Electronic Banking Remote Deposit Capture Third Party Payment Processors Automated Monitoring Systems Staffing & Resources

Transcription

1

2 Electronic Banking Remote Deposit Capture Third Party Payment Processors Automated Monitoring Systems Staffing & Resources

3 Examples of electronic banking systems: Automated teller machine transactions Online account opening Internet banking transactions Telephone banking Transactions that can be initiated online, without face-to-face contact, should be recognized as potentially higher risk. Adequate policies, procedures, and processes should be in place.

4 Accounts that are opened without face-toface contact may be a higher risk for the following reasons: More difficult to verify the customer s identity Customer may be outside market area or country Customer may perceive the transactions as less transparent Transactions are instantaneous May be used by a front company or unknown third party.

5 How to mitigate the risk? Adequate policies, procedures, and processes Establish BSA/AML monitoring, identification, and reporting of unusual and suspicious activities through e-banking systems Should have effective and reliable methods to verify a customer s identity if they are engaged in transactional internet banking Establish other controls, such as establishing dollar limits on transactions.

6 Use of RDC may elevate money laundering, fraud, and information security risks. The risk of fraudulent, sequentially numbered, or physically altered documents is elevated significantly Controlling or knowing location of RDC equipment can be difficult Inadequate controls could result in data or submission issues Original items are not forwarded and could result in recordkeeping or data safety issues.

7 How to mitigate the risk? Adequate policies procedures and processes Perform risk assessment Conduct appropriate CDD and EDD Establish risk based criteria to select customers for RDC use. If using a service provider, follow established vendor management procedures Establish customer transactional profile

8 How to mitigate the risk (cont.)? Establish transaction limits Perform site visits Develop well constructed contracts Elevating monitoring or review when significant changes occur in type of volume of transactions Make sure the RDC customers are properly trained Make sure automated monitoring systems capture RDC transactions

9 Risk Factors: These entities generally are not subject to BSA/AML regulatory requirements. The customer is processing transactions in its bank account on behalf of others. Bank may not be able to identify and understand the nature and source of these transactions. The third-party payment processor may have subservicing arrangements with other partners. May be processing payments for higher risk merchants or businesses.

10 How to mitigate the risk? Have adequate policies, procedures, and processes Perform adequate CDD and EDD Reviewing the processor s customer/merchant due diligence practices Review their BSA program Understand the processor s customer base Perform site-visits Have strong contracts in place that designate responsibilities and require audits

11 Customization Ensure software meets the organization s needs Adjusting rules and alerts to ensure proper BSA risk mitigation You cannot just turn it on. Integration Automated System Manual System Hybrid

12 Validation If BSA software is considered a model by organization then must be independently validated Training A common mistake made is not ensuring all levels of staff are properly trained on use of software Adequate independent audits Scope of review Are auditors qualified to review not only BSA but the software being used to monitor it

13 Has your staffing kept pace with growth and use of technology? Red Flags: Large number of alerts not worked Significant growth and no change in staff Significant change in risk profile and no change in staff

14