NetPractice Exchange Vo 2 No 2

By Saskia Rietbroek, CAMSIdentity theft is a significant concernfor consumers. It violates financial privacy, destroys credit histories, andruins good reputations. For financialinstitutions, it costs time and moneyand can create significant risks tosafety and soundness, a phrase thathas been all but dropped from thevocabulary of bankers and regulatorsthese days.

The U.S. ID Theft FACTA Red FlagsRules require banks and other firmsto be proactive in helping to protecttheir customers from this seriousfinancial crime. The rule requires themto have controls in place that aredesigned to address the risk of identitytheft to consumers as well as to thesafety and soundness of the institution.They must implement a risk-basedwritten Identity Theft PreventionProgram containing reasonable policiesand procedures that address the riskof identity theft. The program must be board approved and the staff mustbe trained in the program. Themandatory compliance date for therule is November 2008.

Who and what is covered?Creditors and financial institutions arecovered and must comply with the RedFlags Rule. Creditors include anyonewho arranges for the extension,renewal or continuation of credit,including third party debt collectors.Service providers such as cell phonecompanies and utility companies mayalso be subject to the Red Flags Rule.Financial institutions and creditors thatoffer or maintain “covered accounts”must develop and implement a writtenprogram detailing their red flag policy.Covered accounts are the accountswhere identity theft is most likely tooccur, including:

• Credit card accounts

• Mortgage loans

• Installment credit

• Margin accounts

• Cell phone accounts

• Utility bill accounts

• Checking accounts

• Savings accounts

• Certain business and otheraccounts

Do not exclude accounts simplybecause they are business accounts.Business accounts such as small businesses or sole proprietorships maybe “covered accounts” under certain

Continued on Page 2

Vol. 2, Issue 2, 2008

Table of Contents

ID Theft “Red Flags” Rule – Automating the Compliance Process ...................................-3

Successful Product Advisory Council Meeting .........................Page 4

Hot Docs ....................................Page 5

User in the Spotlight...................Page 6

NetPractice Celebrates 1st Birthday................................Page 7

Fiserv Fraud & Compliance User Group Conference 2008........................Page 8

Financial Crime News Around the World.......................Page 9

Featured Functionality ..............Page 10

IT Corner..................................Page 11

Poll Question............................Page 12

Calendar of Events 2008 ..........Page 12

AUGUST 2008

ID Theft “Red Flags” Rule – Automatingthe Compliance Process

| NetPractice Exchange

ID Theft “Red Flags” Rule Continued from Page 1

circumstances; in particular, where there is a “reasonablyforeseeable risk” to customers or to the safety and sound-ness of the institution from ID theft.

Risk-based approach to detecting ID theft red flagsEarlier detection of potential risk is key. The Red Flags Ruleincludes a list of 26 early warning signals (i.e. red flags)that should lead the financial institution to take a closerlook at a particular situation. The list helps firms identifywhat to look for when uncovering possible fraudulentbehaviors.

The Red Flags Rule provides a significant degree of flexibilityto allow institutions to adapt the requirements to meettheir own individual needs and circumstances.

In line with the risk-based approach, each financial institu-tion has the flexibility to develop policies and proceduresto identify which of the red flags are applicable to them.This risk-sensitive approach will also enable the firm toaddress identity theft risks as they evolve and to focus onthe areas where the risks are the highest. For example:

• Red flags appropriate for accounts that can be openedor accessed remotely may differ from those that requireface-to-face contact

• Red flags relevant to deposit accounts may be differentfrom red flags dealing with credit accounts;

• Red flags applicable to consumer accounts may differfrom those applicable to business accounts

In addition, a firm should consider as relevant those redflags that directly relate to its previous experiences withidentity theft.

Leveraging existing programsBy complying with the CIP (Customer IdentificationProgram) regulations (implementing section 326 of theUSA PATRIOT Act), some financial institutions already meetmany of the requirements for the Red Flags Rule. Although

compliance with parallel requirements is sufficient for compli-ance under these rules,the CIP will not alwayscover everything that is required to complywith the ID theft rules.

The CIP rules werewritten to prevent anddetect money launder-ing and the financingof terrorism. Certaintypes of accounts,customers, and products are exemptedor treated speciallyunder the CIP rulesbecause they pose alower risk of moneylaundering or terrorist

financing. This special treatment, however, may not beappropriate to accomplish the broader objectives of battling identity theft. The use of the CIP rules does notalways adequately address identity theft. For example, theCIP rules allow accounts to be opened before identity isverified, which is not the proper protocol to prevent identity theft.

