NetPractice Exchange Vol 3 Nr 3

NetPractice Exchange Fraud and Compliance Best Practice Community from Fiserv

July August 2009Volume 3 Number 2

Cover Payment Messages in Cross Border Wire TransfersWill Intermediary Banks Carry the Burden of Necessary AML Investments?6

The Next Wave of Check Fraud: Are You READY?Page 4

+1 800-872-7882+1 [email protected]

+31 70 452 [email protected] www.netpractice.fiserv.com.

Fiserv is a registered trademark. Other products referenced in this material may be trademarks or registered trademarks of their respective companies.© 2009 Fiserv, Inc. or its affiliates. 1-73-9-MS FIS Fraud & Compliance July/August 2009 NetPractice.

Fiserv, Inc.255 Fiserv DriveBrookfield, WI 53045

NetPractice ExchangeThis magazine is published three times per year and is a publication by Fiserv for NetPractice members and others interested in NetPractice or Fraud and Compliance Solutions.

10 Reasons to Join NetPractice: A chance to interact with other AML and fraud detection experts NetPractice is a highly specialized service that focuses on the specifi c needs of one niche group: fi nancial crime professionals who work with Fraud and Compliance Solutions technology from Fiserv. NetPractice’s value and advantage lie in its focused best-practice information, its dedicated services and its commitment to enriching the professional lives of its members. NetPractice combines our technology with the human element, an online user community to enrich the professional development, learning, connectivity and the professional lives of the members through the sharing of knowledge.

Calendar of Events

Poll Question and Results

How frequently do you update country risk profiles for purposes of monitoring for suspicious activity?

Once per month ......24%

Once per quarter .....44%

Once per year ..........32%

Our next poll question is:

With what percentage has your financial institution’s AML/fraud detection budget been cut because of the recession?

Cast your vote at:www.netpractice.fiserv.com.

24%Once per month

44%Once per quarter

32%Once per year

NetPractice Advisory BoardFlorisela Bentoera, CAMS, Manager Compliance and AML Operations, RBTT Dutch Caribbean, Curacao, Netherlands Antilles

Tom Firnhaber, Director of Compliance, NetSpend, Austin, TX, USA

Deborah King, CAMS, VP Director AML Investigations, Citizens Financial Group, Medfort, MA, USA

Saskia Rietbroek, CAMS, Financial Crime Advisor, Fiserv Fraud and Compliance, Miami, FL, USA (Chair)

Cindy Shelton Ryan, CAMS, Compliance Offi cer, Bank-Fund Staff Federal Credit Union, Washington D.C., USA

Aleksejs Truhans, IT Development, Parex Banka, Latvia

NetPractice StaffDirector: Stanley Harmsen van der Vliet, CAMS

Marketing Coordinator: Roos Goosen

NetPracticeUnited States of America255 Fiserv Drive Brookfi eld, WI 53045Phone: +1 262-879-5000 Toll Free: +1 800-872-7882 Fax: +1 262-879-5013

EuropeLoire 200-2022491 AM, The Hague The Netherlands Tel: +31 70 452 5448Fax: +31 70 452 5444

netpractice@fi serv.comwww.netpractice.fi serv.com

This newsletter is for general information purposes only. The views expressed in this newsletter are not necessarily those of Fiserv, Inc. Fiserv has taken all reasonable measures to ensure that the material contained in this newsletter is correct. However, Fiserv offers no warranty and accepts no responsibility for the accuracy or the completeness of the material. In publishing this newsletter, neither the authors nor Fiserv are engaged in rendering legal or other professional advice.

Fiserv is a registered trademark. Other products referenced in this material may be trademarks or registered trademarks of their respective companies.

© 2009 Fiserv, Inc. or its affi liates.

Not a NetPractice member yet?

NetPractice is an online Fraud and Compliance Solutions user community that develops, delivers and supports innovative services and resources that helps its members improve the way they control the risks associated with fi nancial crime management and compliance initiatives.

To become a member, please visit www.netpractice.fi serv.com.

Get immediate online access to 5. dedicated tools and resources to enhance performance, streamline processes and reduce costsEnhance your anti-money laundering and 6. fraud investigation skills so you can take yourself to a new professional levelGet continuous access to an international 7. network of other users of our solutions to ensure up-to-date knowledge and expertise in using monitoring techniquesReceive insight into the latest anti-money 8. laundering and anti-fraud initiatives

Get involved! NetPractice is a rewarding 9. way for you to share your expertise while meeting new people and making new contacts around the worldGet ACAMS continuing education credits 10. for selected NetPractice webinars

Online member community of thousands of 1. peers using Fiserv Fraud and Compliance solutions for fast real-world problem-solving and idea sharingWatch online videos with step-by-step 2. instructions about how to best use our solutionsReceive monthly training on solutions, 3. compliance strategies and fi nancial crimeReceive NetPractice Exchange: a print 4. newsletter with thought leadership articles, news and best-practice techniques for improved risk detection and management

NetPractice Exchange July August 2009 Volume 3 Number 2

July August 2009 NetPractice ExchangeVolume 3 Number 2 1

Event

Fiserv Fraud and Compliance Webinar: “How to Effi ciency Manage Money Laundering Risk

with Slashed Budgets”

American Bankers Association Regulatory Compliance Conference

Fiserv Fraud and Compliance Client Conference 2009

7th Annual Money Laundering and Financial Crime Conference

20th Annual ACFE Fraud Conference

Fiserv Fraud and Compliance Webinar: “ATM and ACH Fraud”

8th Annual International ACAMS Conference

AFP National Convention

American Bankers Association Money Laundering Enforcement Conference

Location/Website

www.netpractice.fi serv.com

Orlando, Floridawww.aba.com/Events/RCC.htm

Amsterdam, The Netherlandswww.netpractice.fi serv.com/user_

group_event_2009.aspx

London, United Kingdomwww.cityandfi nancial.com

Las Vegas, Nevadawww.fraudconference.com


Las Vegas, Nevadawww.acams.org

San Francisco, Californiawww.afponline.org

Washington, D.C.www.aba.com/Events/MLE.htm

Date

June 3, 2009

June 7 – 10, 2009

June 10 – 11, 2009

July 5, 2009

July 12 – 17, 2009

July 30, 2009

September 30 – October 2, 2009

October 4 – 7, 2009

October 11 – 13, 2009

July August 2009 NetPractice ExchangeVolume 3 Number 2

Word from the NetPractice Director _ 2

NetPractice Up-to-Date _________ 2

NetPractice Member List ________ 3

The Next Wave of Check Fraud:

Are You Ready? ______________ 4

New Rule on International ACH

Transactions: How Will It

Affect You? _________________ 6

Fraud and Compliance –

Outsourcing AML: The ASP

Alternative _________________ 8

Identity Theft and Identity Fraud:

How to Protect Your

Financial Institution __________ 10

Competencies in a Changing World

of AML – Next-Generation Money

Laundering: How to be Prepared _ 11

NetPractice Advisory Board Member

In the Spotlight –

Interview with Tom Firnhaber ___ 12

The Emergence of Financial Crime

Management Technology ______ 14

Featured Functionality: AML Manager

‘Add Risk View Condition’ ______ 15

Cover Payment Messages in Cross

Border Wire Transfers: Will

Intermediary Banks Carry the Burden

of Necessary AML Investments? _ 16

Hot Docs and Downloads ______ 18

Financial Crime News from

Around the World ____________ 19

10 Reasons to Join NetPractice __ 21

Calendar of Events ___________ 21

The Next Wave of

Check Fraud:

Are You Ready?

Page 4

Identity Theft and

Identity Fraud:

How to Protect Your

Financial Institution

Page 10

Cover Payment

Messages in Cross

Border Wire Transfers

Page 16

Table of Contents

NetPractice Up-to-Date

Stay Up-to-Date with the NetPractice Video/PodCast Library

Did you know that every webinar given

at NetPractice is now available online and

ready for you to watch at any time?

Since our start in June 2007, the

NetPractice team has organized monthly

presentations with several experts in

the AML and fraud prevention industry.

Independent senior analysts like Neil

Katkov, Mayiz Habbal, Jacob Jegher, and

also our own financial crime advisors

Saskia Rietbroek and Erik Stein, have

contributed to these webinars.

For those who have missed any of these

well-received webinars, NetPractice

gives the opportunity to watch any of the

previous presentations. Take for example

Celent’s “AML Trends to Watch Out For:

2008 - 2010” or “The Next Wave of Check

Fraud: Are You Ready?” You can simply

go to the “Training Program” section on

the NetPractice website, and click on the

“Webinars” archive option to view all the

available recordings.

You can even download a copy of the

Powerpoint slides, white papers and

other relevant documents. If you own an

iPhone, there are also recorded versions

available to download for your iPhone or

iPod Touch.

For more information or instructions on

how to use some of the NetPractice

advanced website features, please take

a look at our tutorial video on the “New

Members Start Here” page on the

NetPractice website (www.netpractice.

org/New-Members-Start-Here.aspx).

