselves against check fraud by implementing positive pay controls on their corporate accounts; 53 percent had implemented payee positive pay.
Bank experiences with check fraud
The corporate responses synchronized well with the results of the American Bankers Association's (ABA) last deposit account fraud survey in 2009. At that time, 80 percent of respondent banks reported check fraud losses totaling over $1 billion, which is 23 percent higher than losses experienced with debit/ATM cards. Interestingly, there seems to be little evidence in the ABA report or elsewhere to indicate that check fraud stems from abuse of new technology. At the outset of the implementation of the Check 21 legislation, many industry pundits forecasted that losses would climb as a result of widespread implementation of remote deposit capture (RDC) technology, but it appears such has not been the case. In fact, several large banks, emboldened by the experiences of pioneers such as USAA, have even extended remote capture into the homes of their depositors who are armed with the latest in RDC technology—the smart phone.
Yet, there are growing concerns within the industry that the "gild may be off the lily," as the bad guys learn more about the opportunities. A friend and Sunday school classmate of mine who works for a large national bank reported to me that they had been beset over the past few weeks with an interesting scheme involving new account fraud and checks. Individuals have been opening new accounts and obtaining a debit/ATM card at the outset. After making a modest deposit of good funds to open the account, the new customer then used their ATM card to deposit several counterfeit checks at ATM locations. Per the bank’s policy, some or all funds were made available to the customer immediately (depending on the dollar amount of the check). The customer took advantage of that fact, withdrew the maximum amount possible the next day, before the return deadlines, and then walked away (well, one actually complained because not all funds were made available, but that’s another story, involving criminal indignation).
The unit cost of fraud and fee revenue deliberations
The upshot of all this is that there is a lesson to be learned. Just because we see checks as a diminishing-use instrument doesn't mean we should let our guard down whether we are a consumer, a corporation, or a bank. In tough economic times, a billion-dollar loss to the banking industry is still an expensive ticket. Having just wrapped up the Federal Reserve's 2010 Retail Payments Study, I was interested in exploring fraud from a slightly different angle by looking at the average fraud per check written in the United States. While not all industry surveys align perfectly with respect to samples, time frames, response levels, and so forth, they are close enough to produce some interesting observations. Further, such a calculation might help us understand what the actual "fraud tax" is on checks as banks consider future check service fee issues.
The 2009 ABA study estimated that 760,955 cases of check fraud took place in the 2008 reporting year, with actual losses estimated at $1.024 billion. Compare these numbers to 561,306 cases and $969 million in the 2006 study and 616,469 cases and $677 million in the 2003 study. The concurrent Fed payments studies in 2004, 2007, and 2010 estimated the number of checks written in the United States at 37.6, 33.1, and 27.8 billion, respectively. Doing the math reveals that the per-item cost of fraud losses has gone from $.018 to $.029 to $.036 (unadjusted for inflation). Said differently, the unit cost of fraud for every check written has doubled in six years to 3.6 cents per item even as aggregate check volume has fallen by 26 percent. By the way, this figure represents the costs of fraud losses, not the total cost of fraud management for the check world.
In summary, while the industry debates the issue of the cost of fraud management in the Durbin debit card interchange regulation, perhaps similar scrutiny should be applied to the cost of fraud management in the check world as check volume diminishes. Somewhere out there is an opportunity to adopt an overall fraud management fee strategy as yet another arrow in the quiver of strategically leading customers to payments choices that make sense for the bottom line of a bank.
By Rich Oliver, executive vice president of the Atlanta Fed and director of the Retail Payments Risk Forum
TrackBack URL for this entry:
Listed below are links to blogs that reference The check's in the mail, but it might be fraudulent:
March 01, 2010
Mobile remote capture: Is there a consumer market for on-the-go deposits?
In the last six months, there has been a growing buzz about a few banks that have launched or tested applications that allow their customers to make deposits by taking a picture of a physical check (front and back) with a mobile phone. The photo is converted to a digital image that is encrypted and transmitted to the bank for processing. For security and privacy purposes, no information is stored on the mobile device.
