Brian's Blog

09

In recent years, consumers and businesses have exponentially increased their use of electronic money transfers (EMTs). EMT is a broad term that generally refers to any transfer of funds that is carried out by electronic means, including, but not limited to bank accounts, mobile wallets, prepaid cards, or online platforms. EMTs are convenient and fast ways of moving funds across borders, regions, or within the same country. EMTs can be used for various purposes, such as remittances, e-commerce, bill payments, peer-to-peer transfers, or donations. Nonetheless, the security of EMTs needs to be fortified, as fraud and improper payment rates are on the rise.

According to the latest data available from the Federal Reserve, US originated EMTs increased at an average compounded annual growth rate of nearly 13% between 2018 through 2021, nearly doubling the rate of increase from the prior 3-year period. At that growth rate, it is expected to bring the total volume of US EMTs to $162.1 trillion by 2025. Furthermore, according to the Federal Reserve, the rate of fraud exercised via EMTs, known as wire fraud, is increasing by an annual rate of over 8%. By applying that rate of increase in the use of EMT with the rate of increase in the rate of fraud, it is reasonable to estimate that the rate of EMT fraud will reach over $400 billion by 2025.

One of the main factors that drives the increase in improper payments and wire fraud schemes is the growing ubiquity electronic transactions and money transfers, both domestically and internationally. Wire fraud includes all types of electronic transactions. Electronic transactions are convenient and fast, but they also create opportunities for both errors and fraudsters to exploit vulnerabilities in the systems and processes involved. Nonetheless, similar to other digital experiences, consumers and businesses expect that electronic transfers will continue to improve in its ease of use.

To address this growing problem and encourage improvements in EMT processes and tools, we are seeing a combination of new regulations and laws that have been implemented and the stricter enforcement of existing regulations and laws. Here are a few that are relevant to banks and any business involved in electronic money transfers:

  • The Bank Secrecy Act (BSA), originally enacted in 1970, requires financial institutions to establish anti-money laundering (AML) programs, report suspicious activities, and verify the identity of their customers. The BSA also requires money transmitters to register with the Financial Crimes Enforcement Network (FinCEN) and comply with its rules and guidance.
  • The USA PATRIOT Act, enacted in 2001, which expanded the BSA's scope and enhanced the government's authority to investigate and prosecute money laundering and terrorist financing. The USA PATRIOT Act also mandated the creation of the FinCEN Suspicious Activity Report (SAR) database, which collects and analyzes reports of suspicious transactions from financial institutions.
  • The Remittance Transfer Rule, which was issued by the Consumer Financial Protection Bureau (CFPB) in 2013 and amended in 2020. The rule applies to remittance transfers, which are electronic transfers of funds sent by consumers in the US to recipients in other countries. The rule requires remittance transfer providers to disclose the exchange rate, fees, taxes, and delivery date of the transfer, and to provide error resolution and cancellation rights to consumers.
  • The Anti-Money Laundering Act of 2020 (AMLA), which was enacted as part of the National Defense Authorization Act for Fiscal Year 2021. The AMLA is the most comprehensive reform of the US AML framework since the USA PATRIOT Act. The AMLA introduces several specific changes and enhancements, such as establishing a national registry of beneficial owners of legal entities; expanding the definition of financial institutions to include virtual currency providers, antiquities dealers, and other entities that may pose money laundering risks, creating new priorities and standards for AML programs, risk assessments, and examinations.
  • Regulation X is a Federal rule that implements the Real Estate Settlement Procedures Act (RESPA) and covers various aspects of mortgage servicing. Relative to disbursements, Regulation X requires mortgage servicers to make timely and accurate disbursements from borrowers' escrow accounts for property taxes, insurance premiums, and other charges. Servicers must also refund any surplus escrow funds to borrowers within 30 days of the escrow analysis, and notify borrowers of any escrow shortages or deficiencies and the options to resolve them. If a servicer fails to make a required disbursement from an escrow account, the servicer must correct the error and pay any late fees or penalties incurred by the borrower as a result of the servicer's failure.