In this issue of the NetPractice Exchange magazine we take a closer look at the next wave of check fraud and AML risks in the interbank world such as correspondent banking and ACH networks. How do you deal with these different banking environments and how can you keep oversight of all these incoming and outgoing transactions flows? Secondly, what are the benefits and concerns of outsourcing AML activities outdoors? Is ASP the answer to today’s cash-strapped needs?

And finally, I would like to give my special thanks to our new NetPractice Advisory Board Member Tom Firnhaber of NetSpend for sharing his experiences with AML in the card processing arena. Read more about NetSpend’s experience in the Advisory Board Member Spotlight and watch the video interview on www.netpractice.fi serv.com/netspend.aspx.

You have properly noticed that this edition of our magazine is orange again. The new Fiserv orange is part of a complete make-over of our core branding strategy. In February, Fiserv launched a new market approach and brand identity that signals our commitment to leading the transformation of financial services technology — representing a significant milestone at the company’s 25-year anniversary.

We are very pleased that Fiserv has decided to choose orange as our new brand color. Not only because we love orange but also because the color orange stands for innovation, which matches perfectly with our own mission statement to develop, deliver and support innovative services and resources that help our members improve the way they control the risk associated with financial crime and compliance initiatives.

Stan Harmsen van der VlietDirector NetPractice

Stan Harmsen van der Vliet is Director of NetPractice, a best-practice user group community for Fraud and Compliance Solutions.

Stan is based in The Hague, The Netherlands.

Word from the NetPractice Director

NetPractice Exchange July August 2009 Page 2 Volume 3 Number 2

July August 2009 NetPractice ExchangeVolume 3 Number 2 Page 3

AmericasUnited State of America

1st Bank Oklahoma1st CU of Gainesville1st Source BankAthol-Clinton Co-operative BankBancorp SouthBank of AmericaBank of HawaiiBank of New EnglandBank of New YorkBank of OklahomaBank of the WestBank PlusBank-Fund Federal Credit UnionBarre Savings BankBeverly Cooperative BankBranch Bank and TrustCalyon Financial Inc.Central BankCentral Pacific BankChicopee Savings BankCiticorp Data SystemsCitizens Business BankCitizens Financial GroupCity National BankComerica BankCommerce BancsharesCommerce BankCompassDanvers Savings BankDFCU Financial Federal Credit UnionEncore BankFederal Trust BankFidelity BankFifth Third BankFinancial Center Federal Credit UnionFirst AmeriCanada Bank GroupFirst Arizona SavingsFirst Charter National BankFirst CitizensFirst Citizens Federal Credit UnionFirst Federal Bank of North FloridaFirst Federal Savings Bank of IowaFirst Federal Savings BankFirst Interstate BankFirst Merit Services DivisionFirst National Bank of OmahaFirst Personal BankFirst Premier BankFlorida State University CUFranklin BankFrost National Bank

GCF BankGreenfield Savings BankGuaranty Federal BankHancock BankHarris BankHarris Trust and Savings BankHibernia National BankHigher OneHome Savings BankHSBC Bank USAHudson United BankHuntingdon Savings BankHuntington BancsharesInsurBancInternational Bank of CommerceInvestment Savings BankJ.P. Morgan ChaseManasquan Savings BankManufacturersMedina Savings and Loan Assoc.MellonMerchants BankMerrill LynchMetropolitan National BankMiami Savings BankMillbury Federal Credit UnionMontecito Bank and TrustMutual of Omaha BankNational City CorporationNBT BancorpNetSpendNew Peoples Bank, Inc.NewAlliance BankNewton Federal BankNorth Akron Savings BankNorth Dallas Bank and Trust CompanyNorth Fork BankNorth Shore Bank.Northern Trust CompanyPanther Community BankPlatinum Community BankPNC BankProvident BankQCR Holdings Inc.RBC Centura BankRegions Financial CorpReliance Savings BankRiggs National BankSavings Bank of HegewischSecurity Savings BankSilicon Valley BankSovereign BankState Bank of Long IslandStephens Federal BankSun West Bank

Sunset Bank and SavingsSunshine State Federal SavingsSunTrustTCF Financial CorporationTexas Capital BankTexas State BankThe Pittsfield Cooperative BankTowneBankUMB BankUmpqua BankUnion Bank of CaliforniaUnion Building and Loan Savings BankUnited Roosevelt Savings BankUS BancorpValley National BankWachoviaWashington MutualWells Fargo BankWest America BanCorporationWest Coast BankWhitney National Bank

CanadaATB FinancialBank of MontrealCanadian Imperial Bank of CommerceNational Bank of CanadaRoyal Bank of CanadaSun LifeToronto Dominion Bank

JamaicaFirst Caribbean International Bank

SurinameDSB Bank

Trinidad and TobagoFirst Citizens BankRBTT Bank

EuropeAndora

Banca MoreBelgium

Dexia GroupCyprus

Bank of CyprusEmporiki BankHellenic BankLaiki BankUniversal Bank

FranceAXA Banque

GreeceAspis Bank

GuernseyCredit Suise Trust

IrelandBank of Ireland

LatviaParex BankaRietumu Banka

LuxembourgRBC Dexia

MaltaBank of Valletta

NetherlandsCredit Europe BankFriesland BankING GroupTriodos BankVan Lanschot Bankiers

PortugalBanco Espirito Santo

SwedenSEB GroupLansforsakringar AB

SwitzerlandAmas Bank

United KingdomAbbeyAdam and CompanyAllied Irish BankBank of ScotlandBarclays Bank PLCClose Private BankLloyds TSB BankNationwide Building SocietySaffron Walden

AsiaIndia

Bank of BarodaKuwait

Kuwait Finance HouseOman

Bank of MuscatPhilippines

Bank of the Philippines IslandsUnited Arab Emirates

Emirates NBD

AfricaMauritius

Mauritius Commercial BankMorocco

Credit Immobilier et HotelierSouth Africa

FirstRand Bank Limited

Meet and network with your fellow NetPractice members.Visit www.netpractice.fiserv.com to see the full member directory: thousands of people worldwide!



in events by as much as six months

or more), little new spend in these

times is likely forthcoming for fraud

prevention. Criminals have learned that

fraud prevention spend trails losses

and have used this time and time again

to their advantage. They view this as a

weak link in financial institutions’ armor

and quickly seize upon and exploit it.

The dynamics of the market are

between a few very large banks, many

relatively small banks and not much in

between. This also creates a shifting

focus by financial institutions who are

involved in acquisition and merger

activity. During merger integration,

financial institutions’ focus shifts from

everyday activities to the integration

efforts; customer service and retention;

transition training; system, process,

policy and department changes; to

most everything but business as usual.

This creates an opportunity for thieves

to capitalize on the financial institutions

looser policies and practices to keep

customers happy, to wreck havoc on

the loss numbers. Attempts go up,

focus goes down, and losses go up.

Based on a study commissioned

by Fiserv, banking clients are very

concerned about checking account

(DDA) fraud (check and debit card)

regardless of what they may be

using today for detection and

prevention. So why are bankers

so worried about DDA fraud?

Based on the Risk, Loss & Mitigation

Survey conducted by McKinsey, DDA

fraud results is an estimated at $5

billion to $7 billion (which I think is

actually understated) in losses annually

and is growing at 7 percent, which

represents two-thirds of the losses

with credit cards representing almost

all of the remaining.

It may be interesting to note that

credit cards are a much smaller

percentage perhaps because of

the use of sophisticated fraud

detection analytics covering 90

percent of the cards issued in the

U.S. Delivering more sophisticated

solutions correlates to decreasing,

or perhaps only shifting, losses and

there is a perceived gap by financial

institutions in their anti-fraud arsenal.

Bankers have every right to be worried

if you look at the signs from the 2007

ABA Deposit Account Fraud Survey.

by Erik Stein, CRP, AAP, CAMS

Erik Stein is Vice President for Solutions Architecture for Fraud and Compliance Solutions at Fiserv.

The United States is in an unprecedented economic crisis with every day seemingly bringing a new barrage of bad news. With increasing financial institution failures, the crisis has put the remaining institutions on the defensive focused on managing through liquidity issues, mounting credit losses, massive numbers of foreclosures, rising consumer unemployment, declining consumer confidence and slowing economic growth.

The focus of financial institutions, if I can generalize, is on survival rather than on business as usual. So where does that leave normal day-to-day operations such as fraud detection, prevention, investigation and mitigation: taking a back seat in this crisis. Fraud prevention and detection spending has always tended to be reactive to significant negative changes in fraud trends. This crisis won’t change the general belief that short of a drastic change in losses (which trails the actual increase

The Next Wave of Check Fraud: Are You Ready?


the incidence of SAR filings to the

reported ABA Deposit Account Fraud

Survey results during the corresponding

periods. In doing so we discover a

substantially smaller increase (as a

percentage over the prior period) in

SAR filings than in survey responses in

most periods. There may be a variety of

reasons for these disconnects but if we

focus on the final period, 2006, we find

a fairly strong correlation between SAR

filing increase and increasing losses.

This continues to add substantiation

to increasing check fraud levels even

before the current market turmoil.

