Technology and digitalisation is helping lots of businesses grow especially in this times that we find ourselves (Covid-19 times) as people can still perform their business without physically going to the shop or bank. At the click of a button, financial transactions are effected. Financial institutions are finding innovative ways to offer their products and services to their customers without these customers coming to the banking halls. One of such innovations is the Remote Deposit Capture (RDC), which comes in various forms. RDC is one of the fastest growing trends in banking technology, as it allows customers the convenience of depositing money from any location with a scanner, computer and internet connection. But all these technology and digitalisation are also increasing the risk of money laundering and terrorist financing.
The objective of this article is to throw more light on how the RDC works, how it could be exploited by criminals and how its vulnerabilities can be reduced, if not eliminated.
RDC is a method or process of allowing bank customers to submit cheques meant for deposit in their bank account electronically by scanning the images of the cheque. That is allowing customer to deposit cheques at remote locations, usually from the customers’ offices electronically, for virtually instant credit to their account. This provides convenience to the customer. The financial institutions provide their customers with an electronic device for the purpose of the scanning and transmitting of the cheques. Some financial institutions also set up digital centres where their customers can go and perform RDC. Another version of the RDC is the deposit taking Automated Teller Machines (ATM), where customers can use to deposit money 24/7. Some financial institutions offer optional Automated Clearing House (ACH) conversion and clearing in combination with the RDC service.
Customers (both individuals and businesses) patronise the RDC services because of the convenience and reliability it offers. RDC provides substantial benefits to financial institutions as well, such as a means to quickly grow core deposits.
Like any other technological innovation, the RDC is not implemented without any risk, especially money laundering and terrorist financing vulnerabilities. Due to the non face-to-face feature that the RDC offers to customers, criminals are attracted to the service to further wash their dirty money within the banking industry. This raises several challenges for the banks, including but not limited to:
- the difficulty in determining who is using RDC and which jurisdiction they are in
- development of internal controls to ensure transaction data and cheque images are not altered
- implementation of monitoring by qualified personnel for potentially fraudulent, sequentially numbered or altered bank drafts or traveller’s cheques.
Also the risk of cheque duplication is a great concern for financial institutions when it comes to the provision of RDC services. Criminals can fraudulently and/ or accidentally scan and transmit the cheques more than once. Further, criminals enjoying the RDC services can also modify or alter the value on the cheque before transmitting to the bank.
The easy of moving the RDC equipment from one location to the other, makes the RDC service vulnerable to the activities of criminal. For example, the financial institution customer, who the financial institution think is using your RDC service in a particular location might be a front for a criminal gang based in or outside the country to further its criminal activities by scanning stolen/ altered cheques and other instruments
The reliability and data security of the RDC system can also attract criminals as they can hack into the system and manipulate data to their advantage.
Other major risks associated with the RDC service includes forged endorsement, poor image quality, identity theft and many more.
Despite, the vulnerabilities in the RDC service to money laundering and terrorist financing activities, financial institutions can benefit immensely and make the service less attractive to criminals by instituting the following means.
By investing in the right enterprise-wide detection technology and integrating methods that investigate all channels prior to posting, financial institutions can continue to offer RDC while also limiting risks of money laundering and terrorist financing. This makes it a win-win situation for the financial institutions and customers.
Also financial institutions can mitigate the risk associated with RDC service by adopting policies, procedures and controls that account for RDC technology. These policies should address the how and limit of monitoring transactions. Periodic reviews and risk management reports on the AML monitoring issues associated with the implementation and ongoing operation of RDC systems and service need to performed and generated. Strong internal controls and monitoring are your first line of defense to the risk associated with RDC while reviewing and investigating the account across payment services is the second. Where the financial institution offers the RDC service to correspondent banks, it must recognize and respond to the growing use of RDC by correspondent banks and money services businesses. Should such a deposit originate from a high-risk country or client, Enhanced Due Diligence (EDD) controls should be applied and continuous relationship determined by senior management.
Before RDC service is rendered to a customer, proper KYC/ CDD review procedures should be performed. The RDC service should be classified as a high risk service and EDD performed on the customer with senior management approving the rending of the service. The financial institution should develop a detailed Service Level Agreement (SLA) that clearly identify each party’s role, responsibilities, and liabilities, and that detail record retention procedures for RDC data. The SLA should also include procedures for physical and logical security expectations for access, transmission, storage, and ultimate disposal (if necessary) of original documents. Customer’s responsibility for properly securing RDC equipment and preventing inappropriate use, including establishing effective equipment security controls (e.g., passwords, dual control access) should be addressed by the SLA. In addition, the SLA should detail the customer’s obligation to provide original documents to the financial institution in order to facilitate investigations related to unusual transactions or poor quality transmissions, or to resolve disputes. The SLA should clearly detail the authority of the financial institution to conduct audits, or terminate the RDC relationship.
Another way financial institutions can take to mitigate the risk associated with RDC service is to take the time to fully understand the RDC indemnity, educate and train staff on risk, rules, regulations and procedures, and work with customers to be the first line of defense by helping them understand how to protect their accounts and not be vulnerable.
Continuous reporting process and mechanism that will identify and inform the financial institution immediately of suspicious activity should be developed as a means of reducing the impact of RDC vulnerability to money laundering. Also there should be a timely reporting of any suspicious activity to the Financial Intelligence Centre (FIC).
Because of risk associated with RDC service, some financial institutions remain hesitant to integrate an RDC solution because they lack the needed technology to prevent duplicate checks and the costly resolution when duplicate presentments occur. But in this new era that we find ourselves in, financial institutions which fail to embrace distributed capture options become less competitive to institutions that offer RDC capabilities leading to a fall in market share.
Would you mind doing me a favor? Share this article with someone so that the awareness of money laundering and terrorist financing could be spread to avoid being use as a conduit by criminals.
By Richieson Gyeni-Boateng, CAMS