Watch Out for Check Fraud in Remote Deposit Capture Programs

With the holiday shopping season nearing its end, it helps to remember that the law governing payments is not only about how money flows out of an account, but also how that money flows in. Remote Deposit Capture (RDC) technology, which allows for the electronic delivery of scanned checks to a bank for posting and clearing, has been a recent topic of discussion among federal regulators and industry analysts as the technology is increasingly offered to consumers. Why all this attention?  The attendant fraud that is sure to follow the widespread offering of RDC in consumer applications, including various mobile programs. Specifically, the increased use of RDC has apparently led to an increase in reported fraud, leading federal regulators to remind RDC providers of their obligation to mitigate against such risks. In its recent October 2011 SAR Activity Review, FinCEN found that RDC-related SAR filings increased from 2 in 2006 to nearly 300 in 2010, with over 240 SAR filings reported in the first half of 2011 alone. While this represents only a small percentage of overall SAR filings, the trend has led FinCEN to remind providers that the use of new technologies to provide innovative banking services, like RDC, warrants robust risk management measures. In particular, FinCEN cited to the 2010 Exam Manual, which highlights the risk factors and mitigants associated with electronic banking like RDC. In addition, the FFIEC 2009 Risk Management of Remote Deposit Capture offers an even more comprehensive analysis of the legal and operational risks factors that RDC providers should consider, including customer/vendor due diligence and suitability, training, contractual mitigants, business processes, and monitoring systems.

As RDC becomes more widespread for consumer and mobile applications, familiarity with the FFIEC's Risk Management guidance and the 2010 Exam Manual will become increasingly important.