Mobile capture is just the latest innovation in remote deposit capture (RDC) designed to make the service more affordable and convenient for a broader customer base. As with most new payments technologies, risk figures to have a role in how rapidly this innovation is embraced, as I'll discuss below.
The RDC market had generally consisted of large commercial customers with an established banking relationship. However, when RDC vendors tweaked the technology to allow the use of the flatbed scanners typically used in the home, it opened the door for banks to offer a low-cost RDC solution targeted to small businesses and consumers.
Consumer capture initially adopted by credit unions
USAA Federal Savings Bank was the first bank to offer consumer capture in 2006. USAA serves a membership primarily comprised of military personnel and their families who are often deployed far from its sole branch office in San Antonio, Texas. The launch of its Deposit@Home® consumer capture service allowed its customers to make deposits from anywhere in the world using a scanner and Internet connection. Other credit unions have since followed suit with consumer capture products that offer another self-service channel for their customers, much like ATMs and online banking.
In researching a recent paper on consumer capture, I found that several factors make consumer capture an attractive product offering to credit unions. First, credit unions typically have a small branch network, and often their members are geographically dispersed across the country. Second, the disproportionately high per-item processing costs of deposits for credit unions because of their remote customer base make a compelling business case for consumer capture. Third, credit unions may have less concern about fraud issues with consumer capture because they have a "trusted" customer base.
Mobile applications reinvent consumer capture
In August 2009, USAA took the lead again in consumer capture by launching Deposit@MobileTM, a remote capture service for its mobile banking application for Apple's iPhone. In its first six weeks, a reported 270,000 members installed the updated iPhone application, and approximately 40,000 of them used the software to deposit more than 100,000 checks worth a total of $61 million. Within five months, USAA customers deposited more than $300 million using their iPhones. Last month, USAA announced a mobile application for the Android operating platform.
Not surprisingly, the USAA experience has piqued the interest of other banks to either test or consider a mobile capture application. Another driving factor is the ubiquitous nature of the cell phone in the United States, as well as the particular influence of the iPhone. A Javelin study found that iPhone users are one-and-a-half times likelier to use their mobile device to log into a bank account than all other smartphone users. There is also evidence that mobile banking customers are interested in mobile capture technology. According to the Mercatus Mobile RDC Adoption Research study conducted last year, close to two-thirds of today’s mobile banking customers are likely to adopt mobile remote deposit capture if the technology is offered by their banks.
Will concern about the potential fraud risk slow bank adoption?
While some are excited by the potential this technology has for buoying the use of mobile applications in banking, others are more concerned about the potential fraud and compliance risk this service presents to banks. Although the Federal Financial Institutions Examination Council (FFIEC) RDC Risk Management Guidance broadly covers RDC performed at any location, there still appears to be lingering concern about mobile capture. In fact, a recent Celent survey of U.S. banks found that the most common reason cited for not adopting mobile capture technology by the majority of respondents was concerns over risk and compliance.
Currently, there is still a small minority of banks offering mobile capture. For those banks sitting on the sidelines, the question is how long they will have to wait before feeling pressure from their competitors, as well as from customers who demand the functionality. As aptly described by an USAA executive, "Going to the bank to deposit a check soon may be as antiquated as black-and-white TVs."
By Jennifer Grier, senior payments risk analyst in the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference Mobile remote capture: Is there a consumer market for on-the-go deposits?:
September 21, 2009
Not all payments are equal under "good funds" laws
Anyone who has participated in a real estate closing can attest that it can be a daunting experience. There are many parties with their hands out at the closing table to consummate the deal—the buyer, seller, and attorneys, to name a few. However, it can all collapse like a house of cards if the funds underlying the transaction are not collected or "good."
Ripple effects can be devestating when a lender fails to properly fund an escrow closing transaction. A notable case is the collapse of mortgage lender Abbey Financial in 1994, which resulted in hundreds of consumers over six states stranded with either unfunded mortgages or double mortgages because their first mortgage was not paid off in a loan refinancing. Many of Abbey's checks were dishonored, which left several attorneys with shortfalls in their trust accounts.
