Understanding Wire Transfer Red Flags: Money Laundering and Fraud Risks
Wire transfers have long been the tool of choice for money launderers and fraudsters. To mitigate these risks to the financial institutions they serve, AML compliance and fraud professionals must understand how wire transfers work, both in the U.S. and globally, as well as be able to recognize the red flags in wire transfer transactions that may indicate money laundering or fraud is taking place through a customer’s account.
In this webinar, Laurie Kelly, CAMS shares her knowledge and experiences gained from 20 years in leading the AML, fraud, and sanctions compliance functions for a $130 billion U.S. financial institution that processed 12,000 to 15,000 wire transfers per day.
Attendees will learn about the mechanics of wire transfers, both in the U.S. and globally, and how wire transfers differ from other types of money movement methods. She will then discuss the FinCEN “Travel Rule”, as well as sanctions screening best practices for wire transfers. Finally, Laurie will explore the money laundering and fraud risks and red flags associated with wire transfers and ways to mitigate them.
Here are the questions and answers from the event.
Q: Is an ACH transaction reversible?
A: If it’s a fraudulent transaction, if it’s an incorrect amount or an incorrect account number, it can be reversed. Wire transfers are not typically reversible and that’s because it’s an ad hoc, a single transaction. It has to do a lot as well with the legalities behind it being sort of a non-negotiable transfer that has been completed through a payment order and then settled immediately. And that has just historically been the nature of wire transfers.
Q: How would implementation of the ISO standard on Fedwire mitigate existing AML weaknesses in the system?
A: The primary benefit that I see that it would have is it’s going to clean up the address records on wires because, as I described in our world with Fedwire, today, it’s just 3 35-character lines. And so I have seen addresses that there’s no way that our AML systems could make any sense of them because they’re cramming all this information into these three lines of text whereas, the ISO standard gives you a separate field for each separate component of an address, including a field for a country.
Therefore, your systems can take that data that is in all these nice separate fields, and then look for specific countries or look for specific addresses. So, you are able to more pinpoint, is this normal activity for this customer to be sending a wire transfer to this country or receiving a wire transfer from this other country? And it helps tangentially with OFAC screening, as well, because you can be screening for an address of a sanctioned party as well, as the name.
Q: Has industry demand for same-day, versus the phased implementation of ISO 20022 inadvertently, but unnecessarily, delayed implementation and the benefits of the enhanced message format?
A: That’s definitely what delayed them. Because when the Fed was originally planning to roll this new standard out in phases, it would have just made this huge mess because they would implement it in, you know, okay, this group of banks would do it, but everybody else would not be on it, yet. And then six months later, another group of banks would do it, and then there’d still be this… You would have two versions of the same message, two versions of one type of wire transfer that would be bouncing around.
So, on the receiving end, you’d have to be able to accommodate both of those. So, that was when just based on so much pushback from the international payments community said, “You just cannot do this in a phased approach. It has to happen all at once so that everybody’s ready and you just say go and now everybody’s using the new standard.”
And so it took them a long time to even… Actually, this last time that I checked on the most recent update where it said that because of COVID, that they weren’t going to even put forth a plan until the end of this year at the earliest, that they’re having a hard time figuring out how they’re going to do this is what I think. So, yes, it did create a big mess.
Q: What are the differences in process when the transfer is an international one? So, for example, a U.S. bank to a bank in the Caribbean using a correspondent bank in the United States. There seems always to be difficulty in putting both information on the correspondent bank and the information for the local Caribbean bank. Why would that be?
A: I guess, one part would depend on what type of systems are being used. So, is the U.S. bank using Fedwire? And then their U.S correspondent has to convert that Fedwire message into a SWIFT payment message that then they can send to the bank in the Caribbean who’s their correspondent, or that has a correspondent relationship.
So, it’s that where we get hung up on things and it becomes so difficult is, in my opinion, that conversion process because there’s some, but there must be some type of mapping of Fedwire field to SWIFT message field. But, for example, especially with those address fields, that’s what… I honestly don’t know how they do that, how they are able to break out into all those different address fields on the SWIFT payment message, how to parse those out from three lines of characters that have all been crammed into the Fedwire message.
And it’s the same on the Fedwire message with any address, so the bank address. We typically put bank addresses on our wire transfers, and a bank’s address is the same issue. So, that conversion process is what I think maybe that creates the biggest problem. And then on the receiving end, then that bank in the Caribbean has to interpret what was converted in the first place. So, hopefully, that answers the question.
Q: What field do you need to scan in the SWIFT message?
