Commercial Newsletter

Identifying Risks and Mitigation Techniques for RDC Commercial Users

by Caitlyn Mullins, AAP, APRP, NCP, Manager, Audit Services, EPCOR

Remote Deposit Capture (RDC) is a deposit transaction delivery system that allows an organization to send deposit documents from remote locations via image-capturing software to the organization’s financial institution. An organization uses its financial institution’s RDC software, and a scanner connected to a computer at its on-site location or a mobile device, to take an image of the check. If you’re a corporate user of RDC services, there are multiple risks that you are responsible to mitigate. Mitigating these risks by implementing strong controls and procedures can ensure the safety and security of your organization, as well as aid in your financial institution’s risk management program. So, how do you introduce risk mitigation techniques? The first step is to educate staff on check basics, how to read a check, and how settlement occurs.

Reading a Check

Here’s a breakdown of check lingo, what each term means, and where you can find the information on a check.

• Payer Name: Party ordering the payment.
• Date: The check must not be processed for settlement prior to the date written on the check.
• Payee: Party receiving the payment. Checks must be made payable to the organization’s name.
• Legal Amount: Written in words.
• Courtesy Amount: Written in numbers—in the event the courtesy amount does not match the legal amount, you must uphold the legal/ written amount.
• Payer Signature: The signature of the authorized signer of the payer account must be present.
• Paying Bank: Institution holding the Payor’s account.
• Memo Information: Optional field that may give you more information about the payment.
• Magnetic Ink Character Recognition (MICR) Line: Descriptive check information comprised of numbers and symbols printed in the specific font that allows the check to be processed for settlement.
• Endorsement (Not Pictured): The payee must endorse the back of a check. Most financial institutions require a restrictive endorsement of imaged checks by writing “For Mobile Deposit Only at Financial Institution” with the deposit date, MM/DD, YY.

Settlement

Although your financial institution may credit your account the same day or the next day after you make your check deposit, this doesn’t mean the checks have cleared settlement. Once your financial institution receives your deposit, they send those items/ check images to their operator, who receives the images and then the checks are dispersed to the respected paying institutions. The paying institutions post the checks, or, if the check is unable to be processed, return the check back to your depositary institution. Depending on your financial institution’s policies and procedures, the actual settlement process of individual checks can take several days.

Risks

Understanding the risks associated with RDC processing will allow you and your staff to identify and implement risk mitigation techniques.

• Credit—Credit risk arises when a party will not settle an obligation for full value. Checks can be returned by the payer’s institution because of insufficient funds, a closed account, a stop payment order, forgery, fraud, or other payment irregularity. To mitigate credit risk, management should establish appropriate risk-based guidelines to monitor returned items, recognize deposit limits, establish returned check procedures, and disclose returned check policies to the payor.
• Fraud—Risks can arise with the RDC product when fraud is perpetrated by employees or by external sources. An organization is exposed to the risk of fraud when a wrongful or criminal deception leads to a financial loss for one of the parties involved. The risk of fraud can be managed effectively with the use of security controls, fraud monitoring tools, and training to identify fraudulent items. Check fraud is on the rise, and it is crucial to train staff on how to detect and mitigate fraud.
• Operational—Operational risk may arise from the organization failing to process a transaction properly, having inadequate controls, an employee error, a computer malfunction, natural catastrophe, internal or external fraud, etc. Operational risks can be mitigated with policies and procedures, security controls, and business continuity planning.
• Legal and Compliance—Legal and compliance risk arises from failure to comply with statutory or regulatory obligations. Safeguards must be in place for compliance with existing consumer protection statutes, regulations, and state laws. Legal and compliance risks can be mitigated by regulatory and consumer protection obligations, commercially reasonable agreements and audit requirements. Additionally, management should provide payors with appropriate disclosures of the organization’s policies.
• Due Diligence and Suitability— Management should establish appropriate risk-based guidelines to qualify and monitor employees with access to RDC software. For new and existing employees, a suitability review should involve consideration of the employee’s job functions, trustworthiness, and education. Due diligence and suitability risks can be mitigated by background checks on employees, annual reviews, ongoing education, and vendor management procedures.
• Information Security—Organizations must evaluate the information technology and information security risks associated with RDC. Organizations must adjust their information security programs considering any relevant changes in technology, the sensitivity of client information, internal or external threats to information, and their own changing business policies. Information security risks can be mitigated by adequate physical and logical assessment controls and a business continuity plan that addresses RDC activity.