The aftermath of Abbey sent shock waves through the mortgage industry and prompted many states to enact "Good Funds" laws to ensure that the money funding a real estate purchase and refinance transaction is secure and ready for disbursement. The purpose of the law is to provide assurance to the consumer and other parties that the funds are in the proper hands before the deed or mortgage is recorded. This thereby protects the seller from conveying property to a buyer whose check is drawn on an account with insufficient funds.
What makes a payment "good"?
Typically, a closing agent will deposit all funds connected to a real estate transaction into an escrow account for disbursement at the closing. Most good funds laws stipulate the type of funds (e.g., cashier's checks, or wire transfers) that an escrow agent can accept. However, what is considered "good funds" can vary by state. In Georgia, for example, the law expressly permits certain types of checks:
A settlement agent may disburse proceeds from its escrow account after receipt of any of the following negotiable instruments even though the same are not collected funds: (1) a cashier’s check from a federally insured bank, savings bank, savings and loan association, or credit union ; (2) a check drawn on the escrow account of an attorney or real estate broker ; (3) a check issued by the United States or Georgia ; and (4) a check or checks not exceeding $5,000 in aggregate per loan closing.
Several states have taken a stricter approach in defining acceptable funds. Specifically, wire transfers are often the only funding mechanism allowed and, in some cases, are required for transactions over a certain dollar amount. Although not an exhaustive list, a general Internet search revealed that Indiana, Minnesota, Missouri, and Texas are among those states with good funds laws that limit electronic funds transfers to "wire transfers" instead of the broader "electronic payment," as defined in Regulation CC (12 CFR 220.10 (p)), which would otherwise permit funding using automated clearinghouse (ACH).
For example, the Indiana Good Funds Law defines wired funds as "good" but requires that they be "unconditionally held by and irrevocably credited to the escrow account of the closing agent." Only funds transferred through Fedwire or CHIPS are immediate, final, and irrevocable. Consequently, it appears that Indiana’s law excludes electronic fund transfers through ACH since consumer Regulation E rights with regard to unauthorized ACH credits may create some risk that ACH funding of a real estate transaction could be reversed long after the closing.
Secure funds important in uncertain times
The current housing crisis has undoubtedly caused some anxiety for all parties in a real estate transaction about the risk of a deal falling through. Numerous bank failures and increased real estate fraud have further complicated the process. Although there are differences by state, the good funds laws help to mitigate some of the risks by helping to ensure that the funding of real estate transactions is reliable.
By Jennifer Grier, senior payments risk analyst at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference Not all payments are equal under "good funds" laws:
August 24, 2009
Forum launches “Payments Spotlight” podcast series
Since February 2009, the Retail Payments Risk Forum has regularly posted to the Portals and Rails blog interesting and thought-provoking topics related to retail payments risk issues. This online forum provides a dynamic platform to spark conversation and foster ideas about these topics. In an effort to further expand the dialogue, we are excited to announce the launch of the Payments Spotlight podcast series this month.
Payments Spotlight will be posted regularly on the Federal Reserve Bank of Atlanta’s Web site. The podcast will feature recorded interviews with leading experts in the payments industry on relevant issues. The first installment features a conversation with Woody Tyner, payments strategist at BB&T Bank in North Carolina. In his comments, Mr. Tyner provides an insightful perspective that is definitely worth a listen on how the payments industry can balance innovation and risk management.
We hope that you will not only check out this installment but also tune in on a regular basis as we feature other leading thinkers and practitioners representing a wide array of perspectives. You can listen to the Payments Spotlight podcast using any computer audio software that will play MP3 files. To subscribe to the podcast series directly, go to the Atlanta Fed podcast page, click on the "subscribe" button next to Payments Spotlight, and follow the instructions for adding the series to your aggregator. You can also follow the series by staying tuned to Portals and Rails, where we will post information about new podcasts as they become available.