A: I would say all of them. You want to know the dollar amount because that is going to be something that could come into play in your suspicious activity monitoring, if it’s an unusual dollar amount. And then just who are all the parties involved? That is really where the focus should be, for us is, in the AML is who are all the banks involved? Where are they located? And who are the parties involved? So, those are the key fields.
Q: What does MSBs use for wire transfers and why are they faster than traditional banks?
A: That really depends on the MSB. They are typically connected to a bank. It likely depends on what service you pay for when you go to use an MSB. You may say, “I want a wire transfer,” or you may say, “If I can wait till tomorrow,” they would do an ACH, which would be cheaper than a wire transfer.
I am not a big expert on MSBs but if the payment is being processed between two branches of the same MSB, let’s say Western Union to Western Union, then it happens very fast because they’re just doing accounting entries. So it can happen instantaneously because it’s all the same big company, and they’re recording a payment on one end and a receipt on the other end. And just due to, due from in those particular branches, I would imagine that can happen instantaneously.
Q: How would you evaluate companies, so agricultural goods sellers and buyers, who often hedge their own risks from the trade-based money laundering or sanction risk perspective?
A: Let me just say that being very familiar with agricultural commodities, companies, they often hedge their prices by purchasing futures contracts. So, they’re maintaining buy contracts and sell contracts for the future at given prices to make sure that they’re protected, their price is protected in the future.
For businesses you are looking at, you want to understand what the nature of their business is. What is their expected activity? What countries are they exporting to or are importing from? That would tell you what countries you should expect to see payments from or to.
What is their anticipated volume of wire transfer activity versus ACH activity? Then all of those can be evaluated. Does that make sense for the nature of their business when you are onboarding them? And then on down the road, does the actual activity that you’re seeing, that they’re doing, does that match up to what they said they were going to be doing?
Q: From the sample wire, MT103, in your presentation, in which your originator’s in India and the bank is in the U.S., and the MT is in Canadian, hypothetically, the beneficiary does not have a Canadian office. The payment might be suspicious as a money laundering transaction. Do you think that the staff should do more due diligence before filing a SAR? Should the staff think like this way to do due diligence for the payment transaction?
A: Yes, I think that example is very suspicious for those particular reasons. I mean, their physical location is in Boston, but they’re using a Canadian bank. So, what’s going on there? Exactly. So, additional inquiries should be made on that payment and prior to filing a SAR.
Q: In working fraud wires at our bank, when we request funds back due to fraud, most banks require Hold Harmless Agreement from us to return any available funds, but there are some banks that do not. So, are they necessary?
A: The Hold Harmless Agreements are very common because of that finality of the payments on wire transfers. At my bank, we ended up signing many of these because the bank has posted the funds that were sent that turned out to be fraudulent to the recipient’s account. The recipient has not yet pulled the money out. So, we are asking that bank to freeze those funds. And so if it turns out that this wasn’t fraud, or for some reason, you know, the transaction was legitimate, then they want to make sure that their customer cannot go after them for freezing those funds.
The Hold Harmless Agreement is saying, “Okay, if our customer comes after us, you’re the one to blame, you bank who requested these funds back, not us.” But I’ve never had any kind of an issue with that because you know that it’s going to be fraudulent before you even attempt to reverse that wire transfer or request the funds.
And a lot of times a bulk portion of the money has been withdrawn. I have gotten partial repayments on fraudulent wires because the party at the other end was sitting there waiting for the notification to come through. And then they’re right there at the bank to withdraw the money.
At one point, we had a large ACH batch that was created fraudulently through malware that had gotten on the customer’s computer. So a fraudster was able to get in and create this ACH batch and he sent a dozen different payments of just under $10,000 to a dozen different people at a dozen different banks.
Once it was discovered, we had to contact each one of those banks to see if we could get the money back or put a freeze on it. In one case, the bank had frozen this one guy’s account. Then, another thing you have to do when you have signed these Hold Harmless Agreements is that you have to provide a contact person at your bank in case their customer wants to know is going on.
Q: How long does the bank have to reverse an ACH payment?
A: On a consumer account, I think it’s 30 days. On a commercial account, though, it is 24 hours. Commercial accounts, in general, have far fewer fraud protections than consumer accounts do. Therefore, commercial accounts often need to purchase additional fraud protection services from their bank that will help to detect fraudulent payments and be able to reverse them within that pocket window of time. They are called Positive Pay systems or tools and they are typically used with checks, as well as ACHs, and the commercial customer, provides the bank every day with details of every payment they issued, every check that they issued, and every ACH payment, and then the system will match those up as they clear.
