Vol. 2, Issue 2, 2008
ID Theft “Red Flags” Rule – Automating the Compliance Process By Saskia Rietbroek, CAMS Identity theft is a significant concern for consumers. It violates financial privacy, destroys credit histories, and ruins good reputations. For financial institutions, it costs time and money and can create significant risks to safety and soundness, a phrase that has been all but dropped from the vocabulary of bankers and regulators these days. The U.S. ID Theft FACTA Red Flags Rules require banks and other firms to be proactive in helping to protect their customers from this serious financial crime. The rule requires them to have controls in place that are designed to address the risk of identity theft to consumers as well as to the safety and soundness of the institution. They must implement a risk-based written Identity Theft Prevention Program containing reasonable policies and procedures that address the risk of identity theft. The program must be board approved and the staff must be trained in the program. The mandatory compliance date for the rule is November 2008.
Who and what is covered? Creditors and financial institutions are covered and must comply with the Red Flags Rule. Creditors include anyone who arranges for the extension, renewal or continuation of credit, including third party debt collectors. Service providers such as cell phone companies and utility companies may also be subject to the Red Flags Rule. Financial institutions and creditors that offer or maintain “covered accounts” must develop and implement a written program detailing their red flag policy. Covered accounts are the accounts where identity theft is most likely to occur, including: • Credit card accounts • Mortgage loans • Installment credit
Table of Contents ID Theft “Red Flags” Rule – Automating the Compliance Process ...................................Page 1-3 Successful Product Advisory Council Meeting .........................Page 4 Hot Docs ....................................Page 5 User in the Spotlight...................Page 6 NetPractice Celebrates 1st Birthday................................Page 7 Fiserv Fraud & Compliance User Group Conference 2008........................Page 8 Financial Crime News Around the World.......................Page 9 Featured Functionality ..............Page 10 IT Corner..................................Page 11 Poll Question............................Page 12 Calendar of Events 2008 ..........Page 12
• Margin accounts • Cell phone accounts • Utility bill accounts • Checking accounts • Savings accounts • Certain business and other accounts
Do not exclude accounts simply because they are business accounts. Business accounts such as small businesses or sole proprietorships may be “covered accounts” under certain Continued on Page 2
AUGUST 2008
ID Theft “Red Flags” Rule
Continued from Page 1
circumstances; in particular, where there is a “reasonably foreseeable risk” to customers or to the safety and soundness of the institution from ID theft.
Risk-based approach to detecting ID theft red flags Earlier detection of potential risk is key. The Red Flags Rule includes a list of 26 early warning signals (i.e. red flags) that should lead the financial institution to take a closer look at a particular situation. The list helps firms identify what to look for when uncovering possible fraudulent behaviors. The Red Flags Rule provides a significant degree of flexibility to allow institutions to adapt the requirements to meet their own individual needs and circumstances. In line with the risk-based approach, each financial institution has the flexibility to develop policies and procedures to identify which of the red flags are applicable to them. This risk-sensitive approach will also enable the firm to address identity theft risks as they evolve and to focus on the areas where the risks are the highest. For example: • Red flags appropriate for accounts that can be opened or accessed remotely may differ from those that require face-to-face contact • Red flags relevant to deposit accounts may be different from red flags dealing with credit accounts; • Red flags applicable to consumer accounts may differ from those applicable to business accounts In addition, a firm should consider as relevant those red flags that directly relate to its previous experiences with identity theft.
Leveraging existing programs By complying with the CIP (Customer Identification Program) regulations (implementing section 326 of the USA PATRIOT Act), some financial institutions already meet many of the requirements for the Red Flags Rule. Although
Saskia Rietbroek is Financial Crime Advisor to Fiserv Fraud and Compliance. She was the founding Executive Director of the Association of Certified Anti-Money Laundering Specialists (ACAMS), an organization with 8000+ members. She is partner at AML Services International, a consulting and training company in the money laundering and terrorist financing field (www.nomoneylaundering.com). She is a frequent speaker on money laundering. She is based in Miami, FL.
compliance with parallel requirements is sufficient for compliance under these rules, the CIP will not always cover everything that is required to comply with the ID theft rules.
