RDC Risk Management and Compliance: Expert Update & Case Study

Transcription

1 RDC Risk Management and Compliance: Expert Update & Case Study David Rathke, Senior Vice President, Frost Bank Steve Vaglio Senior Vice President, EastPay Ed McLaughlin, RemoteDepositCapture.com September 27, 2012

2 Agenda Views from an auditor Views from a banker FINCEN and SAR Reporting Discussion Additional Takeaways Copyright 2012, RemoteDepositCapture.com 2

3 About Frost Headquartered in San Antonio branches Only in major metropolitan areas of Texas About $20 billion in assets Focused on Small and Middle Market Business customers A + Rating by Standard & Poor s Industry-leading 21 Greenwich awards for Greenwich Excellence Awards in Small Business Banking 10 Greenwich Excellence Awards in Middle Market First bank to publicly decline TARP Money 2011 was the most profitable year in the 140 history of the bank Copyright 2012, RemoteDepositCapture.com 3

4 About EastPay Is a Regional Payments Association member of NACHA Provides over 800 financial institutions and businesses with payments education ACH compliance audits and risk assessments RDC risk reviews; payments strategy services And numerous other risk management services. The developers of the ground-breaking ProceduresNow! Experts on the ACH operating rules Copyright 2012, RemoteDepositCapture.com 4

5 Views from an Auditor Vendor/Outsourcer does not do everything Customer selection and risk factors Business Consumer Mobile Procedures and Monitoring Training Train customers on key elements of the deposit agreement What are the most common things I see on first time audits and gaps Copyright 2012, RemoteDepositCapture.com 5

6 Views from an Auditor Common issues observed in RDC Audits: 1) Some FIs thought since RDC was outsourced, there was no need for an RDC Review/Audit 2) RDC Policy one paragraph is usually not enough! a) Customer selection Does the RDC Policy address the FI s criteria for desired RDC Users? Business Consumer Mobile Channel b) RDC is it part of BSA/AML Risk Assessment? 3) RDC Providers - platforms selected 4 or more years ago are under review for possible replacement Copyright 2012, RemoteDepositCapture.com 6

7 Views from an Auditor Common issues observed in RDC Audits: 4) RDC Agreements How these are crafted should align with the customer segments the FI supports (Business or Consumer) 5) User Training - Train customers on key elements of the RDC agreement (who reads agreements?) 6) Security (FFIEC Guidance on Authentication) YIKES!!! 7) Deposit Limits a) Are limits part of a credit process or a benchmark for monitoring? b) Calculations for setting limits c) How do you monitor limits front-end or back-end? Copyright 2012, RemoteDepositCapture.com 7

8 Views from an Auditor Common issues observed in RDC Audits: 8. Monitoring & Reporting a) Monitor user activity is it daily, weekly, and/or monthly? b) How are duplicate items handled on the System? Do you allow over-ride capabilities. c) Do you track returns? What do you do with them? d) Reporting? What data and frequency? e) Does FI create/review trend reports? 9. Annual Reviews Customer(Business/Consumer) & Vendor a) What gets reviewed (credit rating and/or deposit limits)? b) Verify compliance with key requirements, (Business vs. Consumer) c) SSAE-16 (Statement on Standards Attestation Engagement Copyright 2012, RemoteDepositCapture.com 8 effectively replaces SAS 70) from Vendor

9 Views from a Banker Customer Eligibility Retail and Small Market Account Status Tenure at the bank Established funnel account Number of Charge backs NSF/OD occurrences Credit score (Frost doesn t use) Customer Eligibility Commercial customers Know Your Customer and Due Diligence from Treasury Sales group and Relationship manager Copyright 2012, RemoteDepositCapture.com 9

10 Risk Mitigation Views from a Banker Daily deposit limits Review eligibility monthly Review and update deposit limits monthly Ability to terminate RDC immediately Item review thresholds Copyright 2012, RemoteDepositCapture.com 10

11 Views from a Banker Audit Preparation Created a detailed user guide accessible thru the RDC site All new RDC customers must go thru a training session Annual site visit for all high risk customers All RDC customers asked to complete a self assessment Presentation to senior management and Board of Directors Copyright 2012, RemoteDepositCapture.com 11

12 SAR Reporting Activity with RDC FinCen SAR Activity Review Trends Tips and Issues (Issue #20) reported RDC SAR filings represented.1% of all bank SAR Filings during the reporting period The most common identifiable source being Money Service Brokers and Correspondents Will this see an increase as more and more banks recognize the requirements for filing with RDC? No real differences in the various fraud and money laundering schemes perpetrated through the RDC check deposit channel when compared with check deposits completed through more traditional means * * FinCEN (Financial Crimes Enforcement Network) SAR Activity Review Trends, Tips and Issues (Issue #20) Copyright 2012, RemoteDepositCapture.com 12

13 Major Challenges for FI s More potential for fraud as user adoption of RDC expands Demands for new fraud prevention tools being driven primarily by auditors and compliance requirements Risk/fraud in payments cannot be avoided, only mitigated RDC fraud risk must be monitored holistically, including information about the entire account relationship and transactions across delivery channels: Cross channel Risk a data and application integration challenge Copyright 2012, RemoteDepositCapture.com 13

14 About The Presenters David Rathke Frost Bank Steve Vaglio EastPay Copyright 2012, RemoteDepositCapture.com 14