Financial institutions manage the risk exposure to check payment processing by establishing appropriate account opening and monitoring controls. Account opening controls that incorporate information from credit bureau services may mitigate credit risk exposure to criminals and to customers with a history of financial problems. Such screening is also the basis for customer verification in support of BSA/AML compliance and for qualifying customers for RDC. Institutions should perform a credit assessment of those customers for whom they collect large dollar volumes of checks.
Financial institutions use a variety of monitoring tools during check processing as a means of identifying potential fraudulent activity or for early detection of kiting. These automated tools are typically available from major vendors. Institutions should monitor the payment activity of their customers and take appropriate action when credit limits are exceeded or when their business practices may indicate possible fraud or money laundering activity. Institutions that offer commercial customers services for RDC should make such arrangements under contracts that clearly state the liability of the commercial customer in the event of a dispute over the imaged checks.
Regulation CC requires that when a paying financial institution decides to return a check of $2,500 or more, it must provide a notice of nonpayment to the depository financial institution, in which the check was deposited, to mitigate the depositary institution's financial loss in case the customer tries to withdraw funds represented by the returned check. Regulation CC also requires a check to be returned to the depository financial institution expeditiously, regardless of the amount. A paying bank returns a check expeditiously if it returns the check to the depositary bank within two business days of presentment (for local checks) or four business days (for nonlocal checks). Alternatively, a bank returns a check expeditiously if it sends the check in the same manner as it (or a similarly situated bank) would have sent the check for forward collection.
Using ECP for payment can reduce risks to depository financial institutions because it permits them to deliver check data to paying financial institutions more quickly than by presenting paper checks. The shorter delivery time permits paying financial institutions to (1) identify checks that cannot be paid and (2) notify the depository financial institution about those returned checks using an electronic return notice and up to one day earlier than would occur with the physical exchange of paper checks.
Check truncation (the conversion of MICR information to electronic form), on the other hand, introduces the risk of unauthorized changes to converted check information in transmission or in storage. As with RDC, this risk may increase when truncation occurs at the customer location. Financial institutions should develop and implement appropriate information processing safeguards to mitigate this risk. These safeguards should include logical access controls and separation of duties to minimize potential tampering with electronically converted check information and images during processing, and to ensure the MICR and check image databases are protected from unauthorized access. Check truncation also introduces the risk that a customer's account may be debited twice for the same check. This happens either when the MICR data is read, the account is debited, and the check is accidentally sent to the proof/sorter where it is read again and the account is debited a second time or when an electronic check file is inadvertently duplicated. Financial institutions should develop preventive controls to avert checks from being read twice or electronic check files from being duplicated or processed twice, and they should have detective controls to determine whether debits arise from the same check. These controls should also be applied to processes where checks are converted to ACH debits.
Check fraud is a significant factor in losses reported by financial institutions. The leading form of check fraud is check kiting; that is, presenting checks to two or more financial institutions for the purpose of fraudulently obtaining interest-free unauthorized loans. Other types of check fraud include forged, altered, and counterfeit checks. "Positive pay" is a technique that can reduce check fraud by requesting businesses to send electronic files of information to the financial institution on all checks the business has issued. The financial institution compares this information against electronic information regarding checks presented for payment. If a check presented for payment is not included in the positive-pay information, the institution requests the corporation to make a pay/no pay decision.
Retail Payment Instrument Specific Risk Management Controls