You will also want to establish an appropriate funds availability
policy. While Regulation CC specifically only covers funds availability for deposits of cash and paper checks (including substitute
checks), it will continue to set the baseline for funds availability
for RDC. RDC funds availability is primarily a matter of contract
between your bank and its customers, so be sure that all agreements set clear and reasonable expectations for your customers
in order to avoid potential unfair, deceptive, or abusive acts and
practices (UDAAP) issues.
Regardless of whether Regulation CC funds availability rules
apply to your RDC transactions, the rule still requires banks to
disclose the funds availability policy to its customers. You will
need to determine if your bank’s availability policy applies to
RDC as currently written or if it should be amended based on
the specific parameters of your RDC agreement with customers.
RDC as a product also raises money laundering concerns
because it presents an easy way to launder money without much
human intervention. You may want to limit your Bank Secrecy
Act (BSA) risk by excluding some items from the RDC program.
For example, you may prohibit deposit of personal money orders
because there are no restrictions on issuers. You may also consider
restricting allowable checks to U.S.-based institutions. Other limits
you may want to consider include third party checks, checks to
cash, and travelers’ cheques. You may also want to impose daily and
monthly dollar limits to make money laundering less appealing.
As with mobile banking in general, you will want to consider
new suspicious activity monitoring protocols when you implement
RDC. If deposits are coded specifically as RDC, you can review
how quickly customers move funds out after an RDC deposit to
watch for U-turns and possible layering. You will also want to note
how often deposits are made via RDC as opposed to previously
established patterns. Garden variety issues, such as check kiting
and depositing fraudulent checks, can also be a concern. Be sure
your RDC agreement allows you to remove a customer’s right
to participate if they abuse the service.
Active Players in the Mobile Space
BANKS AREN’T THE ONLY PLAYERS gaining traction in the mobile environment. In the United States, cell phone providers and other alternative payment processors are
also taking the lead in mobile innovations. Who’s on first, you
ask? Read on:
■ ■ Google Wallet is a cooperative that also includes Sprint,
Citibank, and MasterCard.
■ ■ The Visa wallet includes 14 banks in the United States and
Canada.
■ ■ The Isis Mobile Wallet includes AT&T Mobility, T-Mobile USA,
and Verizon Wireless plus Visa, Mastercard, Discover, and
American Express.
■ ■ Last year Bank of America, Wells Fargo, and Chase created
clearXchange to allow Person-to-Person payments between
their customers.
Vendor Management
In order to get a jump on the mobile market, and particularly
RDC, you must either have a strong internal team or contemplate
using a vendor. Most banks have opted for the latter.
If you are considering a vendor to assist you with your mobile
banking program, you will first want to perform due diligence on
the vendor to ensure you are working with the right one. Consider
first how the vendor is licensed. Are they another bank subject to
the same regulatory scrutiny? And if not, who is their regulator?
Also ask whether the vendor has an internal compliance function. If so, ask to talk to those individuals and see a copy of their
compliance program and associated control documents. You will
also want to ask if the vendor supplies other banks. If so, it may
add to your comfort level. Finally, consider whether the vendor
has a proven track record creating solutions that integrate with
your existing core system.
In addition to learning about the vendor, you will also want to
ask questions about their product. For example, can you tailor it
to your bank or will it be “out of the box?” You will want to learn
what controls the vendor includes in their “mobile package” and
if the vendor is willing to consider adding controls to meet your
needs. Some controls you should ask about include whether the
vendor performs OFAC scanning and if the standard controls
include monitoring for policy adherence (The vendor is in the
best position to monitor mobile activity, particularly with RDC.).
If so, make sure that you can maintain oversight through periodic
samples of their monitoring. You will also want to obtain regular
reports of the monitoring to demonstrate their controls are viable.
At minimum, you will want to see reports concerning:
■ ■ BSA controls /results;
■ ■ distribution of checks presented, including the largest item;
■ ■ number of and date of returns; and
■ ■ number of checks being rejected and the reason why.
Other Regulatory Considerations
While banking regulations are important for compliance officers,
other entities may be patrolling the mobile space that you should
be aware of, including the CTIA-The Wireless Association.
Wireless providers currently have no federal laws regarding
protection of customers who utilize mobile banking services. Note
that Consumer Identification Programs do not apply to them.
However, CTIA has issued guidelines for Mobile Financial Services
(MFS), which includes mobile banking, mobile payments, and
mobile commerce. These guidelines for MFS providers include:
■ ■ using industry standards to authenticate user identity and
user authorization;
■ ■ maintaining controls that allow end users to select preferences
for banking alerts and notices;
■ ■ disclosing liability limits for unauthorized and fraudulent
transactions ( While wireless carriers are probably not subject
to Regulations E or Z, they are subject to the Truth in Billing
Act, an FCC Rule.);
■ ■ obtaining affirmative consent for enrollment of users;
■ ■ providing users with enough information to ensure they can
make an informed decision before incurring a charge. (For
example, a user may incur a usage charge for text messages
or data plan usage.);