The role of softwareThe NetEconomy Fraud Manager solution of Fiserv Fraudand Compliance offers a proven solution to help financialinstitutions support their identity theft prevention programswhile complying with the red flag rule. Examples of troubleareas that the Fiserv Fraud and Compliance software isdesigned to focus on:

• Risky customers: The solution can identify customersthat are at risk of becoming a fraud victim based ontheir characteristics, such as age, account balance and

Saskia Rietbroek is FinancialCrime Advisor to Fiserv Fraudand Compliance. She was thefounding Executive Director of

the Association of Certified Anti-Money LaunderingSpecialists (ACAMS), an organization with 8000+

members. She is partner at AMLServices International, a

consulting and training companyin the money laundering and

terrorist financing field(www.nomoneylaundering.com).

She is a frequent speaker onmoney laundering.

She is based in Miami, FL.

Detecting red flagsA phishing victim’s account can show a transfer from the savings account to a current account, and later anotheramount is transferred out of the current account to a third party. The Fiserv-NetEconomy fraud solution recognizesthat the activity is unusual because the frequency is higher (more activity than usual) and the amounts are largerthan is common for the victim’s profile. Furthermore, the customer has never before transferred money to thisthird party’s account. This means that the beneficiary account was new for the victim’s profile. Based on this, thesolution will generate an alert that can be investigated by the bank or credit union’s fraud team.


activity of the account. It can also identify customersthat may be fraudsters based on characteristics includingage and/or residence in a high-risk location. Once thesecustomers are identified, they can be more closely monitored for red flags.

• Unusual transfers: A powerful analytic engine analyzesand profiles accounts, customer and end-user activitydata, and generates real-time alerts on suspiciousevents that enable the bank, credit union, or creditor tobecome proactive on identity theft. An alert can be generated when unusual transfers occur.

• Unusual address changes and card requests: The fraudster can submit an address change on behalf ofthe intended victim and follow up with a request for anew card and PIN. The criminal then uses the new cardat ATMs to empty the account. The NetEconomy solution can generate an alert if unusual addresschanges and new card requests occur.

In addition to generating alerts, the NetEconomy softwareoffers an array of workflow features and investigative toolsthat include:

• Powerful investigative tools: The software provides powerful investigative tools for post-event analysis,including cross-channel search of account, customerand user activity with visual tools and graphs.

• Red flag repository of alerts generated across the enterprise: NetEconomy solution of Fiserv Fraud andCompliance offers one place to easily locate and accessall alerts and cases related to ID theft, other types offraud, money laundering, and other types of financialcrime.

Battling channel-surfingThere is a growing need for financial institutions to haveenterprise-wide clarity when it comes to the managementof fraud and other financial crimes such as money laundering. Often, we see that point solutions for variouselements of fraud monitoring and management arealready in place for specific types of fraud, such as debitcard fraud and check fraud. But with a growing number ofchannels for customer intake and interaction, including useof the telephone and internet, fraudsters are taking advantage the situation by channel-surfing. This cross-channel fraud exploits the vulnerabilities of traditional tactical point-solutions and is likely to be one of the greatest “hot” fraud areas in the coming years.

To mitigate these risks, financial institutions are movingaway from tactical point solutions and are looking for vendors with a holistic approach to enterprise risk management.

With the ground-breaking ID theft rule, financial institutionsmust take every possible step to protect and assist customers who become victims. On top of that, the criminals continue to find new ways to commit ID theft.Without support from the proper technology, this becomesa very challenging task. With one integrated case management and red flag management system, FiservFraud and Compliance software provides a holistic customerview that can be used seamlessly across channels anddepartments. This enables firms to have instant businessrisk insight and to achieve operational efficiencies in a turbulent market.

Key elements of a “red flags” program• Identify patterns and specific forms of activity that

are ID theft “red flags” and incorporate them intothe program

• Program approval by the board of directors or anappropriate committee of the board

• Monitor red flags that have been incorporated intothe program

• Respond appropriately to red flags that are detectedto mitigate identity theft

• Ensure regular updates to the program that reflectchanges in identity theft risks

• Develop procedures to assess the validity of arequest for a change of address that is closely followed by a request for an additional or replacement card

• Develop reasonable policies and procedures toapply when an address discrepancy notice isreceived from consumer reporting agency.