If the details of a check doesn’t match up with the amount, the check number, and the date, then it’s going to kick that out for the customer to review. And the same with an ACH as well. So, it’s typically on the ACH debits that are primarily what they’re looking at. But either way, the commercial accounts do need those added protections to help prevent fraud.
Q: Can Fedwire be used for marijuana-related funds?
A: Sure. There’s no restriction on the purpose of a wire transfer. And if you have, you’re banking a marijuana business, and they want to move money on and off their accounts through wire transfer, absolutely. If you’re banking marijuana customers, there are specific reporting requirements that you, as a financial institution, have if you are in the U.S., at least. But the actual transaction, no, there would not be any kind of prohibition on that.
Q: What is the main reason why small banks would use a correspondent relationship instead of direct access to SWIFT or CHIPS for wire transfer transactions?
A: Well, first of all, CHIPS, as I alluded to, is like a club of the very biggest banks, so it’s pretty restrictive. So, a small bank would not typically be a member of CHIPS. A small bank may not be a participant on Fedwire potentially because if they’re located, say, in a rural area where they have very few requests for wire transfers, they may just not need to have that access because it does cost money to the bank to be a Fedwire participant and then every transaction has fees associated with it as well that the bank is charging. So, it may just be easier for them to have this correspondent relationship set up on the occasion that they need to do a wire transfer.
Q: Should financial institutions still complete an OFAC check on domestic customers when receiving and/or sending a wire transfer?
A: So, typically, you would be OFAC screening your customers ordinarily as a part of your overall customer due diligence and your OFAC compliance program. So, whether or not you wanted to OFAC screen your domestic wire transfers, in general, would be a risk-based decision that each institution would make because OFAC has no specific regulations about what, when, how, or if you should even screen anything.
There is simply no regulations out there. So, each bank makes a decision for themselves. But a best practice would be that if you can clearly identify your domestic payments, there may be less risk from you not choosing to screen those for OFAC because OFAC is foreign parties for the most part. But a lot of institutions simply take a, maybe a simpler approach and say, “We’re just going to OFAC screen all of our wire transfers so we don’t have to be concerned about splitting out the domestic ones from the foreign ones. And that way we can ensure that nothing slips through the cracks.”
Q: Is the original bank the only bank that conducts a KYC review of a customer, or do all related banks in the transaction conduct KYC reviews on the originator?
A: Typically, KYC is done by the institution that holds the account. So, whose customer that is. So, then the other banks are relying on the KYC performed by that bank.
Q: Does wire stripping fall under money laundering risks related to wire transfer, especially where the intention is sanction evasion?
A: What payment stripping is typically related to sanctions and evading sanctions. So, a large foreign bank would willingly process a, and these were typically SWIFT payment message, say that it originated from someone who was in a U.S.-sanctioned country or it could potentially even be OFAC-sanctioned party.
So that payment message would come to this foreign bank. And they literally had desk procedures for their employees to strip out or erase any text on that wire, those SWIFT payment instructions, that referred to a sanctioned party or a country.
Then they would pass the SWIFT message on to the U.S. institution who would be OFAC screening it. Now, nobody would pick up any kind of OFAC hit because the party names or country names that had been in the payment message had been stripped away. So, it really is primarily a sanctions violation type of activity.
Potentially, it could be connected to money laundering because the underlying transaction itself may have been money laundering related. But the primary focus of it was to get these payments from sanctioned foreign parties into the U.S. without any kind of OFAC problem or hits or rejections.
Q: What do you say to a financial institution that does not include a very good description narrative for the purpose of the wire?
A: The purpose of the wire field, is entirely optional. And it’s also driven by your customer. So, your customer may choose to not put anything on that wire as to the purpose of the payment and they don’t have to. I mean, there is no legal requirement that that type of information be included.
Now, some banks may choose to establish their own policy, which they are completely free to do, that may require every customer to put a purpose of the payment on the wire. And that’s perfectly acceptable. But a lot of banks don’t.
And especially nowadays, with more and more wire transfers being able to be originated without a bank employee’s intervention when they’re done through an online banking system, for example, that nobody else is touching it, no human is interacting with the customer, they’re simply entering the information that’s mandatory, and then out the door it goes. So, it’s frustrating, especially for AML professionals as well when you’re analyzing payments, wires in particular that there’s no explanation for what it’s for.
Q: If a wire transfer arrived from a bank account which previously had a suspicious activity, do you consider this as suspicious activity?