The CIP rules were written to prevent and detect money laundering and the financing of terrorism. Certain types of accounts, customers, and products are exempted or treated specially under the CIP rules because they pose a lower risk of money laundering or terrorist financing. This special treatment, however, may not be appropriate to accomplish the broader objectives of battling identity theft. The use of the CIP rules does not always adequately address identity theft. For example, the CIP rules allow accounts to be opened before identity is verified, which is not the proper protocol to prevent identity theft.
The role of software The NetEconomy Fraud Manager solution of Fiserv Fraud and Compliance offers a proven solution to help financial institutions support their identity theft prevention programs while complying with the red flag rule. Examples of trouble areas that the Fiserv Fraud and Compliance software is designed to focus on: • Risky customers: The solution can identify customers that are at risk of becoming a fraud victim based on their characteristics, such as age, account balance and
Detecting red flags A phishing victim’s account can show a transfer from the savings account to a current account, and later another amount is transferred out of the current account to a third party. The Fiserv-NetEconomy fraud solution recognizes that the activity is unusual because the frequency is higher (more activity than usual) and the amounts are larger than is common for the victim’s profile. Furthermore, the customer has never before transferred money to this third party’s account. This means that the beneficiary account was new for the victim’s profile. Based on this, the solution will generate an alert that can be investigated by the bank or credit union’s fraud team. Page 2 | NetPractice Exchange
Key elements of a “red flags” program • Identify patterns and specific forms of activity that are ID theft “red flags” and incorporate them into the program • Program approval by the board of directors or an appropriate committee of the board • Monitor red flags that have been incorporated into the program • Respond appropriately to red flags that are detected to mitigate identity theft
activity of the account. It can also identify customers that may be fraudsters based on characteristics including age and/or residence in a high-risk location. Once these customers are identified, they can be more closely monitored for red flags. • Unusual transfers: A powerful analytic engine analyzes and profiles accounts, customer and end-user activity data, and generates real-time alerts on suspicious events that enable the bank, credit union, or creditor to become proactive on identity theft. An alert can be generated when unusual transfers occur. • Unusual address changes and card requests: The fraudster can submit an address change on behalf of the intended victim and follow up with a request for a new card and PIN. The criminal then uses the new card at ATMs to empty the account. The NetEconomy solution can generate an alert if unusual address changes and new card requests occur. In addition to generating alerts, the NetEconomy software offers an array of workflow features and investigative tools that include: • Powerful investigative tools: The software provides powerful investigative tools for post-event analysis, including cross-channel search of account, customer and user activity with visual tools and graphs. • Red flag repository of alerts generated across the enterprise: NetEconomy solution of Fiserv Fraud and Compliance offers one place to easily locate and access all alerts and cases related to ID theft, other types of fraud, money laundering, and other types of financial crime.
• Ensure regular updates to the program that reflect changes in identity theft risks • Develop procedures to assess the validity of a request for a change of address that is closely followed by a request for an additional or replacement card • Develop reasonable policies and procedures to apply when an address discrepancy notice is received from consumer reporting agency.
Battling channel-surfing There is a growing need for financial institutions to have enterprise-wide clarity when it comes to the management of fraud and other financial crimes such as money laundering. Often, we see that point solutions for various elements of fraud monitoring and management are already in place for specific types of fraud, such as debit card fraud and check fraud. But with a growing number of channels for customer intake and interaction, including use of the telephone and internet, fraudsters are taking advantage the situation by channel-surfing. This crosschannel fraud exploits the vulnerabilities of traditional tactical point-solutions and is likely to be one of the greatest “hot” fraud areas in the coming years. To mitigate these risks, financial institutions are moving away from tactical point solutions and are looking for vendors with a holistic approach to enterprise risk management. With the ground-breaking ID theft rule, financial institutions must take every possible step to protect and assist customers who become victims. On top of that, the criminals continue to find new ways to commit ID theft. Without support from the proper technology, this becomes a very challenging task. With one integrated case management and red flag management system, Fiserv Fraud and Compliance software provides a holistic customer view that can be used seamlessly across channels and departments. This enables firms to have instant business risk insight and to achieve operational efficiencies in a turbulent market.