The Committee, which was launched in Spring 2008,serves as an intermediary between the overall membershipand the NetEconomy product management team. Thecommittee is mainly intended as a sparring partner forNetEconomy’s product management to determine thefocus of product development and to assess priorities. Thiscan be both for strategic initiatives and for areas of specialattention. The role of the new Committee is to channeland prioritize NetEconomy product suggestion or enhance-ment requests from the worldwide user community toNetEconomy and track the progress of the requests andreport back to the NetPractice membership on the statusof the requests. The committee is not to replace the current systems and processes for submitting defects orproduct suggestion requests on a feature level. The goal is to stay a level above that, enabling NetEconomy productmanagement to determine what new or existing productareas to focus on.

During the council meeting, customers such as BancoEspirito Santo, Dexia, ING Bank, SEB, and Sun LifeFinancial gave presentations outlining their achievementsto date using NetEconomy and their business objectivesfor the near future. Lively discussions followed these presentations, allowing customers to exchange ideas onhow they are resolving similar challenges they face.

ING began by outlining their autonomous organizationalstructure with numerous hub installations serving theircompliance offices across the globe. The advantage of acentralized approach was discussed, as were the advantagesof sticking to an existing autonomous structure. ING wasalso interested in fraud prevention and AML insurance,and had begun some investigations in this area. Amongtheir recommendations were advancing the user-friendli-ness of the NetEconomy AML product, enriching theNetwork Analysis tools, and providing a visualization ofmoney-flows.

Banco Espirito Santo touched on the challenges facingtheir first implementation of an AML monitoring solution.

They stressed the need of having consultants available,expressing that things moved easier and faster when consultants were on hand. A discussion arose on ensuringthat the budget for all projects (especially first installations)should include this consultancy help. They commented thatthe manuals were often too technical, and that more“how to” chapters would be very welcome. Creating userroles was often also quite challenging, so the provision oftemplates to guide in this process would be also welcome.

A wish to provide risk scoring of alerts as they are beinggenerated was expressed, as well as an audit service fromFiserv (e.g. 6 months or 1 year after the first installation tosee if false positives could be lowered even further). Theusability of the product and the ability to make ad-hocqueries was also touched on.

SEB explained their need to support a large internationalbase (some 20+ countries) and expressed the importanceof flexibility in supporting local needs. A discussion followed on the challenges of supporting countries such asRussia and China – a challenge that other members werealso facing as their needs to support other local countriesexpanded.

SEB, like most other banks, has a complex infrastructure,with some 300+ systems, so integration is often a bigchallenge. Configuration, version management (global and local), usability, single thread processing, and authentication were subjects also touched on.

Dexia began by explaining their structure and need to support multiple countries and entities. The challenges ofname matching arose and this opened an interesting dialog with the other members of the Council that included how to handle internal lists (some customersexpressing that they had over 60 lists to manage).

Sun Life Financial began by reminding the audience thatmost vendors do not understand our business, so we needto educate them. The importance of a partnership betweenthe financial institution and the vendor was expressed,

On June 10th, the NetPractice Product Advisory Council (PAC) met in Dublin,Ireland, during the Fiserv Fraud & Compliance User Group Conference 2008.

Successful Product Advisory Council MeetingRichard McCarthy, Chairman Product Advisory Council and Vice President Product Marketing at Fiserv Fraud and Compliance


where each is at hand to help the other along. Askingvendor consultants to come in only after an issue alreadyexisted was discouraged. Contracts between the two parties should be negotiated so that consultants are available to help throughout the project and thereafter.

Sun Life mentioned how they had managed to staff downafter their NetEconomy implementation. This was achievedby focusing on those that pose high risk, and leveragingfewer but more highly qualified people. Sun Life alsosupported Espirito Santo Bank’s request for audit services,removing alerts they now realized that did not need to beseen, and looking at rules that should be changed.

In looking back at the presentations given, several mem-bers remarked on the common issues they all face and

the values of discussing these with other customers. Theimportance of avoiding “jumping into” AML projectswithout advanced preparation (such as in knowing howto risk score customer transactions, agreed workflow,etc.) was also emphasized. In reflection, this was seen as a key marker in identifying the difference between asuccessful and a stressful AML implementation project.

In their evaluation of this council meeting, all participantsmarked this event as “excellent”, asking to be invitedagain next time the council meets.