A: Again, that all depends on what’s been going on in that account. If it is an account that does not typically see wire activity, and they have other types of suspicious activity, then that wire transfer could just add to that overall case for there being something funky going on in that customer’s account.
Q: You discussed the differences between wire funds and ACH, can you summarize how risks vary between the two?
A: In terms of money laundering risks, I think wire transfers present a greater money laundering risk because they are more effective and they are more popular with money launderers for the reasons I talked about. Not to say that ACH could not be used in money laundering or fraud because I have seen it used in both, but it takes more effort to set up an ACH batch and get it into the payment processing network and then there is the timing involved.
One thing I have always felt though is ACH is constantly competing with wire transfers – they want to take over the whole payments industry, so when same-day ACH came out, that was the big concern of many AML professionals because now you have eliminated the factor that made wires more desirable as well because wires were same day, ACH was, at a minimum next day.
And the fact that ACHs have more controls in them – they are not irrevocable, per se. That makes them less amenable to money laundering, but I would say they are popular with fraud. Frequently we would see fraudulent ACH debits where a customer’s account would be debited fraudulently.
Often times it was people who got a hold of their number. All you need is that account number which is on the checks that they issue. You already have all that information, so sometimes somebody would say were behind on their visa bill or their phone bill and they would go in an online banking payment application and they would put in a customer’s account number as theirs – and then the phone company would tap our customer’s account to pay that person’s bill. Now it is going to be caught, obviously, but it gives them another month before that happens. ACH is used more for fraud; wire transfer is more for money laundering.
Q: Is a wire transfer considered an EFT for regulatory purposes?
A: It is one type of EFT
Q: If a bank is a Fed member, they can use Fed wire, correct?
A: There is different levels of Fed membership. Every bank needs to be a member of the Fed if they are going to clear checks, clear ACH and if they choose to, to use Fed wire.
Q: So if they are not Fed member, they can still use Fed wire by going through a correspondent bank, right?
A: Right. So they can still get their customers wire transfer processed, it is just someone else has to help them, another bank has to help them by putting it into the system for them.
Q: If a bank uses a correspondent, should we ask their frequency of settlement with the correspondent, or is or is it always monthly?
A: That really depends on the correspondent relationship and agreement that has been established between the two banks. And I have seen anywhere from weekly or even daily settlement.
It just depends on probably as well the risk assessment that one the bank that is providing the correspondent services to the bank that does not have that wire access, for instance, what is their risk assessment of that bank.
So, if they consider them a little bit more risky, they may say, we want you to settle up with us once a week or twice a month or something like that.
It just all depends on that specific relationship that’s been established with that correspondent.
Q: CHIPS – is it like an escrow in a way that it settles accounts?
A: I would not really call it escrow. All the banks enter their transactions during the day and it’s beginning of the day and the system sort of queues them all ups and starts netting them.
As they initiate more outgoing payments to other banks and the system, the system is going to take down that credit balance and increase the credit balance of the other banks.
And then at the end of the day, we have closed off wires for today. Let us look at where every bank’s position is and if one bank is in the hole, then they have to bring that money in. They could use some of their security deposits. And if that is not enough to cover it, then they need to go to Fed or into CHIPS to cover the rest of it. Or if they don’t do that, then they have to say they still owe one bank still a certain amount.
And then at the end of the day, they say, OK, let’s settle up.
Q: Can banks only have one single correspondent bank?
A: I suppose so. If they are doing global transfers, they would need relationships in different countries with different banks.
Q: If each bank has a responsibility to adhere to the travel rule, how do you avoid having the information stripped in the process?
A: So the responsibility to populate the wire transfer with all of the travel rule required information is on the originator bank.
The receiving bank has no responsibility to say if something is missing, go back to the originator bank and say, you left off the originators address or something like that.
That is not their responsibility. The receiving bank is only supposed to just keep a record of what information they got from the originating bank.
Q: What kind of transaction testing would you recommend for BSE examinations? A financial institution, when reviewing wire fund transfers beyond reviewing the policies?
A: You could do a sample that would definitely be something you would want to do as a random sample of outgoing and incoming wire transfers. Especially, on the outgoing side, looking to see if the bank is complying with the travel rule and what fields they are populating.
Then, on the incoming side, looking at how they are processing and what their process is. Are they posting appropriately or they OFAC screening? Many different things that they could certainly examine.
So ensure travel rule compliance on outgoing wires, then on incoming wire is the posting processes on both sides OFAC screening and any other sanctions screening that you would need to do.
Whether you could even get into the verification processes that are taking place. So if it was a freeform wire transfer, meaning not based on a template or a process is followed to ensure two-step verification on that transaction.
