FFIEC REMOTE DEPOSIT GUIDANCE Presented by: PAUL A. CARRUBBA Adams and Reese LLP Phone: (601) 292-0788 E-Mail: paul.carrubba@arlaw.com
Paul Carrubba 2 Paul is a partner in the law firm of Adams and Reese LLP. His primary focus is on Banking Law and legal issues dealing with payments system laws and regulations and bank operations issues. He has over 43 years of experience in the banking industry as a Bank Operations Manager, a consultant, an author, and an attorney. Mr. Carrubba is the author of five books including: Revised UCC Article 3 and 4, A Banker s Guide to Checks and Principles of Banking. He is the co-author, with Dan Fisher, of both Remote Deposit Capture Practical Considerations and most recently, Risk Management Series Remote Deposit Capture. Adams and Reese LLP, 2015, All Rights Reserved
Presentation Content 3 THIS PRESENTATION IS DESIGNED TO PROVIDE ACCURATE AND AUTHORITATIVE INFORMATION REGARDING ITS SUBJECT MATTER. IT IS PRESENTED WITH THE UNDERSTANDING THAT THE PRESENTER IS NOT RENDERING LEGAL, ACCOUNTING, OR OTHER PROFESSIONAL SERVICES. IF LEGAL ADVICE OR OTHER EXPERT ASSISTANCE IS REQUIRED, THE SERVICES OF A COMPETENT PROFESSIONAL PERSON SHOULD BE SOUGHT. Adams and Reese LLP, 2015, All Rights Reserved
FRAUD ISSUES Deposit Image and Original Duplicate Images Duplicate files Alterations Counterfeit Checks Check Kiting Retention of Paper ID Theft Forged Endorsements Employee Fraud Adams and Reese LLP, 2015, 4 All Rights Reserved
FEDERAL FINANCIAL INSTITUTIONS EXAMINATION COUNCIL (FFIEC) RISK MANAGEMENT OF REMOTE DEPOSIT CAPTURE ISSUED JANUARY 14, 2009 DEPOSIT TRANSACTION DELIVERY SYSTEM Adams and Reese LLP, 2015, 5 All Rights Reserved
APPLICATION OF GUIDANCE SOURCE OF DEPOSIT Branches ATMs Domestic and Foreign Correspondents Commercial and Retail Customers PRINCIPLES APPLICABLE TO: RDC Mobile Banking ACH Check Conversion Adams and Reese LLP, 2015, 6 All Rights Reserved
RISK MANAGEMENT- ASSESSMENT RISKS Legal Compliance Reputational Operations MANAGEMENT SHOULD ENSURE Compatible with Strategies Return on Investment Ability to Manage Risk Adams and Reese LLP, 2015, 7 All Rights Reserved
RISK MANAGEMENT- ASSESSMENT BOARD OR MANAGEMENT Approve Plans Approve Policies Approve Significant Expenditures Review Periodic Performance Review Risk Management Reports INFORMATION SECURITY Bank s Systems Customer s Systems STAFF Information Technology Deposit Operations and Cash Management Legal, Audit, and Compliance Management and Accounting Adams and Reese LLP, 2015, 8 All Rights Reserved
RISK MANAGEMENT- ASSESSMENT LEGAL AND COMPLIANCE Controls Over the Process Check 21 Regulation CC Regulation J State Law Agreements and Clearinghouse Rules Adams and Reese LLP, 2015, 9 All Rights Reserved
RISK MANAGEMENT- ASSESSMENT LEGAL AND COMPLIANCE (Continued) Guidelines Establishing Information Security Outsourcing Technology Services Booklet Multifactor Authentication Least Cost Routing Contract Term Authorization Applicable Law Paper Check Law NACHA Rules Regulation E Bank Secrecy Act/USA PATRIOT Act/OFAC Adams and Reese LLP, 10 2015, All Rights Reserved
RISK MANAGEMENT- ASSESSMENT OPERATIONAL RISKS Physical and Logical Access Controls Customer Controls Multifactor Authentication Increased Fraud Risk Adams and Reese LLP, 11 2015, All Rights Reserved
RISK MANAGEMENT- MITIGATION &CONTROLS ESTABLISH RISK MANAGEMENT POLICIES CUSTOMER DUE DILIGENCE AND SUITABILITY Exclusions Customer Selection Criteria Customer Location Visits Customer Self-Assessments VENDOR DUE DILIGENCE AND SUITABILITY RDC TRAINING FOR CUSTOMERS Training Documentation Adams and Reese LLP, 12 2015, All Rights Reserved
RISK MANAGEMENT- MITIGATION & CONTROLS CONTRACTS AND AGREEMENTS Roles and Responsibilities Item Retention and Destruction Acceptable Items Procedures Image Quality Customer Obligation to Produce Original or Image Periodic Audits Performance Standards for Bank and Customer Liability, Warranties, Indemnification, Disputes Adams and Reese LLP, 13 2015, All Rights Reserved
RISK MANAGEMENT- MITIGATION & CONTROLS CONTRACTS AND AGREEMENTS Funds Availability, Collateral, Collected Funds Governing Laws, Regulations, Rules Customer Internal Controls Termination BUSINESS CONTINUITY OTHER MITIGATION AND CONTROLS Adams and Reese LLP, 14 2015, All Rights Reserved