In the same period that losses on

checks went up 43 percent as shown

in the ABA Deposit Account Fraud

Survey, check volume, according to the

Fed, went down by over 4 percent (see

Figure 3). With check usage expected

to continue to decline in future years,

the increasing incidence of check fraud

in a decreasing volume of checks is

indeed a worrying trend.

Be sure to read the next issue of

NetPractice Exchange to see what

you can do to prepare for The Next

Wave of Check Fraud.

Erik Stein is Vice President for Solutions Architecture for Fraud and Compliance Solutions at Fiserv, where his responsibilities include helping to guide product direction, positioning and configuration to meet the needs of more than 16,000

Fiserv clients around the globe. He also provides pre-sales consulting expertise and deep domain expertise across a variety of fraud disciplines. His background includes both broad and deep (more than 30 years) experience in retail banking managing operations, compliance and risk for financial institutions.

Change in Payment Volumes(in billions) 2003 2006 % Change

annual

Total Non-cash Payments 81.4 93.3 11.9

Checks 37.6 30.8 -4.1

Paper• 37.3 30.6 -6.7

ACH• 0.3 0.2 2.2

Debit Card 15.6 25.3 9.7

Signature• 10.3 16.0 5.7

PIN• 5.3 9.4 4.0

Credit Card 19.0 21.7 2.8

ACH 8.8 14.6 5.8

Debits• 4.2 8.6 4.5

Credits• 4.6 5.9 1.4

Source: Fed Payments Study, 2007

Figure 3: Change in Payment Types

Losses climbed 43 percent between 2003 and 2006 to $969 million, almost doubling from nine years ago (see Figure 1).

If we take a look again at the 2007 ABA Deposit Account Fraud Survey, we see that bankers have self-reported significant improvements over the survey years in loss avoidance, which is the amount of attempts that have been stopped. In the latest survey, survey participants showed that they stopped 92 percent of the fraud attempts (by value) (see Figure 2). One of the concerns should be whether bankers can actually improve on a 92 percent aversion rate. The higher the aversion rate becomes, the harder each successive aversion becomes.

It is important to look at the increasing attempt rate over the survey periods for some insights. Back in 2006, before the economic crisis, before the mega-mergers, before the shifting focus, the increase in fraud attempts between 2003 and 2006 was a whopping 122 percent. The trend was already showing significant upward momentum. While not directly correlative, it is interesting to compare

Source: ABA Deposit Account Fraud Survey Report, 2007

0

200

400

600

800

1000

1200

1997 1999 2001 2003 2006

512

679 698 677

969

Years

(in m

illion

s)

43%

Figure 1: Total U.S. Bank Check Fraud Losses

(in m

illion

s)

0

2,000

4,000

6,000

8,000

10,000

12,000

14,000

1997 1999 2001 2003 2006512 679 698 677 969679

15213533

4823

11,239

Years

92%

88%84%

69%57%

Avoidance %

■ Loss Avoidance■ Actual Losses

Source: ABA Deposit Account Fraud Survey Report, 2007

Figure 2: Loss Avoidance Rates


Depository Financial Institutions (ODFIs) will both be affected.

Depending on your role in the ACH process you will have to:

Establish a written OFAC compliance • policy for handling IAT transactions and meeting OFAC compliance obligations, if you are an RFDI.Train your staff on IAT changes, • educate your originators on their obligations under the rule, determine if you have originators that are currently originating international ACH transactions, and establish a written OFAC compliance policy, if you are an ODFI.

Gateway Operators

Any financial institution or ACH operator can be a gateway operator, which is a transaction’s entry point to or exit point from the United States. Under the IAT rule, gateway operators give a transaction the IAT code if they are entering or leaving the U.S. They must also screen international transactions against OFAC sanctions. However, if an ACH operator is acting as a gateway operator they have no

obligation to investigate possible hits. On the other hand, an ODFI acting as a gateway operator does have OFAC compliance duties.

OFAC Screening Indicators

Once the gateway operator screens the IAT, they have the option to fill in Field 10 of the corresponding transaction information called an OFAC screening indicator. If a “0” is in this field, this indicates that there has not been a hit and if it is filled with a “1” then this means that it is a possible OFAC hit. Field 11 is another OFAC screening indicator that can be used by a third party service provider.

It is important to note that NACHA guidance states that even if this field has been filled in by a gateway operator, the RDFI is still responsible for compliance with OFAC regulations — therefore it recommends screening the transaction even if there is a “0” in that field. Also, the compliance burden is still on the RDFI if they use a third party service provider to screen for OFAC, so it is in your institution’s best interest to ensure that your vendors are fully compliant with OFAC.

by Saskia Rietbroek, CAMS

If your financial institution is part of the Automated Clearing House (ACH) Network then you need to be prepared for a new rule regarding international ACH transactions (IAT). The IAT rule, passed by NACHA at the request of the Office of Foreign Assets Control and in accordance with the Paris-based Financial Action Task Force’s Special Recommendation VII on international wire transfers, changes the format in which international ACH transactions are sent. It mandates that all cross border transactions be labeled with a special code – IAT. NACHA says that this designation will help institutions in their OFAC compliance and money laundering duties by adding transparency to international transactions. It also orders that these transactions must include “travel rule” identifying information, even if they are under $3,000 — the current Bank Secrecy Act threshold.

How Will This Affect You?

Receiving Depository Financial Institutions (RDFIs) and Originating

New Rule on International ACH Transactions: How Will It Affect You?


SourcesInternational ACH Transaction (IAT) Frequently Asked Questions, Federal Reserve Financial Services http://www.frbservices.org/help/fedach_iat.html#a5• International ACH Transactions (IAT) Frequently Asked Questions, NACHA http://www.nacha.org/IAT_Industry_Information/docs/IAT%20FAQs%202%204%2009.pdf• IAT – Not Just Another SEC Code. Is your Organization Ready? NACHA http://prodevmedia.com/handouts/MPX/11.pdf•

Saskia Rietbroek is Financial Crime Advisor for Fraud and Compliance Solutions at Fiserv. From 2001-2005, she

was the founding Executive Director of the Association of Certified Anti-Money Laundering Specialists (ACAMS). She is partner at www.nomoneylaundering.com, and chairs the NetPractice Advisory Board.

Examples are:

Transactions involving foreign • financial institutions in jurisdictions with strict privacy and secrecy laws or those identified as high-riskDomestic transactions when the • merchant is based in a foreign country or that are initiated by an international messaging systemTransactions involving high dollar or • volume amountsTransaction on behalf of • originators located in a foreign high-risk jurisdictionTransactions originating without • face-to-face interactionCustomers generating a high • rate or volume of returns or unauthorized transactionsDuplicate or fraudulent • ACH transactionsTransactions not commensurate with • the business profile of the merchant Merchants that are classified as • higher risk for money laundering

When monitoring ACH transactions for suspicious activity it is important to keep these red flags in mind.

identified with the existing Standard Entry Class (SEC) codes such as PPD, CCD or CTX. However, in the future it may be appropriate to identify the entries with the IAT code based on the international ACH definition.Implement an OFAC policy • for both origination and receipt of IAT transactionsReview agreements with originators • and vendors to ensure IAT complianceCheck all originators against possible • IAT scenarios to determine if any of the scenarios cause your organization to become a gateway operatorTrain appropriate staff on • IAT requirementsAsk vendors if they are ready for IAT• Perform tests with vendors, • ACH operators, correspondent banks and customers

Money Laundering Indicators and Customer Due Diligence

In addition to compliance with the above mentioned rules, financial institutions should also realize that ACH transactions can be used in the layering and integration stages of money laundering. With ACH transactions there are few opportunities to review individual transactions for suspicious activity because they are highly automated, and often processed in batch mode. Because of this, the quality and amount of due diligence performed on customers (merchants) that utilize ACH transaction service becomes very important.

In line with the risk sensitive approach, the focus for monitoring transactions for money laundering control purposes, should be on transactions and merchants that are higher risk for money laundering.

Travel Rule

The other big change that the new NACHA IAT rule brings is the addition of the BSA “Travel Rule” information to these transactions. Currently this is only required for wire transfers over $3,000, but the new rule requires this information to accompany all IATs. The “travel rule” information is meant to help institutions in investigating possible suspicious transactions that may indicate money laundering or terrorist financing and includes this data:

Physical address and name of the • originator and beneficiaryOriginating bank, correspondent • bank, and receiving bank name, branch country code, and identification number

OFAC Compliance

It does not matter if you are an RDFI or an ODFI, your institution is still responsible for OFAC compliance. So are your third party service providers and respondent/correspondent banks. This means that they all must screen IATs against OFAC Specially Designated Nationals lists, which means review all parties and remittance data in the IAT transactions and review all parties to the return item transaction.

Making Sure You Are Ready

If you have not started preparing for IAT, you need to start. Here is a short list of tasks that will help you get ready:

Educate yourself with the IAT rules. • Currently, some of the international ACH entries within the ACH network look like domestic entries and are


Fraud and Compliance Outsourcing AML: The ASP Alternative

package for the customer (giving them the best technology functionality they need), and the second is ensuring the data can be organized and fed into the AML application in the right way.

