Beware of suspicious payment transactions, that’s the advice in a recent post on the Portals and Rails blog of the Federal Reserve Bank of Atlanta (“FRBA”). The post, “Learning from Experience to Handle Suspicious Activity,” urged financial institutions to rigorously address questionable activity involving both traditional payment methods such as check and ACH transactions, and newer technology such as remotely created checks (RCCs) and electronic payment orders (EPOs).
While the FRBA notes some common methods institutions use to initially identify suspicious activity and the difficulty in identifying and tracking payments using newer technology such as RCCs and EPOs, it does not focus on effective systems for initially pinpointing suspicious transactions. Generally, however, banks and other institutions should ensure that they have adequate systems in place to comply with applicable Bank Secrecy Act/Anti-Money Laundering regulations and identify questionable transactions involving newer payment technologies that may not yet be regulated.
To combat suspicious payment activity, the FRBA advises financial institutions to:
- Identify Suspicious Transactions: Once suspicious activity is identified, taking care of the customer is noted as the first step in initially addressing it. Efforts may include returning transactions, placing stop payments, monitoring account activity, addressing security protocols or changing authentication tools.
- Reach Out to Other Involved Institutions, Law Enforcement and Regulators: Contacting these entities is encouraged as the next step. Reaching out to other financial institutions involved is deemed important not only to inform them of an incident, but also to initiate collaboration in both the short term to address customer needs and long term to deal with the underlying causes of suspicious activity. Institutions also should submit suspicious activity reports (SARs) to regulators. Additionally, contacting law enforcement such as local police or the FBI is noted as critical for allowing authorities to address concerns affecting multiple institutions and deter fraudulent behavior.
- Share Information: Exchanging information also is a key step. The FRBA refers to use of the safe harbor provisions in Section 314(b) of the U.S. Patriot Act as one method, as are other avenues such as the Financial Services Information Sharing and Analysis Center (FS-ISAC) and BITs, the technology policy division of the Financial Services Roundtable.
- Adjust Processes: At the end of the entry readers are asked, “How often does your institution adjust its processes for handling suspicious transactions based on current fraud experiences?” This rhetorical question is posed particularly in light of the evolution of payments technologies (such as RCCs and EPOs), which give criminals an opportunity to try new ways of illicit profiting. Institutions are urged to adjust identification processes based on experience and continue “learning’’ new tactics to outpace innovations in payments fraud.