Page 3 | NetPractice Exchange
Successful Product Advisory Council Meeting Richard McCarthy, Chairman Product Advisory Council and Vice President Product Marketing at Fiserv Fraud and Compliance
On June 10th, the NetPractice Product Advisory Council (PAC) met in Dublin, Ireland, during the Fiserv Fraud & Compliance User Group Conference 2008.
The Committee, which was launched in Spring 2008, serves as an intermediary between the overall membership and the NetEconomy product management team. The committee is mainly intended as a sparring partner for NetEconomy’s product management to determine the focus of product development and to assess priorities. This can be both for strategic initiatives and for areas of special attention. The role of the new Committee is to channel and prioritize NetEconomy product suggestion or enhancement requests from the worldwide user community to NetEconomy and track the progress of the requests and report back to the NetPractice membership on the status of the requests. The committee is not to replace the current systems and processes for submitting defects or product suggestion requests on a feature level. The goal is to stay a level above that, enabling NetEconomy product management to determine what new or existing product areas to focus on. During the council meeting, customers such as Banco Espirito Santo, Dexia, ING Bank, SEB, and Sun Life Financial gave presentations outlining their achievements to date using NetEconomy and their business objectives for the near future. Lively discussions followed these presentations, allowing customers to exchange ideas on how they are resolving similar challenges they face. ING began by outlining their autonomous organizational structure with numerous hub installations serving their compliance offices across the globe. The advantage of a centralized approach was discussed, as were the advantages of sticking to an existing autonomous structure. ING was also interested in fraud prevention and AML insurance, and had begun some investigations in this area. Among their recommendations were advancing the user-friendliness of the NetEconomy AML product, enriching the Network Analysis tools, and providing a visualization of money-flows. Banco Espirito Santo touched on the challenges facing their first implementation of an AML monitoring solution. Page 4 | NetPractice Exchange
They stressed the need of having consultants available, expressing that things moved easier and faster when consultants were on hand. A discussion arose on ensuring that the budget for all projects (especially first installations) should include this consultancy help. They commented that the manuals were often too technical, and that more “how to” chapters would be very welcome. Creating user roles was often also quite challenging, so the provision of templates to guide in this process would be also welcome. A wish to provide risk scoring of alerts as they are being generated was expressed, as well as an audit service from Fiserv (e.g. 6 months or 1 year after the first installation to see if false positives could be lowered even further). The usability of the product and the ability to make ad-hoc queries was also touched on. SEB explained their need to support a large international base (some 20+ countries) and expressed the importance of flexibility in supporting local needs. A discussion followed on the challenges of supporting countries such as Russia and China – a challenge that other members were also facing as their needs to support other local countries expanded. SEB, like most other banks, has a complex infrastructure, with some 300+ systems, so integration is often a big challenge. Configuration, version management (global and local), usability, single thread processing, and authentication were subjects also touched on. Dexia began by explaining their structure and need to support multiple countries and entities. The challenges of name matching arose and this opened an interesting dialog with the other members of the Council that included how to handle internal lists (some customers expressing that they had over 60 lists to manage). Sun Life Financial began by reminding the audience that most vendors do not understand our business, so we need to educate them. The importance of a partnership between the financial institution and the vendor was expressed,
where each is at hand to help the other along. Asking vendor consultants to come in only after an issue already existed was discouraged. Contracts between the two parties should be negotiated so that consultants are available to help throughout the project and thereafter. Sun Life mentioned how they had managed to staff down after their NetEconomy implementation. This was achieved by focusing on those that pose high risk, and leveraging fewer but more highly qualified people. Sun Life also supported Espirito Santo Bank’s request for audit services, removing alerts they now realized that did not need to be seen, and looking at rules that should be changed. In looking back at the presentations given, several members remarked on the common issues they all face and
the values of discussing these with other customers. The importance of avoiding “jumping into” AML projects without advanced preparation (such as in knowing how to risk score customer transactions, agreed workflow, etc.) was also emphasized. In reflection, this was seen as a key marker in identifying the difference between a successful and a stressful AML implementation project. In their evaluation of this council meeting, all participants marked this event as “excellent”, asking to be invited again next time the council meets. If you are interested to learn more about the Council, or to join it, please contact us at NetPractice (svliet@netpractice.org).