RISK MANAGEMENT- MEASURING AND MONITORING FINANCIAL INSTITUTION MEASURING & MONITORING CUSTOMER MEASURING & MONITORING OPERATIONAL PERFORMANCE METRICS MANAGEMENT REPORTS Duplicate Entries Violation of Deposit Thresholds Velocity Metrics Reject, Corrections, and CAR/LAR Adjustments Point in time an Trends Adams and Reese LLP, 2015, All Rights Reserved
16 ENFORCEMENT ACTIONS Adams and Reese LLP, 2015, All Rights Reserved
Wachovia Bank March 2010 17 FinCEN and OCC assessed $160 Million Penalties and Forfeitures Determination Bank Failed to Implement Adequate BSA/AML Program Bank Failed to Comply with Foreign Correspondent Account Regulation Bank Failed to Conduct Customer Due Diligence Bank Failed to Adequately Staff and Train BSA Staff Bank Failed to Identify Suspicious Activity and File SAR Bank Failed to Manage Risk of Remote Deposit Capture Bank Failed to Identify Compliance and Operational Risk Associated With RDC Bank Failed to Include RDC Checks in AML Monitoring Bank Failed to Monitor RDC Activity to Identify Large Denomination Sequentially Numbered Traveler s Checks Bank Failed to Allocate Adequate Resources to RDC Bank Failed to Monitor Use of RDC by Foreign Correspondence Financial Institutions and MSBs. Adams and Reese LLP, 2015, All Rights Reserved
Wachovia Bank, Cont. 18 Consent Order RDC Implement Policies and Procedure in Compliance with Guidance Implement Policies and Procedures to Identify Unusual Transactions Evaluate Line of Business and Compliance Personnel Evaluate Sufficiency of Resources Policies and Procedures for Filing SARs Adams and Reese LLP, 2015, All Rights Reserved
Zions First National Bank February 2011 19 OCC and FinCEN Assessed $8 Million Penalty Determinations Zions Failed to Implement Effective AML Program Zions Failed to File SAR Zions Failed to Comply with Foreign Correspondence Account Regulations Zions Failed to Monitor and Manage RDC Risk Did Not Have BSA Compliance Personnel for RDC and Failed to Properly Staff Failed to Identify Large Denominated, Sequentially Numbered Instruments Failed to Identify Financial Instruments from US Banks Lacking Ties to International Business Failed to Perform Due Diligence on Foreign Financial Institution Customers Adams and Reese LLP, 2015, All Rights Reserved
Citibank April 2012 20 OCC issued Consent Cease and Desist Order Determination / Findings Bank s BSA / AML Compliance Program was Inadequate Bank Failed to Perform Adequate Due Diligence Bank Failed to Assess and Manage Risk Bank Failed to Monitor RDC and International Cash Letters Bank Failed to File SARs Involving RDC Consent Order Cash Letter Service and RDC Implement Policies and Procedures for RDC Monitor RDC Activity Based on Guidance Establish Controls over RDC Including: Policies and Procedures of RDC Guidance Policies and Procedures to Identify Unusual Transactions Policies and Procedures for Filing SARs Evaluation of Line of Business and Compliance Personnel Evaluation of Sufficiency of Resources Automate Monitoring of RDC Adams and Reese LLP, 2015, All Rights Reserved
Saddle River Valley Bank September 2013 21 OCC Assessed $4.1 Million Penalty Determination Bank Failed to Monitor RDC Activity Bank Failed to Monitor Wire Transfers Bank Failed to Perform Customer Due Diligence Bank Failed to Implement Effective AML Program Bank Lacked a Qualified BSA Officer Adams and Reese LLP, 2015, All Rights Reserved
JPMorgan Chase Bank N.A. January 2014 22 OCC Assessed $350 Million Penalty Determination Bank Has Deficiencies in its BSA/AML Compliance Program Bank Filed to Perform Adequate Customer Due Diligence Bank Failed to Identify Suspicious Activity and File SARs Bank Failed to Implement Adequate BSA/AML Program for RDC and International Cash Letter Adams and Reese LLP, 2015, All Rights Reserved
First Bank of Delaware November 2012 23 FinCEN Assessed $15 Million Penalty Bank did not Conduct Site Visit for RDC as Required by the BSA/AML Policy Adams and Reese LLP, 2015, All Rights Reserved
North Dade Community Development Credit Union November 2014 24 FinCEN Assessed $300,000 Penalty Determination Violation of AML Program Requirements Internal Controls Risk Assessment Designation of BSA Compliance Officer Training CIP Violations One Customer with 56 MSB Subaccounts SAR Violation $984.4 Million in RDC No Monitoring Adams and Reese LLP, 2015, All Rights Reserved
Conclusions and Questions 25 www.adamsandreese.com Email: paul.carrubba@arlaw.com Adams and Reese LLP, 2015, All Rights Reserved
FFIEC REMOTE DEPOSIT GUIDANCE Presented by: PAUL A. CARRUBBA Adams and Reese LLP Phone: (601) 292-0788 E-Mail: paul.carrubba@arlaw.com