Not all businesses are subject to the BSA and AMLA regulations, but many are. The BSA and AMLA apply to financial institutions, which include banks, credit unions, broker-dealers, money transmitters, casinos, insurance companies, and others. The BSA and AMLA also apply to certain non-financial businesses and professions that are deemed to be vulnerable to money laundering, such as dealers in precious metals, stones, or jewels, pawnbrokers, travel agencies, and attorneys.

In addition to the US rules and guidance, there are also recent regulations in the UK, EU, and some Asian countries that aim to enhance the transparency and security of electronic transfers. These regulations require financial institutions and money transmitters to obtain and verify the identity and account information of both the sender and the recipient of money.

  • Payment Services Regulations 2017 (PSR 2017), went into effect in January 2018, which transposed the EU's Second Payment Services Directive (PSD2) into UK law. PSR 2017 requires payment service providers (PSPs) to collect and verify the name, account number, and address or date of birth of the recipient of money for transfers within the UK, and the name and account number of the recipient for transfers outside the UK. PSD2 requires PSPs to implement strong customer authentication (SCA) for electronic payments, which means that customers need to provide at least two independent factors of identification, such as a password, a token, or a biometric feature, to verify their identity and authorize a payment.
  • The Fifth Anti-Money Laundering Directive (AMLD5) was adopted by the EU in July 2018, which amended the Fourth Anti-Money Laundering Directive (AMLD4) and introduced stricter requirements for electronic transfers. AMLD5 requires PSPs to collect and verify the name, account number, and address of the recipient of money for transfers within the EU, and the name, account number, and address or date of birth of the recipient for transfers outside the EU.
  • Electronic Identification, Authentication and trust Services (eIDAS) is a regulation that establishes a common framework for electronic identification and trust services in the European Union.  It aims to enhance the security, convenience and interoperability of online transactions and services across the EU. eIDAS enables European citizens and businesses to use their national electronic identification schemes (eIDs) to access online services in other EU countries, meaning that customers can use their eIDs to open bank accounts, apply for loans, or make payments online in any EU country, without having to present physical documents or go through lengthy verification processes.
  • The Act on Prevention of Transfer of Criminal Proceeds adopted by Japan in April 2007, which requires financial institutions and money transmitters to verify the identity of the recipient of money for transfers of more than 100,000 yen (about $900). The verification methods include checking the recipient's identification document, confirming the recipient's phone number, or using other reliable means.
  • The Payment Services Act 2019 (PSA) adopted by Singapore in January 2020, which regulates various types of payment services, including cross-border money transfers. The PSA requires money transmitters to collect and verify the name, account number, and address of the recipient of money for transfers of more than S$1,500 (about $1,100).
  • The Prevention of Money Laundering (Maintenance of Records) Rules 2005 adopted by India, require banks and money transmitters to verify the identity of the recipient of money for transfers of more than Rs.50,000 (about $680). The verification methods include obtaining the recipient's PAN card, Aadhaar card, or other official documents.

Requirements for Verifying the Identity of the Recipient of Money

One of the key requirements for preventing and detecting errors and fraud is verifying the identity of the recipient of money. The US government has issued various rules and guidance for financial institutions and money transmitters to follow when conducting customer due diligence (CDD) and identity verification for electronic transfers.

According to the FinCEN guidance on CDD requirements for financial institutions, the following steps should be taken to verify the identity of the recipient of money:

  • Obtain the name, address, date of birth, and identification number (such as social security number, passport number, or tax identification number) of the recipient.
  • Verify the identity of the recipient using reliable and independent sources, such as documents, data, or information from the recipient, the sender, or third parties.
  • Compare the information obtained from the recipient with the information obtained from the sender and other sources and resolve any discrepancies or inconsistencies.
  • Document the methods and results of the verification process and maintain records of the information obtained and verified.
  • Update the information and verification periodically, or when there are changes in the recipient's circumstances or risk profile.