Hot Docs and Downloads FATF: Financial Crime Vulnerabilities of Websites and Internet Payment Systems A June 2008 FATF (Financial Action Taskforce) study talks about vulnerabilities of mediated customer-to-customer websites and Internet payment systems. The combined weaknesses of user anonymity, rapid transactions, limited human intervention, ease of international presence, limited jurisdictional authority, and inherent difficulty of the financial institution in detecting suspicious transactions fosters an environment in which money laundering risks run rampant. The 42-page document provides case studies on how these websites and payment systems can be exploited not only for money laundering and terrorist financing, but also for fraud and the sale of illegal goods. The document can be found at www.netpractice.org. NetPractice Video: How Peer Group Analysis Reduces False Positives Monitoring customers purely on the basis of historical activity can be misleading if their activity is not actually consistent with similar types of customers. More advanced detection capabilities are necessary. Refresh your memory on standard deviation, z-scores and learn how to set up a peer group to detect suspicious activity. The July 2008 video also provides an example of FiservNetEconomy customers who have leveraged Peer Group Analysis to tremendously lower their false positives. Download the video for free at: http://www.netpractice.org/memberarea/ education_training.aspx
NetPractice Video: Raising the Red Flag Identity theft is the fastest growing crime in America. In 2008, the FTC estimates that 26 million Americans will become victims of identity theft. The Fed’s new Red Flags rule requires you to take action to prevent identity theft. In this training video you will learn about identity theft and the new Red Flags regulation which require all financial institutions to take action to prevent, detect, and mitigate identity theft for all of their customers. Download the video for free at: http://www.netpractice.org/memberarea/ education_training.aspx FinCEN Study on Money Laundering in the Real Estate Sector In April 2008, the U.S. Financial Crimes Enforcement Network issued a study on residential real estaterelated money laundering. The study found that more than 75% of the entities suspected of involvement in residential real estate related money laundering were individuals unaffiliated with residential real estaterelated businesses. For example, launderers using multiple nominees or straw buyers to secure numerous mortgages on various residential properties, thereby creating a means for the conversion of illicit cash into real property while projecting the appearance of many unrelated mortgages paid on a regular and timely basis. Download the document at: http://www.fincen.gov/news_room/rp/ strategic_analytical.html Page 5 | NetPractice Exchange
User in the Spotlight Peter Temminck, Van Lanschot Bank Peter Temminck is a member of the Risk Management team at Van Lanschot Bank and is responsible for the fraud risks management. Peter has been working in the financial services industry for more than 10 years and is situated in Den Bosch, The Netherlands.
1. Describe your institution, such as size of the bank, location, and number of branches. Van Lanschot is the oldest independent banking institution in the Netherlands. We are a full service bank with a focus on Private Banking. We have 35 branches in the Netherlands and additional branches in other countries, including Luxemburg and Belgium. 2. Which version and module(s) of NetEconomy does your institution use, and for how long? We’re using version 4.1.3 and we’ve used NetEconomy since 2004. Currently we use the Compliance Manager and have some extra modifications for fraud alerts. 3. How do you use the software across the different branches? NetEconomy’s Compliance Manager is used in the Netherlands and in Luxemburg. In the Netherlands we’re using the NetEconomy solution in the Compliance Department and in Risk Management (department Zorgplicht). We’re currently installing a user group with participants of different departments. This is a way of getting more out of the transaction monitoring. 4. Describe your role working with the NetEconomy solution. In the fraud department, NetEconomy is used to detect skimming. Skimming is a term for the copying of debit/credit cards. With NetEconomy you can detect unusual behaviour on an account. We attempt to define unusual behaviour for debit cards so we can stop the fraudulent withdrawals. We’re also using NetEconomy for investigation and CDD (customer due diligence) reviews on our customers.