Let us know what you think, and please submit any suggestions you have for future podcast topics.
By Jennifer Grier, senior payments risk analyst at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference Forum launches “Payments Spotlight” podcast series:
July 06, 2009
Remotely created checks: Distinguishing the good from the bad
There are no hard numbers to quantify that remotely created checks (RCCs) pose greater risks than other payment types. However, there are known instances of RCC fraud, the impact of which can be significant. So the depository banks liable for RCCs may want to keep a vigilant eye on the situation.
What are RCCs?
These are checks that are not created by the paying bank and do not include the account holder's signature. In lieu of an actual signature, the check's signature block typically contains the account holder's printed name or standard language indicating authorization. RCCs have been used for recurring transactions, such as insurance premium payments, for quite some time. This solution offers consumers an alternative to the hassle of manually writing out checks each month. More recently, RCCs have also been used in nonrecurring transactions, such as purchases or bill payments made over the telephone or Internet. Though a useful form of payment, RCCs introduce risk into the retail payments system.
What are the risks?
As stated above, RCCs do not require a signature for authorization. As a result, they are vulnerable to misuse by fraudsters who can, for example, use an RCC to debit a victim's account without receiving proper authorization or delivering the goods or services. The risk of fraudulent RCCs is amplified in one-time purchase scenarios where the merchant is relatively unknown to the customer.
To address the fraud risk of RCCs, in July 2006 the Federal Reserve modified the liability structure for this particular type of check. The liability for unauthorized RCCs shifted from the paying bank to the depositary bank, which must now warrant to the collecting and paying banks that the RCC presented has been properly authorized. The Federal Reserve's amendment provides economic incentive for the depositary bank to perform additional vigilance when accepting RCCs given the warranties they must make. Since the depositary bank maintains the relationship with the bank customer depositing the RCCs, it is in the best position to mitigate the fraud risk. The challenge is that banks cannot readily identify RCCs in an automated fashion through the existing MICR line format. Generally, review of incoming RCCs requires manual intervention.
How pervasive are they?
In light of this identification challenge, the Fed applied a modified definition of RCCs to a sample of check transactions in order to establish a reasonable estimation of the volume of RCCs. As a result, the Federal Reserve's 2007 Check Sample Study concluded that less than 1 percent (0.95) of the checks sampled were RCCs. It is unclear how accurate this result is when considering the regulatory definition, but it is probably fair to say that RCCs are only a very small portion of check volumes overall. Moreover, the analysis did not discern within that estimate the number of illegitimate RCCs. It is the cases of misuse that have prompted some to call for a ban of RCCs altogether. While there is anecdotal information and well-publicized cases (such as the 2008 Wachovia case) highlighting abuses committed using RCCs, there is a lack of concrete data reflecting the portion of RCCs that are fraudulent or returned for other reasons.
RCCs represent a relatively small subset of checks overall. However, applying the Check Sample Study methodology and results of the Federal Reserve's overall 2007 Payments Study, the number of RCCs in 2006 alone would still have represented approximately 286 million items.
We know that some portion of these RCCs represent fraudulent cases where the payment was never authorized. However, we also know that when it does occur the consequences may be substantial in terms of adverse consumer impact. Therefore, despite the lack of complete data, it is unwise to allow RCCs and the known misuses to fall completely off the radar.
By Crystal D. Carroll, senior payments risk analyst of the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference Remotely created checks: Distinguishing the good from the bad:
June 22, 2009
Payments fraud no longer just a white collar crime
Definition: white collar crime - a crime committed by a person of respectability and high social status in the course of his occupation. — Edwin Sutherland, 1949
I recently ran across a news article that was a shocking reminder of the widening criminal network involved in payments fraud. On May 13, the district attorney in San Diego announced the arrest of 60 people on felony charges in connection with an elaborate bank fraud scheme. It was the culmination of a 10-month-long investigation of a $500,000 check cashing scam at Navy Federal Credit Union. Not an unusual story until I read who masterminded the scheme—a San Diego street gang.