If you are interested to learn more about the Council,or to join it, please contact us at NetPractice ([email protected]).

FATF: Financial Crime Vulnerabilities ofWebsites and Internet Payment SystemsA June 2008 FATF (Financial Action Taskforce) study talksabout vulnerabilities of mediated customer-to-customerwebsites and Internet payment systems. The combinedweaknesses of user anonymity, rapid transactions, limitedhuman intervention, ease of international presence, limitedjurisdictional authority, and inherent difficulty of thefinancial institution in detecting suspicious transactionsfosters an environment in which money laundering risksrun rampant. The 42-page document provides case studieson how these websites and payment systems can beexploited not only for money laundering and terroristfinancing, but also for fraud and the sale of illegal goods.The document can be found at www.netpractice.org.

NetPractice Video: How Peer Group AnalysisReduces False PositivesMonitoring customers purely on the basis of historicalactivity can be misleading if their activity is not actuallyconsistent with similar types of customers. Moreadvanced detection capabilities are necessary. Refreshyour memory on standard deviation, z-scores and learnhow to set up a peer group to detect suspicious activity.The July 2008 video also provides an example of Fiserv-NetEconomy customers who have leveraged Peer GroupAnalysis to tremendously lower their false positives.Download the video for free at:http://www.netpractice.org/memberarea/education_training.aspx

NetPractice Video: Raising the Red FlagIdentity theft is the fastest growing crime in America.In 2008, the FTC estimates that 26 million Americanswill become victims of identity theft. The Fed’s new RedFlags rule requires you to take action to prevent identitytheft. In this training video you will learn about identitytheft and the new Red Flags regulation which requireall financial institutions to take action to prevent,detect, and mitigate identity theft for all of their customers. Download the video for free at:http://www.netpractice.org/memberarea/education_training.aspx

FinCEN Study on Money Laundering in the RealEstate SectorIn April 2008, the U.S. Financial Crimes EnforcementNetwork issued a study on residential real estate-related money laundering. The study found that morethan 75% of the entities suspected of involvement inresidential real estate related money laundering wereindividuals unaffiliated with residential real estate-related businesses. For example, launderers using multiple nominees or straw buyers to secure numerousmortgages on various residential properties, thereby creating a means for the conversion of illicit cash intoreal property while projecting the appearance of manyunrelated mortgages paid on a regular and timely basis. Download the document at:http://www.fincen.gov/news_room/rp/strategic_analytical.html

Hot Docs and Downloads


1. Describe your institution, such as size of the bank,location, and number of branches.

Van Lanschot is the oldest independent banking institutionin the Netherlands. We are a full service bank with a focuson Private Banking. We have 35 branches in theNetherlands and additional branches in other countries,including Luxemburg and Belgium.

2. Which version and module(s) of NetEconomy doesyour institution use, and for how long?

We’re using version 4.1.3 and we’ve used NetEconomysince 2004. Currently we use the Compliance Managerand have some extra modifications for fraud alerts.

3. How do you use the software across the differentbranches?

NetEconomy’s Compliance Manager is used in theNetherlands and in Luxemburg. In the Netherlands we’reusing the NetEconomy solution in the ComplianceDepartment and in Risk Management (departmentZorgplicht). We’re currently installing a user group withparticipants of different departments. This is a way of getting more out of the transaction monitoring.

4. Describe your role working with the NetEconomy solution.

In the fraud department, NetEconomy is used to detectskimming. Skimming is a term for the copying ofdebit/credit cards. With NetEconomy you can detectunusual behaviour on an account. We attempt to defineunusual behaviour for debit cards so we can stop thefraudulent withdrawals. We’re also using NetEconomy forinvestigation and CDD (customer due diligence) reviewson our customers.

5. What is your favorite NetEconomy feature and why? The investigations module. You can easily access largeamounts of data. Like most banks, we have about threemonths of transaction data available on line. InNetEconomy there is over one year of transaction datathat you can use for analysis. Another favourite feature isthe Network Analysis Module because you can see veryquickly which counterparties your customer is dealingwith.

6. What would you like to see added to the currentNetEconomy solution? This could be something relat-ed to management reporting, alert configuration, userinterface, or integration with other tools.

We would like a printing or export feature for the networkanalysis so we can visualise the network for our files.Currently we copy/paste the network into a Word document,but with some larger networks it isn’t possible to properlypresent all the information.