Page 6 | NetPractice Exchange
5. What is your favorite NetEconomy feature and why? The investigations module. You can easily access large amounts of data. Like most banks, we have about three months of transaction data available on line. In NetEconomy there is over one year of transaction data that you can use for analysis. Another favourite feature is the Network Analysis Module because you can see very quickly which counterparties your customer is dealing with. 6. What would you like to see added to the current NetEconomy solution? This could be something related to management reporting, alert configuration, user interface, or integration with other tools. We would like a printing or export feature for the network analysis so we can visualise the network for our files. Currently we copy/paste the network into a Word document, but with some larger networks it isn’t possible to properly present all the information. 7. What is the biggest challenge in detecting unusual behaviour of transactions and customers? Because of our core business a lot of customers can transfer large amounts of money but that’s not unusual behaviour. Our challenge is to reduce false positives concerning these customers. 8. Can you give one piece of advice to a new user? Make use of the knowledge of other users and of NetEconomy. If you’re a new user, you must realise that many other NetEconomy users already dealt with challenges like false positives. Make use of their experience. 9. If you had 15 extra minutes in your busy work day, what would you do with it? Drink a nice cold Belgian beer at a bar in the city centre of Den Bosch and enjoy the beautiful city.
NetPractice Celebrates 1st Birthday
We’re celebrating our 1st year anniversary! During this year, NetPractice has grown in many ways, ranging from an increase in customers logging on to our on-line community Web site, to the larger number of on-line training sessions and webinars being attended. With more members joining from around the world, NetPractice is becoming a recognized name in the AML and fraud prevention field. NetPractice was launched to serve the steadily expanding, world-wide customer base of Fiserv Fraud and Compliance. It became evident that more than just a yearly meeting was needed to provide users with a forum to informally exchange information and experiences regarding their use of the NetEconomy software. In October 2006, we conducted a survey of 250 users in order to gain feedback on the interest of forming an online user group organization. The survey results were overwhelmingly supportive of the concept to launch this interactive user group community, where users can network and communicate with each other on an ongoing basis throughout the year. As a result, NetPractice was launched in May 2007. The group officially opened its doors for membership during the Complinet Conference in London that same month. Our objectives were twofold: first to ensure that our members can make maximum use of the Fiserv Fraud and Compliance platform, and secondly, to build strong and sustainable relationships among the members of the community. Our milestones to date include: • In our first year alone, NetPractice has received recognition in numerous ways including customer references, endorsement from independent industry analysts, and a high rank order in Internet search engines for areas such as anti-money laundering community. • In his review of NetPractice, Neil Katkov, senior analyst of Celent, said: “Financial institutions continue to struggle to implement thorough, effective and efficient procedures to deal with money laundering and other financial crime, and are finding they can’t solve all the problems on their own. Compliance communities address a deep need for sharing experience and best practices to help handle
Stan Harmsen van der Vliet – Director NetPractice
these challenges. Organized by a leading compliance solutions vendor, the NetPractice user community is a welcome addition in this area.” • In Spring 2008, NetPractice conducted a customer survey asking customers to evaluate NetPractice, the AML and fraud transaction monitoring technology they use, and for their view on their AML and fraud priorities for the near future. The results of the survey overwhelmingly showed the value members saw in NetPractice as well as offering positive and constructive feedback on the AML technology they are using. Other first year anniversary milestones include: • Several NetPractice Advisory Board Meetings with members from across the globe, including RBTT in the Caribbean, ING in the Netherlands, and Citizens Financial Group in the USA. • The first face-to-face meeting of the Product Advisory Council (read more in our article “Successful Product Advisory Council Meeting”) held on June 11, 2008 with 14 members attending in person. • The publication of printed quarterly newsletters. • Webinars from independent and respected industry analysts, such as Celent on “AML Trends to Watch-out for: 2008 – 2010”. • Self-training videos streamed at netpractice.org, including as subjects “Basic Steps in Transaction Monitoring” aimed at new compliance employees. • Highly attended webinars on new regulations, and on how to leverage your existing investments in transaction monitoring technology to support them. For example, “Raising the Red Flag, How to comply with the new US ID theft Regulation”. We had a great first year and look forward to expanding to ever more exciting meetings and activities in the years to come. Many who participated have pushed their skills far beyond anything they had previously achieved, and that is exactly what we hoped would happen. We also had a lot of fun and got to know each other better – another important goal accomplished! Sincere thanks to all our members and the support staff that have helped make it such a success – congratulations!
Page 7 | NetPractice Exchange
Fiserv Fraud & Compliance User Group Conference 2008 We were delighted to welcome over seventy NetEconomy and CheckFree customers from more than fifteen different countries to this year’s event, which was graciously hosted by Bank of Ireland in Dublin.