The right package: Beware of the “vanilla” ASPs who state they cover all your AML technology needs at a very low price. All too often, their support for functional areas such as list matching, for example, is very limited.

Similarly, their detection techniques might be quite primitive, allowing support for rules-based detection, but being poor in other areas such as monitoring customer behavior, link analysis or dynamic profiling. The important thing is to go for an AML vendor with a modular offering so that you can pick and choose the functionality you need.

Organizing and importing the data: In many cases, banks just do not allow their data to be duplicated or placed outside their own security environment. This is often the main objection to looking at AML ASPs, but some alternatives do still exist.

Our experience of AML projects shows that one of the most critical factors is finding and mapping the data needed for AML detection. While data review projects are nothing new for most banks, AML projects routinely uncover new problems with the quality of the data. Banks will often find their customer data is incomplete or lacking, and the AML project is often one of the catalysts for the banks to get their data quality correct.

by Richard McCarthy

While most banks are not yet attracted to outsourcing their entire AML operations, the notion of outsourcing the AML technology needed to support their processes is proving far more attractive. With limited resources and the need to reduce operational costs, smaller banks in particular are looking at the Application Service Provider (ASP) alternative.

As banks have learned over the last few years, complying with laws such as the Bank Secrecy Act, USA Patriot Act, or laws issued under the 3rd EU Directive, can be a costly and time-consuming business. Hosted AML solutions appear attractive in their promise to deliver comprehensive AML and customer due diligence (CDD) solutions that cut costs while meeting regulatory requirements.

The Main Challenges

In many ways, the biggest challenge for hosted AML solutions is no different to in-house ones. The implementation of hundreds of AML projects at Fiserv has taught us a number of major technology lessons. The first is providing the right

An application service provider (ASP) is

a business that provides computer-based

services to customers over a network.

Software offered using an ASP model

is also sometimes called On-demand

software or software as a service (SaaS).

It is a model of software deployment

whereby a provider licenses an application

to customers for use as a service on

demand. SaaS software vendors may

host the application on their own web

servers or download the application to

the consumer device.

(Source: Wikipedia)


into Europe and Asia, and for AML outsourcing to become a viable alternative to in-house compliance projects. Several major financial institution outsourcing firms in the U.S., such as Fiserv, have acquired AML software vendors. They are well positioned to offer outsourced AML technology and services to their customers. These firms have hundreds of banking customers, and have strong credibility and trust from the banking world. New start-up companies are also now offering AML hosted services.

Acceptance of outsourcing AML technology and services is growing. Even major banks are outsourcing their AML technology, and a smaller number are beginning to outsource their compliance operations. The major objection appears to stem from data security issues among the banks concerning their accountability for a function over which they may cease to have day-to-day control. As more and more AML technology is hosted by ASPs, these objections, while still there, are diminishing.

For all the challenges and hurdles still to be faced in hosted AML solutions, it is clear that it has many benefits, including reducing operational costs. At a time of financial uncertainty for the banks, this in itself is a strong indicator that AML application service providers are here to stay and offer a viable alternative to in-house solutions.

4. Strong Data Integration: Look at the ways data can be entered into the AML application. If the vendor you are looking at is a major provider of outsourced and in-house core banking solutions, and you are already their customer, consider this a very strong plus. They will already be managing your data and will have the know-how of how best to get it into the AML application.

5. Reduced Complexity: Be cautious in selecting vendors who normally target tier-1 banks. Their offering and technology are often ill-suited to the needs of an ASP environment. Ensure the vendor has a modular product, allowing you to select just the modules you need. At a later stage you can buy additional modules when you need them.

6. Education: Ensure you are not left in the dark in knowing how to use the AML application you are being offered. Mature service providers should go as far as providing online help services not just about the products they promote, but on improving AML detection as a whole.

7. Best Practices: Look for a community of users that deploy the same AML package. Can you reach them to interchange experiences and challenges you are facing? Mature service providers will offer an on-line community portal where customers can attend webinars and exchange best practices.

Current Trends

The hosting of AML technology is increasing in popularity, especially in the U.S. Expect this to expand

The 7 Key Points to Look for In an AML Hosted Solution

1. Trust: Ultimately, it all boils down to trust, not technology. Ensure the service provider you are looking at clearly takes “risk management” very seriously. This should be reflected not only in the services and technology it offers, but in its product strategy, too. Find out if the vendor is a company that you can treat as a partner in helping you out beyond the first implementation project.

2. Proven: Look for a vendor with

a proven track record. Can the vendor provide evidence of having a number of AML ASP projects rolled out successfully? Can they provide references that you can contact? Is the vendor recognized by any of the analysts who advise on the best AML technology solutions? Is the vendor endorsed by other respected authorities?

3. Better Detection: Look at the detection capabilities of the AML technology they offer. Look for detection capabilities that extend beyond rules-based detection, and includes behavioral profiling, peer grouping, dynamic risk scoring, link analysis and watch-list filtering. All these detection capabilities help ensure you can reduce false positives and detect money laundering more efficiently

Richard McCarthy,

Vice President of

Product Marketing

at Fraud and

Compliance at Fiserv,

is responsible for the

strategic positioning

of Fraud and Compliance solutions. He is

Chairman of the Fraud and Compliance

Product Advisory Council (PAC) at Fiserv.

7 Key Points in an AML Hosted Solution


Identity Theft and Identity Fraud: How to Protect Your Financial Institution

How does identity theft occur?

There is a myriad of ways to obtain personal identification. This can range from very basic, well-used means to technologically advanced methods often left to the creativity and uniqueness of the criminal.

A few (very few) examples include:

Common or traditional methods • such as stealing a wallet or purse, taking mail or financial records from a mail box or trashPublic record websites which • house information such as drivers license information, professional certifications, real estate records,

divorce records, licensing informationInsider fraud can include removal of • customer and employee files by an employee with accessComputer hacking, such as trojans, • allows the criminal to take control of a user’s computer and monitor or search for personal informationFictitious jobs offers present a great • opportunity to which a job seeker provides personal information as well as employment history and salary Social networks are targets of • identity theft worms. When an infected friend sends a message or link to another contact in their network the worm is unknowingly attached and then searches the new computer for personal information that can be used in identity theft or fraud. The worm can be attached to every message or link and the

by Steven Schaeffer, CAMS

Steven Schaeffer is AVP Product Management,

Global Fraud Solutions for Fraud and

Compliance Solutions at Fiserv.

Identity theft and identity fraud sound

very similar in that no one wants to

be a victim and institutions want to

prevent both from happening in their

businesses. It is important to look at

the two categories individually in order

to develop strategies around how to

prevent and identify both situations.

Identity theft occurs when someone

wrongfully obtains another person’s

identifying information like name,

address, Social Security number,

date of birth or phone number

without permission. Identity fraud

is using wrongfully obtained identity

information as the means to conduct

fraud for economic gain.


Competencies in a Changing World of AMLNext-Generation Money Laundering: How to be Prepared

Law enforcement, regulatory efforts and anti-money laundering (AML) programs in fi nancial institutions have improved over the past years. These improvements, however, have been focusing mainly on transaction monitoring in the areas of retail and private banking. As a consequence other areas such as corporate fi nance, investment banking and credits are still vulnerable.

It is common practice to defi ne a strategy for commercial activities setting out the long-term objectives and determining how to achieve them. Over the past years, however, the AML approach has been rather reactive as a response to laws and regulations; it is still not that common to defi ne an AML strategy.

Criminal organizations can easily obtain knowledge about AML best practices and hence can use this knowledge effectively to improve their money laundering practices. These next-generation money launderers takes into account the transaction monitoring systems as well as publicly available indicators. As a result nowadays debts and credit instruments are moved from one company to another (preferably within tax optimization schemes), causing no or just one single unsuspicious transaction, bypassing all the existing transaction monitoring systems instead of various transfers of funds.

Prof. Dr. Eddy Vaassen RA

Maastricht UniversityThe Netherlands

Transaction activity: As transactions

pass through an account patterns are

established. Monitoring for deviations

is important to identify actions of

identity theft. For example, if we

see sudden increases in deposits

(new relationships) and subsequent

withdrawals the account may be in the

process of a take-over.

Non financial events: While analyzing

transaction activity is important,

monitoring non-financial activity

is also highly important (and often

overlooked). Events such as address

changes, card orders, location where

an account was opened, return mail,

death notifications, additional account

holder added, change of beneficiary,

are valuable pieces of information.

When non-financial activity and

transaction activity are monitored

together, identity theft patterns

become easier to identify.

Account level activity: Activities to

be concerned with include change of

ownership, new signers added, card

orders, return mail and PIN changes.

Customer level activity: Activities to

be concerned with include address

change, phone number change,

death notification and customer age.

Concerns identified at the customer

level will likely require review across all

accounts associated with the customer.

Conclusion

Identity theft continues to increase

each year. Financial institutions and

account holders comprise 71 percent

of all identity theft victimization. A

comprehensive fraud solution and

continued training of current and new

identity fraud trends are required in

the effort to protect institution and

client assets.

problem is perpetuated among trusted contacts.

How is identity fraud perpetrated after the identity theft occurs?

Once the identity is obtained there are a variety of methods to conduct identity fraud.