7. What is the biggest challenge in detecting unusualbehaviour of transactions and customers?

Because of our core business a lot of customers can transfer large amounts of money but that’s not unusualbehaviour. Our challenge is to reduce false positives concerning these customers.

8. Can you give one piece of advice to a new user?Make use of the knowledge of other users and ofNetEconomy. If you’re a new user, you must realise thatmany other NetEconomy users already dealt with chal-lenges like false positives. Make use of their experience.

9. If you had 15 extra minutes in your busy work day,what would you do with it?

Drink a nice cold Belgian beer at a bar in the city centre ofDen Bosch and enjoy the beautiful city.

Peter Temminck is a member of the Risk Management team at Van Lanschot Bank and is responsible for the fraud risks management. Peter has been workingin the financial services industry for more than 10 years and is situated in Den Bosch, The Netherlands.

User in the Spotlight Peter Temminck, Van Lanschot Bank


We’re celebrating our 1st year anniversary! During thisyear, NetPractice has grown in many ways, ranging froman increase in customers logging on to our on-line community Web site, to the larger number of on-line training sessions and webinars being attended. With moremembers joining from around the world, NetPractice isbecoming a recognized name in the AML and fraud pre-vention field.

NetPractice was launched to serve the steadily expanding,world-wide customer base of Fiserv Fraud and Compliance. Itbecame evident that more than just a yearly meeting wasneeded to provide users with a forum to informallyexchange information and experiences regarding their useof the NetEconomy software. In October 2006, we conducted a survey of 250 users in order to gain feedbackon the interest of forming an online user group organization. The survey results were overwhelmingly supportive of the concept to launch this interactive usergroup community, where users can network and communicate with each other on an ongoing basisthroughout the year. As a result, NetPractice was launchedin May 2007. The group officially opened its doors formembership during the Complinet Conference in Londonthat same month.

Our objectives were twofold: first to ensure that our members can make maximum use of the Fiserv Fraud andCompliance platform, and secondly, to build strong andsustainable relationships among the members of the community.

Our milestones to date include:

• In our first year alone, NetPractice has received recogni-tion in numerous ways including customer references,endorsement from independent industry analysts, and ahigh rank order in Internet search engines for areas suchas anti-money laundering community.

• In his review of NetPractice, Neil Katkov, senior analyst ofCelent, said: “Financial institutions continue to struggleto implement thorough, effective and efficient proceduresto deal with money laundering and other financial crime,and are finding they can’t solve all the problems on theirown. Compliance communities address a deep need forsharing experience and best practices to help handle

these challenges. Organized by a leading compliancesolutions vendor, the NetPractice user community is awelcome addition in this area.”

• In Spring 2008, NetPractice conducted a customer surveyasking customers to evaluate NetPractice, the AML andfraud transaction monitoring technology they use, and fortheir view on their AML and fraud priorities for the nearfuture. The results of the survey overwhelmingly showed thevalue members saw in NetPractice as well as offering posi-tive and constructive feedback on the AML technology theyare using.

Other first year anniversary milestones include:

• Several NetPractice Advisory Board Meetings with members from across the globe, including RBTT in theCaribbean, ING in the Netherlands, and CitizensFinancial Group in the USA.

• The first face-to-face meeting of the Product AdvisoryCouncil (read more in our article “Successful ProductAdvisory Council Meeting”) held on June 11, 2008 with14 members attending in person.

• The publication of printed quarterly newsletters.

• Webinars from independent and respected industry analysts, such as Celent on “AML Trends to Watch-outfor: 2008 – 2010”.

• Self-training videos streamed at netpractice.org,including as subjects “Basic Steps in TransactionMonitoring” aimed at new compliance employees.

• Highly attended webinars on new regulations, and onhow to leverage your existing investments in transactionmonitoring technology to support them. For example,“Raising the Red Flag, How to comply with the new US ID theft Regulation”.

We had a great first year and look forward to expandingto ever more exciting meetings and activities in the yearsto come. Many who participated have pushed their skillsfar beyond anything they had previously achieved, andthat is exactly what we hoped would happen. We also hada lot of fun and got to know each other better – anotherimportant goal accomplished!

Sincere thanks to all our members and the support staffthat have helped make it such a success – congratulations!

Stan Harmsen van derVliet – DirectorNetPractice

NetPractice Celebrates 1st Birthday


Fiserv Fraud & Compliance User Group Conference 2008We were delighted to welcome over seventy NetEconomyand CheckFree customers from more than fifteen differentcountries to this year’s event, which was graciously hostedby Bank of Ireland in Dublin.