The conference concluded with another guest speaker from Canada, Ivan Zasarsky, who gave a joint presentation with Saskia Rietbroek on the current global trends in both AML and Fraud.
With the announcement of the integrated Fiserv Fraud & Compliance Group, this was the perfect occasion to share and discuss customer experiences and the latest product information with our new colleagues and customers. The conference was opened by Sebastian Kuntz, President of the new group, and was followed by an introduction from Rahul Gupta, Group President for Payment and Industry Products at Fiserv.
I would like to take this opportunity to thank the following:
It was a full first day with a combination of customer experience presentations, product roadmap discussions, and breakout workshops ranging from ‘’How to improve the quality of your alerts’’ to sessions for IT professionals who have ‘’IT/Data stream and configuration challenges’’. A session sponsored by our partner, Fircosoft, discussed Watchlist Matching, and the workshop on Employee Fraud proved to be particularly popular. For myself, the highlight of the first day was the presentation by Claude Baksh from Canada on Sun Life Financial’s risk-based approach to list matching. We broke from tradition for the evening dinner and left the hotel for some Irish food and entertainment in the mountains of Glencullen at one of Ireland’s oldest pubs, Johnnie Fox. Judging by the evaluation form ratings and photos, we made a good choice! Day two of the conference continued with a lively presentation on ‘’How to effectively manage your false positives through screening your client list against a PEP list’’ from Dow Jones, our second sponsoring partner. We then held eight additional workshops in parallel sessions, which included two training master classes for both new and more advanced users. These sessions were very popular and provided a valuable insight into how training can dramatically improve the use and effectiveness of your financial crime solution.
Page 8 | NetPractice Exchange
• The Bank of Ireland (particularly Dave Lombard, and Ronan O’Beirne for ‘’standing in’’ at short notice, as Dave was unable to stand!) for hosting this year’s event; for their support along with the other User Group Committee members and NetPractice (particularly Stan Harmsen van der Vliet) who assisted in the formulation of this year’s agenda. • Our sponsoring partners, FircoSoft and Dow Jones, for their support and involvement in the event. • All those colleagues who presented and/or ran workshops. • And finally you, the customers, who make the event happen! It was good to see so many familiar faces, and the new ones, too! There is always such a great atmosphere at the User Group conference; it feels like old friends meeting up for an annual reunion! Hope to see everyone, and more new faces, next year! Melanie Cousins Marketing Manager Fiserv Fraud & Compliance (Please note: Most of the slides, video presentations and photos from the conference and dinner are available to download at www.netpractice.org) If your institution is interested in hosting next year’s Usergroup, please contact Melanie Cousins at mcousins@neteconomy.com.
Financial Crime News from Around the World Switzerland Amendments to money laundering regulations The Swiss Federal Banking Commission (SFBC) released January 28th, 2008 amendments to the SFBC Money Laundering Ordinance (MLO SFBC) adopted on December 20th, 2007. The amendments aim to implement the recommendations of the Financial Action Taskforce, a global money laundering watchdog. Although, the structure of the Swiss risk-based regulation remains generally unchanged, within the context of the monitoring of transactions there are two changes that are considered of particular importance: • Business relationships are now considered by default a higher risk for those relations with foreign financial intermediaries for which a Swiss supervised intermediary holds a correspondent account (art.7-3); • The inclusion of originator information on wire transfers has been adjusted to reflect international practice. Financial intermediaries are required to include originator details for all transfers above CHF 1,500 (US$1,452). For domestic transfers a limited set of data is sufficient as long as full information can be provided to a beneficiary institution on request within three business days (art.15-1; 2). The changes to the MLO SFBC became enforceable on July 1, 2008. For the implementation of articles 7 and 15, a transition period lasting until January 1, 2009 is foreseen. An overview of amendments to the MLO SFBC can be found at http://www.ebk.admin.ch/d/aktuell/ 20080128/20080128_02_d.pdf. India Guidance reiterates obligations of banks The Reserve Bank of India (RBI) has provided guidance to both the obligation of banks to report integrally connected cash transactions and to report all suspicious transactions — irrespective of the amount involved and including attempted transactions — to the Indian Financial Intelligence Unit (FIU). The different guidelines were issued in May, June and July 2008. RBI has also reiterated that banks must “put in place an appropriate software application to trigger alerts when the transactions are inconsistent with risk categorization and updated profile of customers”. Additional notice and guidance has been given to ensure electronic filing of CTR (currency transaction report) and STR (suspicious transaction report) to the FIU for banks where not all the branches are fully computerized. An illustration of integrally connected cash transactions and an indicative list of 56 suspicious activities that may be considered by banks complement the published notification.