New checking account fraud:• The identify thief may open a new checking account and use it for a brief period of time for various types of fraud (deposit fraud, check kiting, Internet purchases, etc.)

Account takeover (existing account):• An existing customer’s account may be taken over by changing the address in order to prevent correspondence to the legitimate owner, providing a longer window of time to conduct fraud

Credit card fraud:• The victimized identity is used in the completion of credit card applications, with the card going to a new address

Deceased victim fraud:• The identification of deceased individuals is used to open accounts, cash bogus checks, cash stolen government checks, etc.

Loan application fraud:• Auto, personal, home, and home equity loans are pursued; when approved the merchandise or cash is quickly transferred to the identity thief

How can an institution protect itself and its customers from being victimized by identity theft?

A comprehensive approach requires monitoring of multiple types of transactions, activity at the account level and activity at the customer level. Next-Generation Continued on Page 20


NetPractice Advisory Board Member In the Spotlight

Since NetSpend was founded, we’ve processed over $12 billion in gross debit volume, so that is money fl owing through the cards. We have over 1 million active card holders.

We have a distribution network where people can buy cards at about 60,000 locations, and then we have an additional 30,000 locations where people can load their cards and make deposits to their accounts. It provides folks that are typically under banked, under-served, an ability to have a simple way to get into the traditional fi nancial systems, having electronic access to a bank account, having a savings account, and even free text messaging to help prevent folks from becoming a victim of identity theft. So if you spend something somewhere with our card, before you leave the store you can get a text message showing you the transaction you just completed. Our partners are mix of retailers and large grocery stores, where people can apply for a card account and add funds to their account.

Fiserv: To what extend does monitoring customer or card behavior provide better detection of possible AML or fraud at NetSpend?

Tom: Monitoring is one of the critical pillars of risk mitigation, along with knowing your customer and knowing your partner. It really helps us stay on top of everything. I get questions from regulators and law enforcement agents, saying you have over 90,000 locations, how do you mitigate risk? How can you prevent people from laundering money through your network, and what kind of oversight do you have? AML Manager from Fiserv helps us do that in a very cost-effective and effi cient way. We look at those transactions at every one of those locations using the tool’s profi ling capabilities. And it’s a really helpful tool

because it helps us to be able to stand in front of the regulators, saying, “We know what our customers are doing, we know what our distributors are doing.” And when we identify something unusual we have a process in place to address that, investigate that and fi le the appropriate report to the regulators.

Fiserv: To what extent are you improving effi ciency within your compliance department by leveraging workfl ow/case management and alert generation within AML Manager?

Tom: It’s been a tremendous help. Prior to implementing AML Manager our processes were manual, spreadsheets, and such. It was very challenging when an auditor would come in and wanted to look at what we had done relative to monitoring, referrals sent to banks, etc. And having a single solution to be able to generate alerts, monitor that activity, along with case management with an audit trail makes life easier for both the auditor and our team. People don’t have think about the process but can focus on the analysis and working the cases as opposed to keeping track of everything in spreadsheets. So that effi ciency is tremendous. As we have grown over the past years with 40 percent increase in transactions and number of card holders we’ve been able to maintain the same amount of resources because of the effi ciencies from the tool.

Fiserv: Can you tell us more about how you are using AML Manager in risk areas beyond money laundering, such as fraud prevention?

Tom: I believe that AML and fraud are one and the same animal. We are looking at suspicious activity. The underlying activity can be generated by laundering, could be terrorist fi nancing or fraud. So by having that focus and

Thomas J. Firnhaber recently joined the NetPractice Advisory Board. Tom is Director of Compliance of NetSpend Corporation in Austin, TX. Before joining NetSpend, he was Senior Regulatory Compliance Specialist at FinCEN and Enforcement Advisor at the Offi ce of Technical Assistance of the U.S. Treasury.

Interview with Tom Firnhaber

Mr. Firnhaber is responsible for the development and implementation of NetSpend’s compliance strategy and managing all aspects of the BSA/AML compliance program. Additionally he manages enterprise wide compliance with state, federal and association regulations and requirements. He is also responsible for management of Risk and Compliance activities with NetSpend partners and distributors.

Mr. Firnhaber has more than 20 years’ experience in banking and fi nancial services. He joined NetSpend from the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN), where he was senior regulatory compliance policy advisor, with responsibility for ensuring that the industries within the FinCEN’s jurisdiction, such as depository institutions and money services businesses, understand and comply with Bank Secrecy Act (BSA) and U.S. Patriot Act requirements.

Fiserv: Please tell us what products and services NetSpend provides?

Tom: We are the largest market distributor and processor of prepaid debit cards in the country.


been helpful in reducing the number of false

positives. It’s cost avoidance, and well worth the

investment that we’ve made.

Fiserv: Can you tell us how you managed

to take advantage of the fl exibility of the

Fiserv AML Manager?

Tom: At NetSpend, we have a lot of expertise,

we have a lot of insight into what our customers

do. Remember, we are also a processor for the

issuing bank. We have business knowledge from

all that data, and we can fi ne-tune and develop

detection scenarios within the AML Manager

tool that address our customers and the nature

of their transactions very well. It helps us drill

down in such a way that we can effi ciently

monitor and eliminate false positives. We have

all the data that comes in, we can take that

knowledge and tweak our controls and make

them systemic and that way we don’t have rely

on the potential for human error. It’s been a

great tool.

A cross-functional team made up of IT, analytics

and investigators was able to create rules, fi ne-

tune them and push the limit of what the tool

was intended do, in a very good way. We were

able to adapt the tool to our circumstances,

which were unique compared to a lot of the

traditional fi nancial institutions, because we

have such a large network of distributors, where

we acquire new customers, and places where

people can reload their cards. And the tool

gave us that fl exibility to tailor to the different

channels, if you will, different characteristics,

the different customer activity, and the purpose

of the card, etc.

The video of the interview, conducted on March

17, 2009, in Hollywood, FL, can be downloaded

at http://www.netpractice.org/Netspend.aspx.

environment. We are basically the agents of the banks. We do risk mitigation and compliance and AML prevention, etc., on behalf of our issuing banks. So they have outsourced it. But they are still on the hook for mistakes that we make or things that we fail to catch.

I have the confi dence that the tool allows us to catch things; they won’t fall through the cracks. I am able to fi ne-tune and tweak it in response to changing circumstances, customer activity, different markets we go into. We probably have four or fi ve different channels, which have unique characteristics of customer activity, behavior and distributor behavior.

So for example, we’re in a payroll lending channel, the activity there is much different than, let’s say, a retail channel or grocery store, where it is more transactional, less interaction with the customer and clerk, than when they go into a cash checking shop. What the product really allows me to do is not to depend on the distributor to mitigate the risk. This adds a comfort level that I don’t have to rely on someone else, in a location where I don’t have the oversight. There are 90,000 locations, and there is a lot of turnover. If I had to rely on them to try to detect suspicious activity I don’t think we would be successful as we are and be able expand to so many locations. Because, again, I have a very good comfort level and look at the results of the analysis.

We’ve implemented Fiserv’s peer group analysis module with our distributors, which has been a fabulous tool. Using peer group analysis we have taken our 90,000 locations, broken up our distributor network by channel, and then down to the ZIP code level within that channel. So it allows us to compare the activity of like things in like areas to look for anomalous activity. It’s

not limiting ourselves to assuming what the transaction might be before we investigate, I think helps us catch things that others might not. The tool is an excellent way to identify the activity and helps us determine what the underlying crime might be.

Fiserv: How easy was it for you to use your existing investment in the AML solution from Fiserv and use it for fraud prevention?

Tom: It was no extra effort at all. We look at unusual or suspicious activity. It is a matter of knowing our business, our customers, employees and such and looking at different transactions. We don’t necessarily know if its fraud or laundering when we fi rst look at the transactions, we see something unusual. That is not normal for that customer, for that partner, for that employee. So it’s been very easy to take it and analyze the transactions, and now we have implemented a system that generates an alert based on velocity of all our transactions, so whether it’s cash deposits, person-to-person transfers, adjustments made by our customer service agents.

It is a very valuable tool, and again because of the case management capability it allows us to have an internal monitoring process based on the workfl ow that comes out of there. And it’s been very helpful. We’ve gotten compliments from the auditors, who have been impressed by how we have taken a tool such as yours, which was conceived as a tool for use in a typical bank model and have adapted it for use in our distributed fi nancial services model.

Fiserv: Can you tell us how you reaped a good Return on Investment with the solution?

Tom: One of the biggest benefi ts is the cost avoidance. We are in a heavily regulated

Whether we like it or not, we are short of the mark in trying to detect financial crime. As we learn more about how these fraud cases were carried out, it is becoming increasingly clear to the financial organizations, the regulators and the public that financial crime is becoming increasingly complex, often involving new types of criminals, new payment methods and new technology.