According to the press release, this was the first time a violent street gang was targeted for its involvement in complex bank fraud in California. The gang members worked in cooperation with existing account holders to deposit counterfeit checks into their accounts and then withdraw the cash before the credit union could determine the check was fraudulent. In return, the account holder would receive a commission of up to several hundred dollars on checks ranging from several thousand to tens of thousands. The District Attorney concluded that the size, scope, and sophistication of the operation indicated that the criminal street gangs in San Diego are expanding their criminal enterprise into white collar crime.
A similar case of check fraud and gang activity occurred in Phoenix last year. "Operation Blank Check" was a year-long investigation that uncovered a check fraud scheme totaling nearly $3 million. Postal inspectors initially contacted the Phoenix Police Gang Enforcement Unit about gang members being involved in mail theft and fraudulent schemes. Further investigation revealed that the suspects had been involved in violent gang activity and transitioned to white collar crime. A broad partnership of local, state and federal law enforcement agencies worked on the case and was able to arrest more than 100 individuals, 77 of whom were "hard core gang members" representing 22 local gangs.
There have also been several cases of identity theft involving street gangs in recent years. An April 2007 report by the President's Identity Theft Task Force noted that law enforcement agencies across the country have observed a steady increase in the involvement of groups and organizations of repeat offenders or career criminals in identity theft. Some of these groups are formally organized and well-known to law enforcement because of their longstanding involvement in other major crimes, such as drug trafficking. Others may be more loosely organized but are able to connect and coordinate their activities through the internet.
The comparative ease of committing financial crimes has made it more appealing to street gangs as a way to support other criminal activities. The investigators in the Navy federal case speculated that the gang members used the half-million dollars to help fund illegal gang activities and pay for a lavish lifestyle.
Multiagency collaboration key to combating fraud
The key to apprehending the defendants in this case was a coordinated operation involving the U.S. Secret Service, San Diego Regional Fraud Task Force, San Diego Police Department Gang Detectives, San Diego District Attorney Investigators, U.S. Postal Inspection Service, Naval Criminal Investigative Service, Navy Federal Credit Union, and the California attorney general's office.
Each agency played a significant role in the investigation that was initiated when the Naval Credit Union investigators noticed suspicious activity in 2005 and reported it to the Secret Service. For example, the San Diego Police gang detectives helped to identify and interview the suspects. The U.S. Postal Inspection Service helped locate suspects and investigate the counterfeit checks. The San Diego Regional Fraud Task Force, district attorney's office, and attorney general's office became involved due to their experience handling complex fraud investigations.
This case is just one example of the importance of cooperation between local, state, and federal law enforcement in effectively combating payments fraud. By forming interagency task forces that allow for expertise and intelligence sharing, law enforcement can be in a better position to prosecute and, hopefully, deter fraudsters.
By Jennifer Grier, senior payments risk analyst at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference Payments fraud no longer just a white collar crime:
May 19, 2009
State attorneys general shine light on gray areas of payments risk
When considering due diligence standards in payments relationships, banks and others may want to look beyond bank regulators, legal requirements, and NACHA rules to also include considerations developed out of the work of state attorneys general. During the last several years, state attorneys general have found their way into the payments risk management space as they have sought to inhibit merchants from evading taxes, promoting internet tobacco sales to minors, and other illegal behaviors. In their pursuit of wrongdoers, states have investigated the payments processors who aggregate and/or initiate ACH payments or remotely created checks, and the banks who accept these items through their account relationships as well. In doing so, these states have negotiated settlement agreements, which include due diligence policies for banks and payment processors. The results of these efforts may raise interesting questions as to whether or not existing regulatory guidance, NACHA rules, or legal requirements are sufficiently specific or clear standing alone.