With the announcement of the integrated Fiserv Fraud &Compliance Group, this was the perfect occasion to shareand discuss customer experiences and the latest productinformation with our new colleagues and customers. Theconference was opened by Sebastian Kuntz, President ofthe new group, and was followed by an introduction fromRahul Gupta, Group President for Payment and IndustryProducts at Fiserv.

It was a full first day with a combination of customerexperience presentations, product roadmap discussions,and breakout workshops ranging from ‘’How to improvethe quality of your alerts’’ to sessions for IT professionalswho have ‘’IT/Data stream and configuration challenges’’.A session sponsored by our partner, Fircosoft, discussedWatchlist Matching, and the workshop on Employee Fraudproved to be particularly popular. For myself, the highlightof the first day was the presentation by Claude Baksh from Canada on Sun Life Financial’s risk-based approachto list matching.

We broke from tradition for the evening dinner and leftthe hotel for some Irish food and entertainment in themountains of Glencullen at one of Ireland’s oldest pubs,Johnnie Fox. Judging by the evaluation form ratings andphotos, we made a good choice!

Day two of the conference continued with a lively presen-tation on ‘’How to effectively manage your false positivesthrough screening your client list against a PEP list’’ fromDow Jones, our second sponsoring partner.

We then held eight additional workshops in parallel sessions,which included two training master classes for both newand more advanced users. These sessions were very popular and provided a valuable insight into how trainingcan dramatically improve the use and effectiveness of your financial crime solution.

The conference concluded with another guest speakerfrom Canada, Ivan Zasarsky, who gave a joint presentationwith Saskia Rietbroek on the current global trends in bothAML and Fraud.

I would like to take this opportunity to thank the following:

• The Bank of Ireland (particularly Dave Lombard, andRonan O’Beirne for ‘’standing in’’ at short notice, asDave was unable to stand!) for hosting this year’sevent; for their support along with the other UserGroup Committee members and NetPractice (particularlyStan Harmsen van der Vliet) who assisted in the formulation of this year’s agenda.

• Our sponsoring partners, FircoSoft and Dow Jones,for their support and involvement in the event.

• All those colleagues who presented and/or ran workshops.

• And finally you, the customers, who make the eventhappen!

It was good to see so many familiar faces, and the newones, too! There is always such a great atmosphere at theUser Group conference; it feels like old friends meeting upfor an annual reunion!

Hope to see everyone, and more new faces, next year!

Melanie CousinsMarketing ManagerFiserv Fraud & Compliance

(Please note: Most of the slides, video presentations andphotos from the conference and dinner are available todownload at www.netpractice.org)

If your institution is interested in hosting nextyear’s Usergroup, please contact MelanieCousins at [email protected].


Financial Crime News fromAround the WorldSwitzerland Amendments to money laundering regulations

The Swiss Federal Banking Commission (SFBC) releasedJanuary 28th, 2008 amendments to the SFBC MoneyLaundering Ordinance (MLO SFBC) adopted on December20th, 2007. The amendments aim to implement the recommendations of the Financial Action Taskforce, a globalmoney laundering watchdog.

Although, the structure of the Swiss risk-based regulationremains generally unchanged, within the context of themonitoring of transactions there are two changes that areconsidered of particular importance:

• Business relationships are now considered by default ahigher risk for those relations with foreign financial intermediaries for which a Swiss supervised intermediaryholds a correspondent account (art.7-3);

• The inclusion of originator information on wire transfershas been adjusted to reflect international practice.Financial intermediaries are required to include originatordetails for all transfers above CHF 1,500 (US$1,452).For domestic transfers a limited set of data is sufficient aslong as full information can be provided to a beneficiaryinstitution on request within three business days (art.15-1; 2).

The changes to the MLO SFBC became enforceable on July 1, 2008. For the implementation of articles 7 and 15, atransition period lasting until January 1, 2009 is foreseen.An overview of amendments to the MLO SFBC can befound at http://www.ebk.admin.ch/d/aktuell/20080128/20080128_02_d.pdf.

India Guidance reiterates obligations of banks

The Reserve Bank of India (RBI) has provided guidance toboth the obligation of banks to report integrally connectedcash transactions and to report all suspicious transactions— irrespective of the amount involved and includingattempted transactions — to the Indian FinancialIntelligence Unit (FIU). The different guidelines were issuedin May, June and July 2008.

RBI has also reiterated that banks must “put in place anappropriate software application to trigger alerts when thetransactions are inconsistent with risk categorization andupdated profile of customers”.

Additional notice and guidance has been given to ensureelectronic filing of CTR (currency transaction report) and STR(suspicious transaction report) to the FIU for banks wherenot all the branches are fully computerized. An illustration ofintegrally connected cash transactions and an indicative listof 56 suspicious activities that may be considered by bankscomplement the published notification.

With this notification, the RBI has tightened the rules issuedin February 2006 in pursuance of the Prevention of MoneyLaundering Act (PMLA 2002).

The notification for commercial banks can be found athttp://www.rbi.org.in/scripts/NotificationUser.aspx?Id=4188&Mode=0

USA FinCEN Announces Retirement of BSA MagneticMedia Filing Program

In keeping with its efforts to make Bank Secrecy Act (BSA)filing requirements more secure, efficient, and effective, theFinancial Crimes Enforcement Network (FinCEN) todayannounced its intention to retire the BSA Magnetic MediaFiling Program. Current Magnetic Media filers must transi-tion to BSA Electronic Filing (E-Filing) no later thanDecember 31, 2008.

More information about FinCen’s intentions can be found athttp://www.fincen.gov/news_room/nr/html/20080721.html

The Netherlands New Act on the prevention of moneylaundering and terrorist financing

On August 1, 2008 a new law on the prevention of moneylaundering and terrorist financing (“WWFT”) entered intoforce in The Netherlands. The WWFT (“Wet ter voorkomingvan witwassen en financieren van terrorisme”) is the Dutch implementation of the third EU Directive on moneylaundering.

The new Act introduces a number of significant changes relative to the current legislation, particularly in the field ofcustomer due diligence and ongoing monitoring. The mostimportant change in this regard is the introduction of a risk-oriented approach as the guiding principle. All customersand usages of products and services should continuously beassessed in terms of risk exposure.

A summary can be found at http://www.netpractice.org/dutch_regulatory_update.aspx

Featured FunctionalityProfiling at the Customer Level

Increasingly, financial institutions are required to monitoractivity at the customer level in addition to the accountlevel. A simple example of this is the requirement to file asuspicious activity report if a customer's activity acrossmultiple accounts in a single day exceeds a pre-establishedthreshold.

In NetEconomy version 4.2 a new functionality has beenadded for customer-level profiling that allows financialinstitutions to monitor the activity of a single customeracross multiple accounts. Customer profiles can be generated based on the customer number, the tax identification number (TIN), or another unique customer-key.

The customer profiles are generated based either on thecustomer information delivered in the transaction streamor on information in the relationship table. For the firstscenario, the customer number, tax identification number,or customer-key needs to be delivered in the transactionstream to identify which customer executed the transac-tion. Based on the customer identifier delivered in thetransaction stream, the software will generate or updatethe corresponding customer profile(s). For example, if customer John Smith with customer number CUS001 performs a cash withdrawal on a joint account and thisinformation is provided to the software in the transactionstream, it will automatically update John’s cash profile,but not the profile of the second account owner of thisjoint account.

For the second scenario, the software will generate customer profiles by aggregating the activity of the accountsrelated to the customer. For example, a customer profile canbe generated based on the activity on all accounts for whichthe customer is the account holder, or, in an insurance company, for all policies for which the customer is the policyowner. For example, if account ACC001 has two accountholders and one of the account holders performs a transaction, the software will automatically update the customer profiles of both account holders.

Profile types can be configured as active or inactive for bothaccount profiling and customer profiling. Only profiles withan active type will be updated during the transaction streamimport process. Additionally, it is possible to indicate pertransaction code whether account-level and/or customer-level profiles most be generated (see figure). For instance, ifa financial institution would like to monitor cash activity atcustomer-level and not at account-level, it is possible to turnthe cash profile on for customer-level profiling and turn itoff for account-level profiling.

A new version of the transaction stream has been createdfor the purpose of customer profiling. This new transactionstream must be used in conjunction with this new functionality. Please refer to the Data Requirements document for more information.

Please contact your account manager if you wish toreceive more information about customer centric profiling,or send an email to [email protected].


Figure: Customer profiling per transaction code

How to Change the Font Size on Your NetEconomy’s Financial Crime Suite Desktop


Volume 2, No. 2, 2008

NetPractice Exchange

This newsletter is a quarterly publication by Fiserv Fraud andCompliance for NetPractice members and others interested inNetPractice or Fiserv Fraud and Compliance in general.

NetPractice Advisory BoardFlorisela Bentoera, CAMS, Manager Compliance and AML Operations, RBTT Dutch Caribbean, Curacao,Netherlands AntillesDeborah King, CAMS, VP Director AML Investigations, CitizensFinancial Group, Medfort, MA, USAMichiel Peeperkorn, CAMS, Compliance Officer, ING Bank,Amsterdam, NetherlandsSaskia Rietbroek, CAMS, Financial Crime Advisor, NetEconomy,Miami, FL, USA (Chair)Cindy Shelton Ryan, CAMS, Compliance Officer,Bank-Fund Staff Federal Credit Union, Washington D.C., USAAleksejs Truhans, IT Development, Parex Banka, Latvia

NetPractice StaffDirector: Stanley Harmsen van der Vliet, CAMSMarketing Coordinator: Roos Goosen

This newsletter is for general information purposes only. Theviews expressed in this newsletter are not necessarily those ofFiserv Inc. Fiserv Fraud and Compliance has taken all reasonablemeasures to ensure that the material contained in this newsletteris correct. However, Fiserv Fraud and Compliance offers no warranty and accepts no responsibility for the accuracy or thecompleteness of the material. In publishing this newsletter,neither the authors nor Fiserv Fraud and Compliance are engagedin rendering legal or other professional advice.

NetPracticeLoire 200-2022491 AM, The HagueThe NetherlandsTel: +31 (0) 70 452 5448Fax: +31 (0) 70 452 [email protected]

Because it might be preferable for some people to have alarger font size for the NetEconomy’s Financial Crime Suitedesktop, NetEconomy now offers a larger font size tomake it easier for users to read the alerts and case management.For example:Change Password — Change PasswordThis article describes how to customize the appearance of your NetEconomy desktop by changing the font size tomeet your own preferences. You need to have an ITadministrator authorization level to complete the following steps.

How to change the font size

To change the font size, follow these steps:

1) Create a new folder which you can name, as an example, “BigFontDefault” in the folder directory:[DRIVE]:\Inetpub\wwwroot\AML\Images\Skins

2) Copy all files from [DRIVE]:\Inetpub\wwwroot\AML\Images\Skins\Default folder into the new folder“BigFontDefault”.

NOTE: If you do not use the NetEconomy’s default layout setting (Default Skin), please copy the files of your preferreddesktop layout to the new folder.

3) Open all files with extension .css in the “BigFontDefault”folder (four files in total) with your text editor.

4) Search for “font-size: 11px”, and change the size ofyour pixels to 13px and save the files. Please note thatyou have to change the font size in every location.

5) Open your NetEconomy Financial Crime Suite andselect “My settings” in the left menu bar.

6) Click on the “Skin” option and select “BigFontDefault”to change your font size.

NOTE: Font changes are not automatically updated when youupgrade to a newer version of NetEconomy. Please repeatthese steps when you want to update the font size. This feature is not available to all configuration environments,please consult your Fiserv provider with specific questions.

IT CORNER

Figure: My settings window

NetPractice, Loire 200-202, 2491 AM The Hague, The NetherlandsPhone: +31 (0)70 452 5440 Fax: +31 (0)70 452 5444, [email protected]

©2008 Fiserv, Inc. 4/08

Contact

Calendar of EventsACAMS 7th Annual International Money Las Vegas, NV 8-10 September 2008Laundering Conference & Exhibition www.acams.org

The Market Drive Towards Fraud and webinar 17 September 2008Compliance Convergence, presented by Celent www.netpractice.org

ACAMS European Money Laundering Prague 17-19 November 2008Conference and Exhibition www.acams.org

The poll question for next month is:

After how many SARs/STRs do you typically close the account?

• 2 • 3 • No specific limit, we can’t close

the account

Please submit your vote at www.netpractice.org

Poll QuestionResponses to last month’s poll question on www.netpractice.org were:

Who decides whether or not to close an account after filing a suspicious or unusual transaction report?

Senior management (49.43%)Compliance officer (28.74%)Can’t close because of legal restrictions (16.09%)Relationship manager (5.75%)

NetPractice Exchange Vo 2 No 2

Documents

Transcript of NetPractice Exchange Vo 2 No 2