What Is Being Done About It

Fraud and money laundering are the two most common types of crime seen within the financial services sector. Financial crime and compliance requirements are very high on the board-level agenda, and approaches such as taking a risk-based approach to tackling fraud and money-laundering is helping. Even formerly silo-based point-solution approaches to tackling fraud are beginning to change. While the norm is to have a multitude of anti-fraud and anti-money laundering systems in place, across many business units, a growing number are looking at financial crime management systems to help banks take a more panoramic approach to fighting fraud. Retail banks, in particular, are increasingly integrating their IT systems as separate divisions come together to take on financial crime.

The Need to Reduce Costs

Yet fighting financial crime comes at a cost, and it may not surprise some of us to learn that this is proving the catalyst to bring about the much needed change to fight crime. As banks look at ways to reduce operational costs, they are taking a further look at the well-known overlap and duplication of data, tasks and processes in their anti-fraud and anti-money laundering divisions.

The cost savings that can be achieved by centralizing anti-fraud and anti-crime efforts is big, as is the demand for the financial crime technology to support it. For this reason Chartis, an independent analyst firm, predicts the global market for financial crime risk management technology to grow to $3.75 billion by 2012 — a compound annual growth rate of 13.1 percent.

The Emergence of Financial Crime Technology Solutions

Today, there are analyst reports from Datamonitor to Chartis comparing and looking at the financial crime technology vendors supporting this market. We are naturally pleased to see Fiserv included in all of these reports. Yet one should not expect banks to

As fi nancial crime becomes a bigger issue, Richard McCarthy takes a look at where we are today, and predicts where we will be with the technology we use to fi ght fi nancial crime.

Financial Crime Is Up

Financial crime is rampant at the moment! The Madoff scandal where billions were lost through fraudulent Ponzi schemes, the fraud charges against the cricketing tycoon Allen Stanford by U.S. regulators, and the billions lost at Societe Generale through rogue trading — these are just some of the better known cases of financial crime, but there are many more. The Association for Financial Professionals (AFP) recently reported that payments fraud is rampant in U.S. organizations, with over 70 percent of U.S. firms victims of attempted or actual payments fraud in 2008. Figures in Europe look equally grim, with the U.K.’s fraud prevention service, Cifas, suggesting that the country saw a 16 percent increase in cases of fraud in 2008. This is likely to get worse before it improves. The current financial crisis and global recession is likely to exacerbate the situation, with the frequency of internal fraud almost certain, and security breaches and false accounting on the rise.

The Emergence of Financial Crime Management Technology



My Prediction

I recommend and predict that best-

practice financial crime management

processes and technology will

consolidate into a small number of

keystone applications acting as one

integrated platform. The technology

platform will need to cover multiple

types of crime and handle both real-

time as well as batch-oriented data

analysis needs. Expect predictive

analytics to come to the forefront

as the ability to fight financial crime

proactively (rather than after the

event) becomes increasingly possible.

Ultimately, the financial crime platform

will form part of an enterprise-risk

management system providing a total

risk management dashboard.

not increase the number of rows to be scanned, there is a risk of false negatives. You could set the number of rows to be scanned for example to 50,000 and your alert defi nitions will work correctly. However, as to performance this is not very effi cient.

A better solution in a situation like this is to use a rule of the ‘Add risk view condition’ type. If you use a parameter for the account type, a single rule defi nition will suffi ce, but what is more important, you can keep the number of rows to be scanned much lower. When you use the rule in the alert defi nition for private accounts, the risk view will be executed with the added clause that selects only private accounts and all business accounts will be ignored.

flexibility are the key here. They need to work with what they already have rather than start from scratch.

As the resources get scarce and the technology more complex, the other alternative that banks are considering is to out-source the technology. Many banks do not want to outsource their AML or anti-fraud processes yet, but out-sourcing the technology and the support of it is a different matter. In either scenario, Fiserv is well placed. In addition to providing an enterprise financial crime solution focusing on AML, internal fraud, multi-channel fraud and check fraud, Fiserv has established a strong reputation as a major financial institution outsourcing solutions to financial firms, especially in the U.S.

accounts, and for cash transactions over EUR/U.S. 5,000 in one day for private accounts. This requires two alert defi nitions, each with a different rule to select the account type. These can be rules of either the ‘Evaluate row by row’ type or the ‘Add risk view condition’ type.

Suppose you create rules of the ‘Evaluate row by row’ type for both alert defi nitions. All rows in the result set of the risk view will then be evaluated. However, because large cash transactions are much more common on business accounts than on private accounts, it is very well possible that, say, the fi rst 1000 results in the risk view contain 990 business accounts, of which some will be alerted, and only 10 private accounts. Consequently, if you do

invest in totally new solutions. Instead, they are more likely to re-invest in what they have already. For financial institutions wanting an in-house solution, they will certainly be looking for a financial crime platform to glue the different applications and data sources together, but it will be a case of evolution rather than revolution. Step by step, they will first focus on what is the most easily attainable. If this is successful, they will then broaden to other areas.

In one customer site, they are using the Case Management tool from Fiserv as the cement to audit and manage all cases together using two or more different alert generation tools from different vendors. Openness and

Featured Functionality: AML Manager ‘Add Risk View Condition’

In this section, we highlight a particular functionality of one of a Fraud and Compliance product from Fiserv, and explain how to use it. In AML Manager solution, version 4.1.3 Service Release 5, a new rule type has been introduced called ‘Add risk view condition.’ Rules of this type enable the possibility to segment alerts, for example, by business type. This will particularly benefi t fi nancial institutions that store the data of multiple business lines in a single database.

A rule of type ‘Add risk view condition’ is used to specify further criteria for the risk view (detection scenario) underlying the alert defi nition. The conditions specifi ed in the rule are added to the WHERE clause of the risk view statement before it is executed.

Suppose that you want to use the Overview Cash risk view to generate alerts for cash transactions over EUR/U.S. 20,000 in one day for business Example of an alert rule of the type ‘Add risk view condition’


example by means of a SWIFT MT202 message, the payment order to be “covered” as the interbank obligation to settle has been created by the instruction to effect the payment.Such a cover payment chain is used in correspondent and clearing operations. The settlement is often accomplished through the originator’s intermediary correspondent bank in the country for which the payment is the national currency. Advantages of this cover payment chain for banks are avoidance of delays associated with differences in time zones between the originating and the beneficiary banks and reducing the costs of commercial transactions.

However messaging standards are lacking full transparency for intermediary banks on the payment orders they facilitate to be executed. Within a cover payment chain the cover intermediary banks do not necessarily see the information sent to the beneficiary bank. Information about the originating bank’s and the beneficiary bank’s customers is often not contained within messaging formats used to settle the interbank payment but the information is included within the instruction.

The risk is that such a cover payment chain could be chosen on purpose to conceal the names of parties to a transaction. For a cover intermediary bank the risk is not being compliant with watch list requirements on blocking, rejecting or freezing of assets of designated individuals or entities and a risk of having an ineffective suspicious activity monitoring process in place.

By means of enhancing transparency in international wire transfers, banks will have greater insight into the parties within the international wire transfers and therefore better able to understand possible risks associated with the underlying transfers, helping them to ensure they are not engaged in transactions related to entities involved in criminal activity.

Transparency Standards and the Responsibility of Cover Intermediary Banks

The Basel BCBS consultative document includes basic transparency standards:

Appropriate information should be • included in payment messages as described in this document.

Introduction

In July 2008 the Basel Committee on Banking Supervision (BCBS) published a paper for consultation on transparency regarding cover payment messages related to cross-border wire transfers. Representative organizations within the banking industry have expressed their serious concerns on the proposed standards. In particular concerns have been expressed with regard to the supervisory expectations on the role of cover intermediary financial institutions in monitoring (“policing”) messages.

Money Laundering Risks with Cover Payments

Cover payments are used by a bank to facilitate funds transfers on behalf of a customer (the originator) to a beneficiary in another country. When the originator’s and beneficiary’s banks are not having a relationship to settle with each other directly, the originator’s bank may instead directly instruct the beneficiary’s bank to effect the payment order, for example by means of a SWIFT MT103 message. On parallel the originator’s bank advises through a separate channel, for

Cover Payment Messages in Cross Border Wire Transfers: Will Intermediary Banks Carry the Burden of Necessary AML Investments?


Conclusion

Due diligence and increased transparency in cover payment messages related to cross-border wire transfers is without doubt an important initiative by the Basel Committee, as it will enhance future effectiveness of global money laundering controls. However, the industry’s reaction to the Committee’s consultative document is fierce. Some expectations are regarded unnecessary and may place an additional burden on the banking industry. The industry says in particular that it’s not the cover intermediary banks but rather originator banks that are in the best position in the cover payment chain to ensure compliance with the enhanced transparency requirements.

The Basel Committee document’s period for comment ended September 2008. A final version of the document has not yet been issued.

Group and the Clearing House

(“the industry”) have expressed a

number of serious concerns. They

say that certain statements go far

beyond the purpose of promotion

of transparency in an as-simple-as-

possible and straightforwardly feasible

way. The industry also thinks that

some monitoring requirements are

considered not technically feasible

and would seriously interfere

with an efficient processing

of international payments.

Other concerns are the need for

clarifying guidance on responsibilities

for “monitoring against lists of names.”