One instance is instructive. Beginning in 2006, the states of California, Idaho, and New York began to investigate Internet tobacco sales activities in violation of various state laws. These investigations led to negotiated settlements with ECHO Inc., a payments processor, and with First Regional Bank, a California-based financial institution. These settlements included detailed requirements for the processor and the bank to perform due diligence on their customers (or, for the bank, their customers' customers). In particular, First Regional Bank was required to institute a "Tobacco Policy" under which the bank would perform specific steps to ensure it did not permit illegal tobacco sales activity to be facilitated using payments originated via its accounts. As an example, the bank's policy would include terminating accounts with any processor who failed to terminate processing for any customer who a) switched ACH activity to "demand drafts" (presumably focused on remotely created checks) once notified of a problem or b) offered "demand drafts" as a means to avoid ACH return scrutiny. This provision highlights a particular concern with illegal activity, including frauds, switching between ACH payments, and remotely created checks to avoid the network scrutiny instituted by the ACH operators and NACHA.
The efforts of the states, such as in the example above, raise potential questions about the specificity and clarity of the guidelines issued by the banking regulators, such as those issued by the OCC and FDIC with regard to payments processor relationships. The bank supervisors promote banks taking a risk-based view of due diligence requirements rather than prescribing specific actions. NACHA rules require commercially reasonable standards generally, suggest contracts should be in place with third-party senders, and make clear the ODFI bears the responsibility for the items it introduces into he ACH network but do not otherwise prescribe due diligence standards for processor relationships.
Subject to the principles-based standards described in supervisory guidance, NACHA rules, and other considerations, banks and even payments processors themselves might want to consider the standards included in state attorney general settlements in developing their own due diligence policies.
By Clifford S. Stanford, assistant vice president and director of the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference State attorneys general shine light on gray areas of payments risk:
April 14, 2009
Why aren’t we seeing fraud in remote deposit capture?
The growth in electronic payments and a distressed economy together have created an environment ripe for new payment fraud opportunities, according to the Association for Financial Professionals' 2009 Payments Fraud and Control Survey. But while the report notes that more than 70 percent of firms surveyed were the victims of attempted or actual fraud during 2008, no increase was reported in attempted fraud associated with the adoption of remote deposit capture (RDC) services. While nearly half of the respondents indicated that their organizations had offered services to customers to transmit check images using remote deposit, only 1 percent reported that they experienced payment fraud as a result.
Does nascence explain lack of reported fraud?
While RDC adoption has been rapid, it remains at an early stage in the technology adoption lifecycle. Anecdotal evidence suggests that some financial institutions and their customers have initiated service offerings judiciously to known business customers and thereby mitigated the inherent risk exposure from RDC. However, less sophisticated adopters may lack the operational systems and control processes to identify fraud when it happens or are otherwise not forthcoming to admitting when they are victimized. Time will tell if fraud trends emerge or become more transparent as RDC grows into a more mature service offering by financial institutions.
Risk management and regulatory oversight
We spoke with examiners in the Atlanta Fed and learned that they've had RDC on their radar for some time and have promoted sound risk management practices during bank examinations in advance of formalized interagency guidance. In January, the Federal Financial Institutions Examination Council (FFIEC) published its official guidance for banks' risk management of RDC services. This guidance provides a comprehensive summary of the risks inherent in this service and the necessary elements of an effective risk management program. As prescribed in the FFIEC guidance, the same disciplines that apply to the risk management of other bank products and services apply to RDC. First and foremost, it is critical to have proper due diligence in the selection and monitoring of third-party service providers to whom certain operational functions are outsourced, along with accurate and ongoing self-risk assessments of the financial institution's internal and external business environments.
No one can be sure why firms that offer RDC aren't experiencing fraud as they are from other payment services, particularly those that are check-related. It could be the way that information is captured and reported within an organization. One thing we know for sure is that RDC adoption is expected to continue to grow as businesses and consumers convert paper checks to more cost-effective electronic payments. Will fraudsters find vulnerabilities to exploit in the risk management efforts on behalf of product vendors, bank regulators, third-party servicers, and the financial institutions themselves? We would like to hear from you. Feel free to share your thoughts with us.
By Cindy Merritt, assistant director of the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference Why aren’t we seeing fraud in remote deposit capture?: