Portals & Rails

October 27, 2014

ISO 20022 in the United States: What, When, Why, and How?

At the October 2014 Sibos conference in Boston, there was considerable discussion about the International Organization for Standardization (ISO) 20022 standard, which many major non-U.S. financial markets began moving toward a few years ago. ISO 20022 is a public international standard for financial sector global business messaging that facilitates the processing and exchange of financial information worldwide.

In Canada, adoption drivers include the use of domestic messaging standards in proprietary ways that created inefficiencies and the need for enhanced remittance data to add straight-through processing and automated reconciliation, according to a Canadian speaker at the conference. A speaker from Australia explained how the new real-time payment system that country is building will use ISO 20022, and one of the drivers is the desire for rich data to enable automation.

The United States is behind in the adoption curve, which raises the question, why? Several Sibos sessions included discussion of a study commissioned by an industry stakeholder group and conducted by the advisory firm KPMG. (The stakeholder group—which consists of representatives from the New York Fed, the Clearing House Payments Company, NACHA–The Electronic Payments Association, and the Accredited Standards Committee X9—formed to evaluate the business case of U.S. adoption of the ISO 20022 standard.)

KPMG interviewed participants of markets already moving toward adoption and found that adoption was largely driven by both infrastructure change, as in the Australian example, and regulatory requirements. In addition, many U.S. firms, beyond the large financial institutions and corporations, lack in-depth knowledge about ISO 20022. Two additional barriers in the United States are (1) the exact costs of ISO 20022 implementation are difficult to pinpoint, in part because they vary by participant, and (2) the country has no industry mandate for adopting the standard.

In one conference session, a speaker categorized some of the strategic reasons the United States should move forward, framing them in terms of the risks of nonadoption. These reasons include:

  • Commercial reasons: The U.S. industry will have to bear the incremental costs of maintaining a payments system that does not integrate seamlessly with an emerging global standard.
  • Competitive reasons: Many countries are experiencing such benefits of the ISO standard as increased efficiencies and rich data content, but U.S. corporations and financial institutions will fall farther behind.
  • Policy reasons: The U.S. market will become increasingly idiosyncratic, with more payment transactions conducted in currencies other than the U.S. dollar.

Recommendations from the KPMG study include initiating adoption of the ISO 20022 standard in this country first for cross-border activity, starting with wires, and then ACH. The U.S. industry should then reassess domestic implementation.

Because communication is keenly important to overcoming the lack of knowledge of ISO 20022 in the U.S. market, the stakeholder group is currently focusing on educating affected groups about the key observations and findings of the KPMG study.

No particular timetable or course of action has been determined for U.S. adoption, which makes it the ideal time for industry input. What's your institution's perspective on the adoption of the ISO 20022 standard in the U.S. market?

Photo of Deborah ShawBy Deborah Shaw, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

October 27, 2014 in financial services, payments, regulations | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c01b8d0855662970c

Listed below are links to blogs that reference ISO 20022 in the United States: What, When, Why, and How?:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

October 06, 2014

Starting Off on the Right Note with Mobile Enrollment

In Rogers and Hammerstein’s Sound of Music, the classic song “Do-Re-Mi” begins “Let's start at the very beginning / A very good place to start...” Such a suggestion is essential in ensuring that the person enrolling in a payments system is, in fact, who he or she claims to be. The USA Patriot Act requires financial institutions (FIs) to develop a formal customer identification program that validates the customer when the account is opened. This program must specify the documentation that is used for authentication.

However, once the account is open, FIs have greater latitude in their procedures for identifying customers when the FIs handle account access requests, such as when a customer requests a change of address or enrolls in a third-party program that uses a card that the FI has issued to the customer. At that stage, it’s up to an FI’s own risk-management policies as to what documentation to require.

This situation can be risky. For example, let’s look at what happens when a customer wants to add a payment card to a mobile wallet that a third party operates. When the customer adds the card—enrolls with the third party—how can the FI that issued the card know that not only the payment card being added but also the mobile phone itself belongs to the right individual? How can the issuer efficiently and effectively ensure that the payment card information being loaded on a phone hasn’t been stolen? Adding any sort of verification process increases the friction of the experience and can result in the legitimate user abandoning the process.

Most mobile wallet operators use several techniques to validate that both the mobile phone with the wallet and the payment card belong to the rightful customer. (These operators send a request to the issuing FI as part of their enrollment process.) Some FIs require the operator to have customers submit their payment card information along with their cards’ security code and additional data, such as the last four digits of the social security number. Others may require just the payment card number, expiration date, and card security code, although such a minimal requirement offers little protection against a stolen card being added to a criminal’s phone. Still others require the customer to submit a photo of the payment card taken with their phone to verify possession of the card. If the issuer can obtain some of the phone’s device information, it can increase the level of confidence that the authorized cardholder is using their phone.

Regardless of what process is used, having strong identification controls during the initial enrollment step is essential to a sound risk management program.

Photo of Douglas A. King

By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

October 6, 2014 in authentication, financial services, mobile banking, mobile payments, payments systems | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c01b8d078369c970c

Listed below are links to blogs that reference Starting Off on the Right Note with Mobile Enrollment:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

March 24, 2014

The Fraudsters Are Omni-Channel--and Omnipresent

"Omni-channel banking" is an in-vogue term for what bankers have known for quite some time: customers can access multiple channels to conduct their banking, have a preference for one over the others, and that preference to a large degree reflects their ages. Despite their primary preference, these consumers are likely to use multiple delivery channels, and when they do, they want a seamless experience when moving from one to another. The banking industry has struggled to successfully implement such an experience. Achieving this seamlessness is difficult because the industry has historically had a vertical organizational structure, in which each distribution channel has its own strategic plan and sometimes even an independent technology, which leads to differences among the channels. For example, if a customer were to check his or her account balance from an ATM or automated call center, the balance can be different from the balance they would get from a teller inside a branch.

Unfortunately, criminals have also adopted omni-channel usage, and at an even faster pace—they are not concerned with having a transparent or seamless experience. In fact, they seem to be more successful when there are disparate systems because that makes the detection of fraudulent activity more difficult. For example, we have seen criminal attacks move from in-branch armed robberies to ATM cash-out cyberheists. Why risk a physical confrontation and mandatory jail sentence when you can work anonymously and actually get a greater haul? We are also aware of cross-channel fraud activity within the electronic channels. In one case, e-mail phishing attacks led to a customer unwittingly disclosing online banking credentials (user ID and password) and then fraudulent payments or wires being initiated through the online channel. In a recent post, we talked about how criminals often target call centers. They use social engineering techniques to gain sufficient account information to fraudulently access accounts through a variety of channels.

A lesson from these incidents is that financial institutions must take a holistic view of fraudulent activity and not just a channel-specific view. For major losses, they have to perform forensics to determine the channel where the fraudulent effort began not just the channel where the actual fraudulent transaction occurred. Only after such investigative work can the financial institution identify the weak points in its system and processes and take the necessary steps to fortify them to provide a higher level of protection against future attacks.

Photo of David LottBy David Lott, a retail payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

March 24, 2014 in banks and banking, crime, cybercrime, financial services | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c01a5118d52d4970c

Listed below are links to blogs that reference The Fraudsters Are Omni-Channel--and Omnipresent:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

July 01, 2013

The Cost of "Free"

Many retail-centric banks have found themselves in a fee-revenue dilemma as the impact of regulations regarding overdraft fees and debit card interchange revenue begins to be felt. After decades of providing "free" services to consumers, these banks are under significant customer pressure to continue this practice even as they roll out new products and services. But this pricing model poses financial risk. The operating expenses of the bank are increasing at the same time that the banks are receiving minimal—if any—incremental revenue.

I recently participated in a conference that had a session comprised of a panel of four MBA students. The goal of the session was for the audience of bankers to better understand the driving forces for financial service decisions by the Gen Y, or millennial, customer. (I wrote a bit about this panel in a previous post.) One eye-opening statement universally shared by the panel was the expectation that mobile banking and mobile banking services be provided free of charge. When asked for a justification, they believe that by using the mobile channel they "saved" the bank money over writing a check or going into a branch office. When further questioned as to how the bank was going to pay for the development and operating expenses of such new products and services, their response was essentially that they believe the bank earns sufficient revenue from its lending operations, including credit cards and installment and mortgage loans. I am sure that many other consumer segment groups have this attitude as well.

After Regulation II capped debit card interchange fees for banks with assets exceeding $10 billion, some banks announced they would begin charging a monthly debit card fee. Consumer and media response was so negative that banks withdrew the proposed fee changes. Subsequently, many banks changed their checking account service fee waiver conditions by raising minimum balance requirements, requiring other account relationships (to provide additional revenue support), or eliminating some previously bundled services. The Bankrate 2012 Checking Survey found that only 39 percent of banks were offering free checking without a minimum balance requirement or maintenance fee. This percentage is down from 45 percent in 2011 and 76 percent in 2009. Credit unions have not followed suit—the number of them offering free checking is holding fairly steady at around 72 percent.

Is there anything banks can do to shift consumers' expectations and ease some of the financial risk associated with controlling operating expense levels? We would like to hear from you.

Photo of David LottBy David Lott, a retail payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

July 1, 2013 in financial services, mobile banking, regulations | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c0192abd00149970d

Listed below are links to blogs that reference The Cost of "Free":

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

November 21, 2011

Remote deposit capture: If you expand it, will fraud come?

It has been nearly two years since Portals and Rails focused on remote deposit capture (RDC). In just this short period, the RDC market has grown significantly and changed rapidly. This growth and change has led to approximately 13 percent of checks being deposited as images at the bank of first deposit, according to the 2010 Federal Reserve Payments Study. In addition, financial institutions and banks, which initially offered RDC capabilities primarily to their commercial customers, are now broadening these services to include their retail customers. Even the hardware used for RDC is evolving from desktop scanners to mobile phones. Despite this growth and evolution, RDC fraud has been minimal, much as my colleague, Cindy Merritt, discussed in an April 2009 post.

According to a new Celent report, the commercial RDC market is nearing maturity, with an estimated 75 percent of U.S. banks and 50 percent of U.S. financial institutions offering at least one RDC service. Given this mature commercial market, any future growth of RDC services should be expected via retail consumers. This growth will come from the adoption of retail RDC services by banks and financial institutions as well as the expansion of the service into new payment products—most notably, prepaid cards. As RDC usage expands to more retail consumers and additional payment products, we have to wonder if fraud associated with it will rise or continue to be held under control.

Lowest Client Growth Rate in Six Years

Current risk assessment
According to the 2011 Payments Fraud and Control Survey from the Association of Financial Professionals, only 1 percent of surveyed organizations responded that someone had used their electronic check conversion service to commit fraud. This figure is unchanged from the 2009 survey.

A similar assessment of RDC fraud recently emerged from the Financial Crimes Enforcement Network (FinCEN). FinCEN analysts identified 1,017 Suspicious Activity Report (SAR) filings related to RDC that banks and credit unions filed between January 1, 2005, and July 31, 2011. More than half of these reports were filed after the start of 2010. These 1,017 RDC-related SARs account for only about 0.1 percent of all bank-filed, check-fraud-related SARs. FinCEN found no real differences between the RDC channel and more traditional check depositing channels when it came to fraud schemes (for example, check kiting and counterfeit or altered checks).

Annual RDC SAR Filings

Will the low level of fraud be sustainable as the service grows?
To date, banks and other financial institutions have successfully managed risks for commercial RDC services. Whether by restricting the use of the service to only its most vetted commercial clients or limiting the value of allowable remote deposits, banks have implemented risk controls to effectively minimize their risk and fraud exposure associated with RDC.

Banks and financial institutions are now beginning to cast the RDC net into their retail channels. Ally Bank offers its retail customers RDC through the traditional scanner and computer model, while USAA, J.P. Morgan Chase, PNC Bank, and U.S. Bank all now offer mobile RDC for retail consumers. Bank of America is targeting a second-quarter 2012 launch for its retail mobile RDC service. With banks and financial institutions expanding this service to a retail customer base that often undergoes less stringent due diligence than do their commercial customers, is the potential for fraud increasing?

The general-purpose reloadable (GPR) prepaid card market offers a significant growth opportunity for mobile RDC. With this service, GPR prepaid cardholders—many of whom are unbanked—would be able to load funds directly onto their prepaid cards without having to walk into a store, in the same way the service now allows banking customers to deposit checks into their direct deposit accounts.

According to a recent paybefore.com article, several third-party service providers have the risk-management software to enable mobile RDC for the prepaid industry. Interestingly, these third-party software providers will accept the risk of the mobile RDC transactions, taking the responsibility from the prepaid program manager or issuer. However, the inherent dearth of information about GRP prepaid users compared to retail and, especially, commercial banking customers makes RDC services more vulnerable to fraud with this group. In fact, prepaid card users may be unbanked because they have a poor, or no, credit history or they lack appropriate identification and credentials to open a banking account.

By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

November 21, 2011 in banks and banking, financial services, mobile banking | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c015437308f63970c

Listed below are links to blogs that reference Remote deposit capture: If you expand it, will fraud come?:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

October 11, 2011

High-impact events in a warming world: Business continuity planning for retail payments

Which will be the first to reopen after a major disaster: your financial institution or the local Waffle House? In some cases, you may be able to order your hash browns smothered, covered, peppered, and chunked before electricity is restored to your usual ATM. The breakfast chain invested heavily in crisis management planning following Hurricane Katrina, and today is recognized as one of the most responsive American companies to disasters. Whether the move was more about building goodwill and trust among customers or about profitability, the underlying operational risk management principles Waffle House employed apply equally to financial institutions and third-party payment processors.

Appropriate operational risk management for any organization includes business continuity planning for even unlikely disasters. In fact, this year's extreme weather highlights the need to prepare for even low-probability but high-impact events. In February, unprecedented snowfall blanketed Chicago. Record numbers of tornadoes ravaged the Southeast this April. Floodwaters swelled the Mississippi River to a new high in May. Just last month, historic flooding menaced the Northeast. Such disastrous weather leads not only to evacuations, grounded flights, and missed school days, but also could affect the ability of banks to maintain retail payment systems. Tellers may not be able to make it into branches to accept deposits and process withdrawals. Flooding can damage ATMs and the cash and checks they contain. Tornadoes may wreck back office processing centers or knock out the electricity and network connectivity critical for clearing and settling transactions on time.

Evidence indicates that global warming is causing an increase in extreme weather. Apart from being frightening, greater volatility in the weather requires a different approach to business continuity risk assessments. And this instability makes it difficult or impossible to determine the actual likelihood of a disruption. As part of a lessons-learned debriefing from Hurricane Katrina, the Federal Financial Institutions Examination Council emphasized that preparing for just this kind of disaster is critical. The agency's advice is to focus on potential outcome, not probability, in assessing business continuity plans:

The impact rather than the source of the threat should guide the development of disaster recovery and business continuity plans.... However, every threat that could pose a high adverse impact generally warrants further consideration regardless of its probability of occurrence.

The Bank for International Settlements has recognized the importance of business continuity planning for the financial services industry, so in 2006, it came out with seven high-level principles that can serve to direct financial institution and payment processor risk management efforts. These principles underline the importance of explicitly considering and preparing for major disruptions and acknowledge that such disruptions are occurring with increasing frequency. They also advise clear and regular communication with affected parties internal and external to the affected business, and note that ultimate responsibility for operational risk rests with senior management and the board of directors of the organization. Once implemented, plans should also be periodically tested and refined as necessary.

In a world that isn't always predictable, strong business continuity plans hinge on making sure businesses are ready for the unexpected. The mission-critical nature of retail payments should challenge financial institutions to be at least as prepared as the local diner.

By Jennifer C. Windh, a payments risk analyst in the Retail Payments Risk Forum at the Atlanta Fed

October 11, 2011 in banks and banking, financial services, payments systems, risk management | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c014e8c2dacc2970d

Listed below are links to blogs that reference High-impact events in a warming world: Business continuity planning for retail payments:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

January 03, 2011

Demand deposit accounts: Balancing convenience and risk

Today's demand deposit accounts (DDA) have multiple access points–online, mobile, and ATM–affording consumers a great deal of convenience. At the same time, though, they provide that many more ways for criminals to carry out fraud schemes, as hacking tools (PIN phishing and skimming) become more sophisticated and fraudsters more bold with their attempts to fleece DDAs. According to a white paper by Fiserv, banks are becoming increasingly concerned about DDA fraud. The paper mentions a survey by McKinsey & Co., which revealed that an estimated $5 billion to $7 billion in annual losses can be attributed to DDA fraud, a figure expected to grow at a annual rate of 7 percent.

DDA fraud can take many forms. When it occurs with debit cards, a fraudster can steal or skim the physical card, or use a phishing scheme to steal a PIN, then use that information to deplete the account. When fraud occurs with checks, a perpetrator can empty the DDA by forging check endorsements or drawer signatures, counterfeiting or altering checks, or carrying out check kiting schemes. According to the Fiserv paper, there is also cross-channel fraud, which occurs with accounts that have more than one access point. This type of DDA fraud is increasing most likely because of the introduction of new channels like mobile and account-to-account transfers.

Declining check use but rising check fraud
Interestingly, even as check use declines, losses from check fraud and attempts at such fraud rise. The decline in check usage was recently captured by the Federal Reserve's 2010 Payments Study, which showed that "in 2009 more than 75 percent of all U.S. noncash payments were made electronically, a 9.3 percent annual increase since the Federal Reserve’s last study in 2007."

Open loop cards growing faster than closed loop
Enlarge Enlarge


According to a recent speech by an official from the Financial Crimes Enforcement Network (FinCEN), reports of scams involving checks increased 19 percent in the first six months of 2009, and 27 percent of all Suspicious Activity Reports (SAR) filed in 2009 were for fraud-related activities. Check fraud was one of only two categories—the other was money laundering—that had an increase in SARs between 1996 and 2009.

Another study that touched on the prevalence of check fraud is the 2009 Deposit Account Fraud Survey Report of the American Bankers Association, which estimated that check-related losses amounted to $1.024 billion in 2008, up from $969 million in 2006. Of the banks surveyed, 80 percent indicated that they had reported check fraud losses in 2008, the same percentage as in 2006.

Rising debit card use, rising fraud
Debit card fraud is usually carried out through point-of-sale signature, PIN, and ATM transactions. As debit card usage escalates, so does debit card fraud.

According to the Fed's 2010 Payments Study, debit card usage exceeds all other forms of noncash payments. In fact, the annual use of debit cards increased by over 12.8 billion payments, the largest increase by any payment type during the survey period, reaching 37.9 billion payments in 2009.


Open loop cards growing faster than closed loop
Enlarge Enlarge


According to the ABA survey, commercial losses from debit card fraud reached an estimated $788 million in 2008. Approximately 92 percent of survey participants reported experiencing debit card fraud, not surprising given the prevalence of debit cards.

Addressing DDA fraud
With consumers more and more often using debit cards and other noncash payments at the point of sale, and with the continued growth of more sophisticated hacking schemes, early detection and mitigation are more critical than ever to resolving payments fraud. The management of DDA fraud risk will have to change in response to the creation of new access points to demand deposit accounts.

Notwithstanding the technological advances in software that help financial institutions prevent and detect DDA fraud, the self-vigilance of consumers can add significant value. As we move further away from paper-form and more towards all-electronic-forms of payments, ultimately, detecting and deterring demand deposit account fraud will continue to be a combined effort between the consumer and its financial institution.

Photo of Ana Cavazos-WrightBy Ana Cavazos-Wright, senior payments risk analyst in the Retail Payments Risk Forum at the Atlanta Fed

January 3, 2011 in financial services, fraud, risk management | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c0147e123a0e6970b

Listed below are links to blogs that reference Demand deposit accounts: Balancing convenience and risk:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

November 22, 2010

The continuing challenge of workplace fraud in financial services

Is it true that most economic crimes are committed by insiders? Yes, according to a worldwide study on workplace fraud that the Association of Certified Fraud Examiners' (ACFE) conducted. ACFE's study found that organizations lose an estimated 5 percent of annual revenues, or $2.9 trillion globally, to insider fraud. (A down economy probably sees even higher losses.) Banking and financial services are the industries that most commonly feel the impact of workplace fraud (see the table).

Industry of Victim Organizations by Frequency
Enlarge Enlarge


The study also said that the median loss caused by workplace fraud was $160,000, and nearly one-quarter of the frauds involved losses of at least $1 million (see the chart). Typically, the frauds lasted a median of 18 months before being detected.

Distribution of Dollar Loss
Enlarge Enlarge


Theft of electronic data and information increases
A separate report looking at international fraud trends found that companies are experiencing an increase in theft of information and electronic data compared with the physical theft of assets. The report noted that the financial services sector had the highest level of information and electronic data theft. The biggest problem for financial services was information theft (42 percent), followed by internal financial fraud (31 percent) and regulatory breaches (25 percent). According to the report, in the last twelve months, businesses lost almost $1.7 million per billion dollars in sales worldwide, compared with $1.4 million per billion dollars.

Common elements in workplace fraud: The fraud triangle
There are many reasons an employee might commit fraud. Experts regularly cite financial pressures as the primary motivation for committing workplace fraud. According to the ACFE study, employees who live beyond their financial means accounted for 43 percent of the workplace-fraud cases; employees with other money difficulties accounted for 36 percent.

Opportunity or ability to commit a fraud can also motivate someone to commit workplace fraud. It is also the area that an employer can best control through dual and internal controls.

Rationalization is another motivating factor, perhaps the most difficult one to pin down since it may not manifest itself outwardly. Rationalization is how a dishonest employee might justify his or her fraudulent actions. For example, the thief may take money with the intent initially to repay it, or may feel deserving of the stolen funds because he or she feels unappreciated or undervalued at work.

Having any or all three of these elements present (financial pressures, opportunity, and rationalization) creates what is known as the fraud triangle. Although the presence of any of these factors can increases the risk of workplace fraud, gaining a better understanding of how each one presents itself in the workplace can help deter fraud. Strengthening detection in any organization may entail going beyond applying sophisticated anti-fraud software and establishing a work culture that educates staff as another resource for detecting possible fraudulent activity. Staff can play a vital role in combating workplace fraud when provided an anonymous reporting channel and education on procedures and expectations for communicating known concerns or potential wrongdoing.

Combating workplace fraud
While we cannot eliminate workplace fraud entirely, awareness of known "red flags" may help identify workplace fraud in development or before material losses from the fraud are experienced. An effective system of internal checks and balances generally reduces an organization’s exposure to workplace fraud.

Weaknesses in internal controls may provide insiders' opportunities to access data that they can then use to perpetrate financial fraud. As workplace fraud becomes increasingly sophisticated, the exposure of financial services to workplace fraud will continue to be an ongoing challenge. However, having a better understanding of the common elements of workplace fraud may help prevent, detect, and deter it from occurring.

By Ana Cavazos-Wright, senior payments risk analyst in the Retail Payments Risk Forum at the Atlanta Fed

November 22, 2010 in financial services, fraud, workplace fraud | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c0134896f7b4b970c

Listed below are links to blogs that reference The continuing challenge of workplace fraud in financial services:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

October 04, 2010

Has existing regulation of money services businesses kept pace with their enhanced financial services options?

Most businesses that meet the definition of money services business (MSB) offer financial services such as wire transfers, currency exchange, check cashing, traveler's checks, money orders, or stored-value cards. In the past, MSBs mostly served consumers without an established banking relationship—that is, the unbanked. Today, consumers with established banking relationships may also use these services on occasion because the MSBs sometimes offer cheaper services, such as wire transfers, than banks do.

Well-established MSBs such as Western Union and MoneyGram have provided the traditional services—wire transfers, currency exchange, check cashing, and so on—for years. Over the past few years, MSBs have rapidly grown and expanded their financial services offerings with options such as Internet-directed services for person-to-person (P2P) and person-to-business (P2B) payments, stored-value products, and, most recently, mobile money transfer service, which permits users to send funds cross-border and domestically using their mobile phone.

But are these expanded financial services within the coverage of the existing regulatory framework for MSBs? Are there new money laundering risks with the introduction of new financial services options not previously anticipated by the existing regulatory framework?

Conforming MSB regulation to mirror MSBs enhanced services
Although states have regulated check cashers and money transmitters for years, regulation of these nonbank financial institutions has not been uniform. The Uniform Money Services Act (UMSA) was adopted in an effort to provide a framework to deal with money laundering issues unique to nondepository providers of financial services. UMSA applies to businesses that provide money services and requires that MSBs be licensed, maintain extensive records of their transactions, and submit to audits. Although some MSBs may only offer one or more of the services listed above, all MSBs are subject to the provisions of UMSA because of the interrelated group of services they offer and because they are not regulated in the same manner as depositary institutions.

UMSA expanded existing MSB regulatory coverage to include what was considered at the time a new type of payment service: Internet-based service. It was believed that this new type of financial service posed the same concerns as did traditional financial services, such as wire transfers and check cashing, for example.

A patchwork of regulation
MSB compliance is a complex patchwork of regulations that involve federal restrictions on money laundering as well as state consumer protection mandates. MSBs are required to follow Bank Secrecy Act/Anti-money Laundering (BSA/AML) regulations that require them to file "Currency Transaction Reports," implement AML programs, and file "Suspicious Activity Reports." The Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) has delegated authority to the IRS to examine MSBs for compliance with BSA requirements. State agencies may evaluate MSBs for compliance with BSA, though they may not directly enforce the BSA. Generally, State agencies are charged with enforcing their own MSB state statutes and regulations, which sometimes may impose requirements that overlap with the BSA.

Navigating through MSB regulations
In 2009, FinCEN conducted outreach meetings with some of the largest MSBs in an effort to better understand how MSBs navigate through these numerous regulations. The meetings resulted in the production of a report that stated that as MSBs navigate through these regulations, they place significant emphasis on agent oversight and compliance, value their reputation and consumer trust as the core objective of their business models, and feel that being in compliance with BSA regulations is consistent with their business model. The results of this report do not certify that the participating MSBs were in compliance with MSB regulations.

In the last year, legislation was proposed that would centralize MSB anti-money laundering compliance with the Treasury and authorize that office to recognize a self-regulatory organization similar to the private nonprofit Financial Industry Regulatory Authority (FINRA) that regulates broker dealers. The goal of the bill is to bring about uniform registration and supervision of MSBs without preempting state laws.

MSBs play a vital role in domestic and foreign economies, particularly by providing the needed financial services that facilitate the transmission of money to foreign countries. Establishing uniform legislation may strengthen the continued work of combating money laundering and help prevent the use of MSBs as channels for money laundering or other illicit activities.

By Ana Cavazos-Wright, senior payments risk analyst in the Retail Payments Risk Forum at the Atlanta Fed

October 4, 2010 in financial services, mobile money transfer, money laundering, money services business (MSB) | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c0133f4d6bce0970b

Listed below are links to blogs that reference Has existing regulation of money services businesses kept pace with their enhanced financial services options?:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

February 23, 2009

Why should I work with you?

At some level, we're all selling something, even if it's just ourselves. Everyone has a reputation and a résumé to build. Information is power. We all have bosses to please, goals to meet. So when and how do these stars align such that we can work together?

Payments is a network industry with chicken-and-egg problems. It requires someone to step forward, perhaps to risk losses, in order to build networks of users and providers that enable a payments network to operate. Think of a simplistic credit card network—users need to know that merchants will accept it, banks need to know that they can make money to provide the lending that backs it, and merchants need to know that they'll be compensated with business in order to justify the costs.

The same dynamics apply to those who are minding the store when it comes to addressing risk and fraud in payments networks. Who's willing to step out (at some risk) to take on the tough challenge of pulling the variety of industry, regulatory, law enforcement, merchant, and consumer interests together? Where's the money to be made? Where's the competitive advantage?

In the best sense, law enforcement is imbued with an altruistic drive to do good by catching the bad guys, and bank supervision is all about ensuring a safe and sound banking system.

In the best sense, payment services providers seek to provide a safe and efficient environment for the exchange of value. But will any service provider risk exposure to reputational and other risks just because it's good for the payment system?

Payments is also an industry that offers opportunities to leverage positive "network effects"—the more users of a payment mechanism make it more valuable for all as it becomes more ubiquitous, commonly understood, and efficient. The same network dynamics should apply to those who are minding the store when it comes to retail payment systems risks.

All these interests and perspectives can align if we are realistic in our approach to interest alignment and continue to collectively look for opportunities of mutual benefit.

Where do you see alignment and opportunity?

By Clifford S. Stanford, assistant vice president and director of the Retail Payments Risk Forum at the Atlanta Fed

February 23, 2009 in bank supervision, banks and banking, financial services, risk | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c01116892aeba970c

Listed below are links to blogs that reference Why should I work with you?:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in