The explicit statement that such

controls with regard to monitoring

against lists of names “cannot be

risk-based” goes against U.S. Federal

Financial Institutions Examination

Council (FFIEC) examination guidance

on a risk-based Office of Foreign Assets

Control (OFAC) compliance program.

Financial institutions should not omit, delete or alter information in payment messages, for the purpose of avoiding detection of that information by any other financial institution in the payment process.Financial institutions should not use • any particular payment message for the purpose of avoiding detection of information by any other financial institution in the payment process.Subject to all applicable laws, • financial institutions should cooperate as fully as practicable with other financial institutions in the payment process when requested to provide information about the parties involved.Financial institutions should take into • account in their correspondent bank relationship the transparency practices of their correspondents.

This enhanced payment message format will include information about the parties involved in the underlying funds transfers that was included in the instructions sent to the beneficiaries’ banks. The roles and responsibilities of banks, and in particular of cover intermediary banks, are related to monitoring:

Whether the information is present • in messagesFor suspicious activities• Against lists of names• Of the correspondent relationship •

Banking Industry Response

Industry groups such as the American Bankers Association, The Wolfsberg

SourcesWolfsberg WG-NYCH Statement on Payment Message Standards of April 19, 2007. http://www.wolfsberg-principles.com/pdf/WG-NYCH_Statement_on_Payment_Message_• Standards_April-19-2007.pdfABA Comment Letter of September 15, 2008. http://www.aba.com/NR/rdonlyres/DC65CE12-B1C7-11D4-AB4A-00508B95258D/55409/BaselLtr_15Sept08.pdf• Joint Clearing House, Wolfsberg Group comment letter of September 12, 2008. http://www.theclearinghouse.org/reference/comment_letters/2008cl/035225.pdf•

Correspondent of Originator’s

Bank

Correspondent of Beneficiary’s

Bank

Originator’s Bank

Beneficiary’s Bank

Originator Beneficiary

Bank-to-Bank Funds Transfer

Customer Payment Instructions

Fedwire, CHIPS or SWIFT Message

SWIFT MT202, proprietary system message (if affliliated), Telex, fax or

other electronic means

SWIFT MT910/MT950 or other message advising of credit transfer

SWIFT MT103, Telex, fax or other electronic means



in calendar year 2008. The 2009 INCSR

identified money laundering priority

jurisdictions and countries using a

classification system that consists of

three different categories:

Jurisdictions of Primary Concern •

(listed 60 jurisdictions)

Jurisdictions of Concern (listed 68)•

Other Jurisdictions Monitored •

(listed 77)

Within the 2009 INCSR report

jurisdictions of primary concern are

those countries whose financial

institutions engage in currency

transactions involving significant

amounts of proceeds from international

narcotics trafficking and serious crime.

It is not based on an assessment of the

country or jurisdiction’s legal framework

to combat money laundering, its role

in the terrorist financing problem or

the degree of its cooperation in the

international fight against money

laundering, including terrorist financing.

Therefore, the list of 60 countries of

primary money laundering concern

contains for example 17 countries

located within the European region.

New countries moving to this category

of primary concern, previously

identified as jurisdictions of concern,

are Bolivia, Guinea-Bissau and

Zimbabwe. Changes with regard to

a jurisdiction’s designation in level of

concern may cause financial institutions

to adjust transaction monitoring risk

configuration parameters.

Mortgage Loan Fraud Connections with Other Financial CrimeAn Evaluation of Suspicious Activity Reports Filed By Money Services Businesses, Securities and Futures Firms, Insurance Companies and Casinos

http://www.fincen.gov:80/news_room/nr/html/20090316.html

http://www.fincen.gov/news_room/rp/files/mortgage_fraud.pdf

This FinCEN March 2009 study examines the activities of a group of individuals and organizations reported in depository institution SARs (SAR-DIs) for suspected mortgage loan fraud (“MLF subjects”) and identifies patterns of activities associated with these MLF subjects by evaluating three other types of SARs:

Those filed by money services • businesses (SAR-MSBs)Securities brokers, securities • dealers, or insurance companies (SAR-SFs)Casinos or card clubs (SAR-Cs)•

The purpose of this study is to better understand the relationship between mortgage loan fraud and other financial crime and to identify ways in which financial crime extends through multiple financial industries. For depository institutions like credit unions, this report provides further context in the experiences across the financial industry as a whole. This most recent report aims to provide

Fiserv White Paper “Financial Crime Outlook 2009” and On-Demand Video “How to Efficiently Manage Money Laundering Risk with Slashed Budgets”

In February Fiserv issued its white paper called “Financial Crime Outlook 2009: What to Expect in a New Political Season with a Financial Sector in Crisis, an Economy in Recession and a Regulatory System in Need for Reform.” With a new administration, a recession and financial sector in crisis, there are many questions regarding compliance priorities. Will there be a regulatory agency reform and if so, what does that mean? Should anti-money laundering and fraud prevention efforts take a back seat to handling the credit crisis? How can financial institutions be more effective in mitigating the risk with reduced compliance budgets?

This 19-page white paper addresses these issues. The free white paper and on-demand video can be downloaded at www.netpractice.fiserv.com.

2009 INCSR Report

http://www.state.gov/p/inl/rls/nrcrpt/2009/vol2/index.htm

The 2009 International Narcotics Control Strategy Report (INCSR) was released on February 27, 2009. This report is an annual report by the U.S. Department of State. It describes the efforts of key countries to attack all aspects of the international drug trade

Hot Docs and Downloads


an institution to create a separate summary document, crafted carefully within for example a line of business to avoid revealing the existence of a SAR itself and therefore making it easier to exchange critical but sensitive information between separate corporate organizational structures. The comment period on the notice of proposed rulemaking and of the proposed guidance is until June 8, 2009.

U.K. FSA 2008 Financial Crime Stakeholder Research

http://www.fsa.gov.uk/pubs/other/perceptions.pdf

The U.K. Financial Services Authority (FSA) released in January 2009 a follow-up survey to assess its views on financial crime, current policy and practice, and the effectiveness of the FSA in meeting its statutory objective. This research focused on the financial crime components money laundering and fraud. A selection of main findings:

U.S. FinCEN Proposes Rule and Guidance on Sharing Internally SAR-Related Information

http://www.fincen.gov/news_room/nr/html/20090303.html

On March 3, 2009, the U.S. Financial Crimes Enforcement Network (FinCEN) submitted a proposal to permit certain financial institutions to share SARs (Suspicious Activity Reports) within a corporate organizational structure. The proposal contains revised rules and a new guidance that will ensure appropriate sharing of critical information while safeguarding confidentiality of an institution’s sensitive information.

SAR sharing of information helps financial institutions to assess risks based on information with regard to suspicious transactions taking place through other affiliates or lines of business within its corporate organizational structures. It also eliminates the current need for

Financial Crime News from Around the World

new insights as to how a variety of

businesses besides lending institutions

can play a role in the discovery of

potential fraud.

FinCEN Report on Impact of Rule that Required EDD of Accounts of Certain Foreign Banks

http://www.fincen.gov/news_room/rp/

files/Special_Due_Diligence_Program.pdf

This March 2009 report looks at the

impact of final rules concerning Special

Due Diligence Programs for Certain

Foreign Accounts, which implement

Section 312 of Title III of the U.S. Patriot

Act. On August 9, 2007, FinCEN issued

a Final Rule (2007 Rule) implementing

the enhanced due diligence (EDD)

provisions of Section 312, requiring that

covered financial institutions apply risk-

based procedures to the accounts of

three categories of foreign banks.

The 2007 Rule supplemented the

Special Due Diligence Final Rule

published on January 4, 2006

(2006 Rule), which implemented

due diligence requirements for

correspondent accounts for foreign

financial institutions. This analysis

sought to provide an initial indication as

to whether the Special Due Diligence

provisions adopted through the

2006 and 2007 Rules appear to be

achieving their intended results. The

conclusions are that the Special Due

Diligence requirements of the 2006

and 2007 Rules (with respect to EDD)

appear as a general matter to have

been understood by covered financial

institutions, and initial indications

showed financial institutions generally

implementing them as intended. The

information received from industry,

regulators and SAR filings is consistent

with expectations for a risk-based

approach to BSA compliance.

The only trace of these movements is formed by the various (loan) contracts transferring or setting off debts and credit instruments between shell companies. In order to address future money laundering attempts we need strategic thinking, including the identifi cation of future laundering threats and planning of the related mitigation activities. Knowledge sharing between fi nancial services industry, regulators, law enforcement and tool vendors is needed as well.

Changes in the current AML profession and AML programs in fi nancial institutions are required, too. AML procedures should be implemented as well for those activities not directly executed by retail or private banking. Knowledge about corporate structures for tax optimization and the ability to understand complex, legal contracts is key and must be developed. Change of concept from “AML offi cer” to a multidisciplinary “AML team” is a realistic and unavoidable scenario in this regard.

The required multidisciplinary approach of next-generation AML should be embedded in the educational programs for the next-generation AML professionals. The Master Class AML, a cooperation between Association of Certifi ed Anti-Money Laundering Specialists (ACAMS) and the University of Maastricht Business School (UMBS) in the Netherlands, is one of the initiatives to respond to the evolution in AML education needs. A multidisciplinary approach, applying academic principles and engaging lecturers with proven track records in their fi eld of expertise are the core elements of this Master Class in preparing participants for their Certifi ed Anti-Money Laundering Specialist (CAMS) certifi cation exam.

For more information, please visit: http://www.fdewb.unimaas.nl/UMBS/aml/

anti-corruption standards. The scope of GRECO’s membership stands at 45 European States and the United States of America.

G-20 and OECD Crackdown on Tax Havens

http://www.oecd.org/dataoecd/38/14/42497950.pdf

World leaders at the April G-20 summit in London agreed to take action against non-cooperative jurisdictions, including tax havens. “We stand ready to deploy sanctions to protect our public finances and financial systems. The era of banking secrecy is over,” the G-20 communique said. On that same note, on April 2, the Organisation for Economic Co-operation and Development (OECD) put several countries including Costa Rica, Malaysia and the Philippines on its blacklist of non-cooperative tax havens.

A “grey list”’ of countries that have agreed to improve transparency standards but have not yet substantially implemented the necessary international agreements included Austria, Bahamas, Cayman Islands, Luxembourg, Liechtenstein, Monaco, Singapore and Switzerland.

According to international press reports, Luxembourg Prime Minister Jean-Claude Juncker asked leaders of other EU member states to challenge the United States for tolerating its own tax havens of Delaware, Nevada and Wyoming. Those states are popular locations for incorporating businesses, in large part because of their tax advantages. The U.S. Virgin Islands are also known for their tax benefits. There have been growing concerns that so-called tax havens have substantially contributed to the global economic crisis that is still unraveling.

Many large and small firms believe • that financial crime is increasing. Likewise, the tackling of financial crime is increasing in priority at all firms, but particularly large firms.The majority of large firms, • particularly retail, have made significant changes to financial crime processes and are investing in resources to facilitate this. This is reflected in the increased priority given to financial crime issues by their senior management.In terms of specific aspects of • financial crime, dealing with data security and ID theft is increasing in priority across all firm types.As regards the consequences of • financial crime, financial loss to clients was the most common concern for firms. Firms continue to view financial loss to their clients as a greater concern than financial loss to themselves.

GRECO General Activity2008 Report

http://www.coe.int/t/dghl/monitoring/greco/documents/2009/Greco(2009)1_ActRep2008_EN.pdf

The Group of States against Corruption (GRECO) published on March 26, 2009, its 9th General Activity Report (2008). The report contains a featured article on the independent monitoring of party funding. The article focuses on the role of supervisory bodies in identifying, monitoring and addressing corruption in political financing and stresses that many states lack effective monitoring and enforcement mechanisms. The relationship between political financing and corruption has been a long-standing area of concern for countries around the world. GRECO was established in 1999 by the Council of Europe to monitor States’ compliance with the organization’s

Next-Generation Continued from Page 11


NetPractice ExchangeThis magazine is published three times per year and is a publication by Fiserv for NetPractice members and others interested in NetPractice or Fraud and Compliance Solutions.

10 Reasons to Join NetPractice: A chance to interact with other AML and fraud detection experts NetPractice is a highly specialized service that focuses on the specifi c needs of one niche group: fi nancial crime professionals who work with Fraud and Compliance Solutions technology from Fiserv. NetPractice’s value and advantage lie in its focused best-practice information, its dedicated services and its commitment to enriching the professional lives of its members. NetPractice combines our technology with the human element, an online user community to enrich the professional development, learning, connectivity and the professional lives of the members through the sharing of knowledge.

Calendar of Events

Poll Question and Results

How frequently do you update country risk profiles for purposes of monitoring for suspicious activity?

Once per month ......24%

Once per quarter .....44%

Once per year ..........32%

Our next poll question is:

With what percentage has your financial institution’s AML/fraud detection budget been cut because of the recession?

Cast your vote at:www.netpractice.fiserv.com.

24%Once per month

44%Once per quarter

32%Once per year

NetPractice Advisory BoardFlorisela Bentoera, CAMS, Manager Compliance and AML Operations, RBTT Dutch Caribbean, Curacao, Netherlands Antilles

Tom Firnhaber, Director of Compliance, NetSpend, Austin, TX, USA

Deborah King, CAMS, VP Director AML Investigations, Citizens Financial Group, Medfort, MA, USA

Saskia Rietbroek, CAMS, Financial Crime Advisor, Fiserv Fraud and Compliance, Miami, FL, USA (Chair)

Cindy Shelton Ryan, CAMS, Compliance Offi cer, Bank-Fund Staff Federal Credit Union, Washington D.C., USA

Aleksejs Truhans, IT Development, Parex Banka, Latvia

NetPractice StaffDirector: Stanley Harmsen van der Vliet, CAMS

Marketing Coordinator: Roos Goosen

NetPracticeUnited States of America255 Fiserv Drive Brookfi eld, WI 53045Phone: +1 262-879-5000 Toll Free: +1 800-872-7882 Fax: +1 262-879-5013

EuropeLoire 200-2022491 AM, The Hague The Netherlands Tel: +31 70 452 5448Fax: +31 70 452 5444

netpractice@fi serv.comwww.netpractice.fi serv.com

This newsletter is for general information purposes only. The views expressed in this newsletter are not necessarily those of Fiserv, Inc. Fiserv has taken all reasonable measures to ensure that the material contained in this newsletter is correct. However, Fiserv offers no warranty and accepts no responsibility for the accuracy or the completeness of the material. In publishing this newsletter, neither the authors nor Fiserv are engaged in rendering legal or other professional advice.

Fiserv is a registered trademark. Other products referenced in this material may be trademarks or registered trademarks of their respective companies.

© 2009 Fiserv, Inc. or its affi liates.

Not a NetPractice member yet?

NetPractice is an online Fraud and Compliance Solutions user community that develops, delivers and supports innovative services and resources that helps its members improve the way they control the risks associated with fi nancial crime management and compliance initiatives.

To become a member, please visit www.netpractice.fi serv.com.

Get immediate online access to 5. dedicated tools and resources to enhance performance, streamline processes and reduce costsEnhance your anti-money laundering and 6. fraud investigation skills so you can take yourself to a new professional levelGet continuous access to an international 7. network of other users of our solutions to ensure up-to-date knowledge and expertise in using monitoring techniquesReceive insight into the latest anti-money 8. laundering and anti-fraud initiatives

Get involved! NetPractice is a rewarding 9. way for you to share your expertise while meeting new people and making new contacts around the worldGet ACAMS continuing education credits 10. for selected NetPractice webinars

Online member community of thousands of 1. peers using Fiserv Fraud and Compliance solutions for fast real-world problem-solving and idea sharingWatch online videos with step-by-step 2. instructions about how to best use our solutionsReceive monthly training on solutions, 3. compliance strategies and fi nancial crimeReceive NetPractice Exchange: a print 4. newsletter with thought leadership articles, news and best-practice techniques for improved risk detection and management

NetPractice Exchange July August 2009 Page i Volume 3 Number 2


Event

Fiserv Fraud and Compliance Webinar: “How to Effi ciency Manage Money Laundering Risk

with Slashed Budgets”

American Bankers Association Regulatory Compliance Conference

Fiserv Fraud and Compliance Client Conference 2009

7th Annual Money Laundering and Financial Crime Conference

20th Annual ACFE Fraud Conference

Fiserv Fraud and Compliance Webinar: “ATM and ACH Fraud”

8th Annual International ACAMS Conference

AFP National Convention

American Bankers Association Money Laundering Enforcement Conference

Location/Website


Orlando, Floridawww.aba.com/Events/RCC.htm

Amsterdam, The Netherlandswww.netpractice.fi serv.com/user_

group_event_2009.aspx

London, United Kingdomwww.cityandfi nancial.com

Las Vegas, Nevadawww.fraudconference.com


Las Vegas, Nevadawww.acams.org

San Francisco, Californiawww.afponline.org

Washington, D.C.www.aba.com/Events/MLE.htm

Date

June 3, 2009

June 7 – 10, 2009

June 10 – 11, 2009

July 5, 2009

July 12 – 17, 2009

July 30, 2009

September 30 – October 2, 2009

October 4 – 7, 2009

October 11 – 13, 2009

NetPractice Exchange Fraud and Compliance Best Practice Community from Fiserv

July August 2009Volume 3 Number 2

Cover Payment Messages in Cross Border Wire TransfersWill Intermediary Banks Carry the Burden of Necessary AML Investments?Page 16

The Next Wave of Check Fraud: Are You READY?Page 4

+1 800-872-7882+1 [email protected]

+31 70 452 [email protected] www.netpractice.fiserv.com.

Fiserv is a registered trademark. Other products referenced in this material may be trademarks or registered trademarks of their respective companies.© 2009 Fiserv, Inc. or its affiliates. 1-73-9-MS FIS Fraud & Compliance July/August 2009 NetPractice.

Fiserv, Inc.255 Fiserv DriveBrookfield, WI 53045

NetPractice Exchange Vol 3 Nr 3

Documents

Transcript of NetPractice Exchange Vol 3 Nr 3