With this notification, the RBI has tightened the rules issued in February 2006 in pursuance of the Prevention of Money Laundering Act (PMLA 2002). The notification for commercial banks can be found at http://www.rbi.org.in/scripts/NotificationUser.aspx? Id=4188&Mode=0 USA FinCEN Announces Retirement of BSA Magnetic Media Filing Program In keeping with its efforts to make Bank Secrecy Act (BSA) filing requirements more secure, efficient, and effective, the Financial Crimes Enforcement Network (FinCEN) today announced its intention to retire the BSA Magnetic Media Filing Program. Current Magnetic Media filers must transition to BSA Electronic Filing (E-Filing) no later than December 31, 2008. More information about FinCen’s intentions can be found at http://www.fincen.gov/news_room/nr/html/ 20080721.html The Netherlands New Act on the prevention of money laundering and terrorist financing On August 1, 2008 a new law on the prevention of money laundering and terrorist financing (“WWFT”) entered into force in The Netherlands. The WWFT (“Wet ter voorkoming van witwassen en financieren van terrorisme”) is the Dutch implementation of the third EU Directive on money laundering. The new Act introduces a number of significant changes relative to the current legislation, particularly in the field of customer due diligence and ongoing monitoring. The most important change in this regard is the introduction of a riskoriented approach as the guiding principle. All customers and usages of products and services should continuously be assessed in terms of risk exposure. A summary can be found at http://www.netpractice.org/ dutch_regulatory_update.aspx Page 9 | NetPractice Exchange
Featured Functionality Profiling at the Customer Level Increasingly, financial institutions are required to monitor activity at the customer level in addition to the account level. A simple example of this is the requirement to file a suspicious activity report if a customer's activity across multiple accounts in a single day exceeds a pre-established threshold. In NetEconomy version 4.2 a new functionality has been added for customer-level profiling that allows financial institutions to monitor the activity of a single customer across multiple accounts. Customer profiles can be generated based on the customer number, the tax identification number (TIN), or another unique customer-key. The customer profiles are generated based either on the customer information delivered in the transaction stream or on information in the relationship table. For the first scenario, the customer number, tax identification number, or customer-key needs to be delivered in the transaction stream to identify which customer executed the transaction. Based on the customer identifier delivered in the transaction stream, the software will generate or update the corresponding customer profile(s). For example, if customer John Smith with customer number CUS001 performs a cash withdrawal on a joint account and this information is provided to the software in the transaction stream, it will automatically update John’s cash profile, but not the profile of the second account owner of this joint account.
Figure: Customer profiling per transaction code
Page 10 | NetPractice Exchange
For the second scenario, the software will generate customer profiles by aggregating the activity of the accounts related to the customer. For example, a customer profile can be generated based on the activity on all accounts for which the customer is the account holder, or, in an insurance company, for all policies for which the customer is the policy owner. For example, if account ACC001 has two account holders and one of the account holders performs a transaction, the software will automatically update the customer profiles of both account holders. Profile types can be configured as active or inactive for both account profiling and customer profiling. Only profiles with an active type will be updated during the transaction stream import process. Additionally, it is possible to indicate per transaction code whether account-level and/or customerlevel profiles most be generated (see figure). For instance, if a financial institution would like to monitor cash activity at customer-level and not at account-level, it is possible to turn the cash profile on for customer-level profiling and turn it off for account-level profiling. A new version of the transaction stream has been created for the purpose of customer profiling. This new transaction stream must be used in conjunction with this new functionality. Please refer to the Data Requirements document for more information. Please contact your account manager if you wish to receive more information about customer centric profiling, or send an email to info@netpractice.org.