According to the CFPB guidance on the Remittance Transfer Rule, the following steps should be taken to verify the identity of the recipient of money:

  • Obtain the name, address, and account number of the recipient, as well as the name and location of the recipient's financial institution or other provider.
  • Verify the identity of the recipient using the information provided by the sender and confirm that the information matches the information of the recipient's financial institution or other provider.
  • If the recipient does not have an account with a financial institution or other provider, obtain the recipient's identification number (such as national identification number, passport number, or driver's license number) and verify it using reliable and independent sources.
  • If the recipient is a business or an organization, obtain the name, address, and identification number of the business or organization, as well as the name and identification number of the authorized representative of the business or organization.
  • Document the methods and results of the verification process and maintain records of the information obtained and verified.

Examples of Consent Orders and MRAs

Irrespective of an organization’s financial regulator, the requirements for compliance are universal. Below, we provide examples from each of the US financial regulators overseeing the electronic money transfers in the US.

  • In February 2021, the OCC issued a consent order against a federal savings bank based in New York, for violating the BSA and AMLA. The consent order required the bank to pay a civil money penalty of $544,000, and to take various corrective actions, such as enhancing its AML risk assessment, policies, procedures, and controls, improving its customer identification and verification processes, conducting a look-back review of past transactions, and hiring qualified AML personnel.
  • In March 2021, the FRB issued a consent order against a foreign bank headquartered in China, and its New York branch, for violating the BSA and AMLA. The consent order required the branch to pay a civil money penalty of $5.3 million, and to take various corrective actions, such as strengthening its AML risk assessment, policies, procedures, and controls, enhancing its customer identification and verification processes, conducting a look-back review of past transactions, and hiring qualified AML personnel.
  • In April 2021, the FDIC issued a consent order against a state-chartered bank based in Delaware, for violating the BSA and AMLA. The consent order required the bank to pay a civil money penalty of $487,500, and to take various corrective actions, such as revising its AML risk assessment, policies, procedures, and controls, improving its customer identification and verification processes, conducting a look-back review of past transactions, and hiring qualified AML personnel.
  • In May 2021, the CFPB issued a consent order a Virginia-based insurance company, for violating the BSA and AMLA. The consent order required the company to pay a civil money penalty of $1.5 million, and to take various corrective actions, such as developing and implementing a comprehensive AML program, policies, procedures, and controls, enhancing its customer identification and verification processes, conducting a look-back review of past transactions, and hiring qualified AML personnel.

How to Ensure Compliance with the Requirements

Although there are enhanced regulations for compliance with electronic money transfers in today’s environment, by utilizing the appropriate processes and tools an organization can:

  • Ensure compliance with the regulations impacting electronic money transactions
  • Increase recipient satisfaction by ensuring a frictionless environment for receiving payment the first time and on time
  • Lower the cost for the business and/or bank to send the electronic money transfer

The following table illustrates the elements for remediation of the regulatory requirements for verifying the identity of the recipient of money while also lowering the error and fraud rate of electronic money transfers.

Conclusion

Electronic Payment errors and fraud is a serious and growing problem that affects individuals, businesses, and government entities in the US and abroad. The US government has enacted new regulations and laws to encourage the prevention of payment fraud, and to protect consumers and businesses from becoming victims of wire fraud. These regulations and laws impose stricter requirements on financial institutions, money transmitters, and other entities that facilitate wire transfers, especially those involving cross-border transactions. One of the key requirements is verifying the identity of the recipient of money, which involves obtaining, verifying, and documenting the information of the recipient using reliable and independent sources. Violating these regulations and laws can result in severe penalties and sanctions, as well as reputational and legal risks.

Compliance with these regulations is congruous with good customer satisfaction. Customers don’t appreciate their legitimate electronic transactions being delayed or blocked, nor do they want to bear an increase in the price of transactions due to the potential cost of compliance. Nonetheless, there are options to verify the legitimacy of the recipient and the transaction.

Note: Please keep in mind that there are many nuances in the compliance of every one of these regulations and this is not meant to be comprehensive. If you think that these regulations apply to you it is important to reach out to expert attorneys and consultants and evaluate the experts, processes, and tools that can assist you in your company's compliance.

Actions: E-mail | Permalink |