Risk Mitigation Techniques

Implementing Security Controls:

• Complex usernames and passwords for each staff member authorized to use RDC software.
• Restricting access to RDC software to only necessary staff.
• Performing background checks on staff with access to RDC software.
• Updating all software on a consistent basis.
• Implementing dual controls.
• Secure storage and disposal of check items.
• Deposit limits (including number of items and amount).

Periodic Training on Important Topics:

• RDC software procedures.
• Your financial institution’s policies and procedures.
• Basic check knowledge.
• Current applicable laws and regulations.
• Current fraud trends.
• Identifying fraudulent checks.
• Identifying common security features of checks, including:
  • Watermarks and security threads.
  • Microprinting and holograms.
  • Chemical reactivity and security inks.

Other Risk Mitigation Techniques:

• Periodic maintenance of scanner equipment.
• Ensuring all software is updated.
• Malware/virus protection.
• Business continuity planning.
• Vendor management policies and procedures.
• Monitoring reports.
• Establishing returned check procedures.
• Disclosing returned check policies and fees to the payor.

An organization utilizing RDC services should develop adequate policies and procedures that address the specific risks associated with RDC activity, including security procedures, monitoring system-generated reports, ongoing education, fraud monitoring, audit standards, and due diligence practices. Understanding RDC processing and how to identify, as well as mitigate, risks will ensure your organization is getting the most out of your services.

Interested in having expert eyes on your organization’s RDC program? Reach out to EPCOR at advisoryservices@epcor.org for more information and a free, no-obligation quote.

A FAST Comparison of Faster Payments Options

by Sharon Hallmark, AAP, Director, Payments Education, EPCOR

Faster payments provide greater convenience and efficiency for individuals and businesses by enabling the instant, or near-instant, transfer of funds. This speed helps in time-sensitive situations, such as paying bills, making urgent purchases or settling financial obligations promptly. This payment type also reduces reliance on traditional paper-based methods, like checks, which can be slow and cumbersome. By embracing electronic transfers, businesses can streamline their operations and reduce administrative costs.

According to the Faster Payments Council’s Faster Payments and Financial Inclusion whitepaper, when it comes to financial inclusion, faster payments also provide easier access to banking services for underserved populations. The ability to send and receive money quickly and securely enhances economic participation and supports economic growth. They also have the power to bolster the overall economy by improving cash flow and liquidity management. Businesses can better manage their working capital, optimize supply chains, and make informed investment decisions, ultimately driving economic productivity.

So, what are your options for faster payments?

Faster payments include Same Day ACH, instant payments, and push-to-card options. The two instant payment options are The Clearing House’s RTP® Network and the Federal Reserve’s FedNow® Service. The two push-to-card options are Visa Direct and Mastercard Send.

Now, let’s look at what differentiates these faster payment options. The choice of a faster payment option depends on various factors and can vary based on individual preferences and specific requirements. Here are a few considerations to help you decide what’s right for your organization:

1. Speed: Different payment options offer varying levels of speed. Assess the urgency of the transaction and choose a payment method that aligns with your desired timeline. Some options provide instant or near-instant transfers, while others may take hours or even a day.
2. Accessibility: Consider the availability and accessibility of the payment option. Determine if the receiver has access to the chosen payment system or platform. It’s essential to ensure compatibility between the sender and receiver’s accounts.
3. Transaction limits: Check if there are any transaction limits or restrictions associated with the payment option. Some methods may have limits on the amount you can transfer, which could impact your decision if you’re dealing with larger sums of money.
4. Cost: Evaluate the fees associated with each payment option. Some methods may charge transaction fees, while others offer free or low-cost transfers. Consider the cost implications and choose an option that aligns with your budget and cost-effectiveness.
5. Security: Ensure the chosen payment option provides robust security measures to protect your financial information and transactions. Look for encryption, authentication protocols, and fraud prevention measures.
6. Integration: Evaluate if the payment option integrates well with your existing financial systems. Seamless integration can simplify payment processes and enhance efficiency.

It’s important to assess these factors based on your specific needs and priorities. It’s also helpful to keep up with the latest developments in the payment industry to stay informed about new and emerging faster payment options.

And remember, your financial institution is your biggest cheerleader and will be there to help you along the way! Reach out to them and they will be happy to help you decide what is the right option for your organization and situation.

EPCOR is a not-for-profit payments association which provides payments expertise through education, advice and member representation. EPCOR assists banks, credit unions, thrifts and affiliated organizations in maintaining compliance, reducing risk and enhancing the overall operational efficiency of the payment systems. Through our affiliation with industry partners and other associations, EPCOR fosters and promotes improvement of the payments systems which are in the best interest of our members. For more information on EPCOR, visit www.epcor.org.