IT How to Change the Font Size on Your NetEconomy’s Financial Crime Suite Desktop Because it might be preferable for some people to have a larger font size for the NetEconomy’s Financial Crime Suite desktop, NetEconomy now offers a larger font size to make it easier for users to read the alerts and case management. For example: Change Password — Change Password This article describes how to customize the appearance of your NetEconomy desktop by changing the font size to meet your own preferences. You need to have an IT administrator authorization level to complete the following steps.
CORNER
6) Click on the “Skin” option and select “BigFontDefault” to change your font size. NOTE: Font changes are not automatically updated when you upgrade to a newer version of NetEconomy. Please repeat these steps when you want to update the font size. This feature is not available to all configuration environments, please consult your Fiserv provider with specific questions.
How to change the font size To change the font size, follow these steps: 1) Create a new folder which you can name, as an example, “BigFontDefault” in the folder directory: [DRIVE]:\Inetpub\wwwroot\AML\Images\Skins 2) Copy all files from [DRIVE]:\Inetpub\wwwroot\AML \Images\Skins\Default folder into the new folder “BigFontDefault”. NOTE: If you do not use the NetEconomy’s default layout setting (Default Skin), please copy the files of your preferred desktop layout to the new folder. 3) Open all files with extension .css in the “BigFontDefault” folder (four files in total) with your text editor. 4) Search for “font-size: 11px”, and change the size of your pixels to 13px and save the files. Please note that you have to change the font size in every location. 5) Open your NetEconomy Financial Crime Suite and select “My settings” in the left menu bar.
Volume 2, No. 2, 2008
NetPractice Exchange This newsletter is a quarterly publication by Fiserv Fraud and Compliance for NetPractice members and others interested in NetPractice or Fiserv Fraud and Compliance in general. NetPractice Advisory Board Florisela Bentoera, CAMS, Manager Compliance and AML Operations, RBTT Dutch Caribbean, Curacao, Netherlands Antilles Deborah King, CAMS, VP Director AML Investigations, Citizens Financial Group, Medfort, MA, USA Michiel Peeperkorn, CAMS, Compliance Officer, ING Bank, Amsterdam, Netherlands Saskia Rietbroek, CAMS, Financial Crime Advisor, NetEconomy, Miami, FL, USA (Chair) Cindy Shelton Ryan, CAMS, Compliance Officer, Bank-Fund Staff Federal Credit Union, Washington D.C., USA Aleksejs Truhans, IT Development, Parex Banka, Latvia
Figure: My settings window
NetPractice Staff Director: Stanley Harmsen van der Vliet, CAMS Marketing Coordinator: Roos Goosen This newsletter is for general information purposes only. The views expressed in this newsletter are not necessarily those of Fiserv Inc. Fiserv Fraud and Compliance has taken all reasonable measures to ensure that the material contained in this newsletter is correct. However, Fiserv Fraud and Compliance offers no warranty and accepts no responsibility for the accuracy or the completeness of the material. In publishing this newsletter, neither the authors nor Fiserv Fraud and Compliance are engaged in rendering legal or other professional advice. NetPractice Loire 200-202 2491 AM, The Hague The Netherlands Tel: +31 (0) 70 452 5448 Fax: +31 (0) 70 452 5444 info@netpractice.org www.netpractice.org
Page 11 | NetPractice Exchange
Poll Question Responses to last month’s poll question on www.netpractice.org were: Who decides whether or not to close an account after filing a suspicious or unusual transaction report?
The poll question for next month is: After how many SARs/STRs do you typically close the account? •2 •3 • No specific limit, we can’t close the account Please submit your vote at www.netpractice.org
Senior management (49.43%) Compliance officer (28.74%) Can’t close because of legal restrictions (16.09%) Relationship manager (5.75%)
Calendar of Events ACAMS 7th Annual International Money Laundering Conference & Exhibition The Market Drive Towards Fraud and Compliance Convergence, presented by Celent ACAMS European Money Laundering Conference and Exhibition
Las Vegas, NV www.acams.org
8-10 September 2008
webinar www.netpractice.org
17 September 2008
Prague www.acams.org
17-19 November 2008
Contact
NetPractice, Loire 200-202, 2491 AM The Hague, The Netherlands Phone: +31 (0)70 452 5440 Fax: +31 (0)70 452 5444, info@netpractice.com ©2008 Fiserv, Inc. 4/08