And what are the processes around customers creating new wire transfer templates, and is there a two-step verification process around that as well.
Q: Should financial institutions still complete an OFAC check on domestic customers when receiving and or sending a wire transfer?
A: Well, if it is your customer, best practices suggest you should be screening your customer base on a regular basis, so that way you already know whether or not your customer is a sanctioned party or not. Even if they are U.S. party.
I think that’s just safe to assume you should be screening the beneficiary on an outgoing wire, if it’s an incoming wire to your customer, again, you should already be screening your customer both during onboarding as part of the CIP, but then on an ongoing basis.
Q: Is the original bank, the only bank conducts a KYC review of the customer or do all related banks in the transaction conduct KYC reviews on the originator?
A: No, it would just be the originating bank that would be the customer’s bank.
Q: If the other banks do not conduct KYC reviews on the originator. How do these banks know that they are not sustaining an illegal activity?
A: They would need to look at it from the perspective of their customer who is receiving it.
In other words, is it suspicious on the receiving end? Is this an unusual payment that your customer has never received before? Is it a wire transfer from Latvia? Each bank has that responsibility on their side and should be monitoring the activity of their customers.
Q: What do you say to a financial institution that does not include a very good description narrative for the purpose of the wire?
A: That is always a struggle. Because per the travel rule, that is optional. If the customer doesn’t give you anything to put in that field, or gives you something cryptic, it’s not your obligation under the travel rule to go back to the customer and say this doesn’t make sense, or, give me something to put in that field, because it’s only if the originator provides you with that information do you have to include it.
It is something that comes back to customer education. So when customers understand why it is important to include that information, especially all the beneficiary information, their address, and so forth. Then putting additional things into the freeform text fields about what the purpose of this is, such as invoice numbers. Anything that can help the recipient of that transaction understand what you are paying them.
Q: Would you raise any red flags if it does not contain good descriptive information if it is common practice at the bank?
A: Not necessarily, no, because again, that is driven by the originator. So, for example, if I know customers who are routinely paying the same entity by wire transfer on a regular basis, they don’t necessarily need to put anything in that explanatory field.
I have mentioned, several times, wire transfer templates. They are more common on the commercial side, where it’s basically if you have a repeating wire transfer that you’re going to make to a particular business or other entity, you can actually set up all the wire instructions, including the bank, the beneficiary, all the address information, anything you want to put in that field.
Then the only thing you need when you go to initiate transaction is the dollar amount, So that way, you do not need to do that two-step verification. They can simply pull up the template and change the dollar amounts, or whatever they need to pay that other party on that day, and then a two-step confirmation of that. The legitimacy of that transaction does not need to happen because everything is set in stone other than the amount.
Q: When you process a wire in a correspondent relationship, is it valid to request a copy of the KYC information of the customer sending and receiving the transactions since this is not my customer and I don’t know them?
A: That is a good question and it speaks to the risks involved in correspondent banking, especially foreign correspondent banking, which has a section of the Patriot Act entirely devoted to it.
So, you have a risk when you are the correspondent that because you are processing transactions on behalf of somebody else’s customer and other banks customer. How do you detect suspicious activity? How do you know that enough vetting has been performed on that customer?
So I guess, depending on how, again, this is a risk-based approach that each financial institution that is a correspondent bank would need to make.
Banks want to know all about their anti-money laundering programs. There are detailed questionnaires and documentation that each bank wants to know about the other bank to do. Do they have a robust AML program in place? Banks will rely on that information in order to not have to look at the KYC of every single customer that they are processing a transaction for.
Q: What questions would you ask an FI if there are many return wires, whether from a single customer or multiple customers?
A: I guess they are looking to maybe understand maybe what their process is because if they have to be returned, then there is something inaccurate on the message itself.
It could be the wrong account number. It could be that they are leaving off information that does not allow that receiving bank to be able to automatically process that transaction all the way through to the customer’s account.
Q: Is a Post Office box address considered a valid address?
A: Actually, it is. A lot of debate about that over the years, back and forth. Nowadays, it is generally accepted that a P.O. Box is OK. Often you may have with your customers a mailing address and a physical address. You should probably have both those records. When we would pre-populate our customer’s name and address on an outgoing wire in the originator fields, we would pull from their physical address record, not their mailing address.
So that way we were closer to ensuring that they, we avoided the P.O. Box as much as possible, but, but that’s not always possible.
Q: Do you request a source of funds from the originator?
A: Usually the source of funds is their account. I suppose an MSB might be if someone brings in cash and wants to send a wire using that cash. That is again, another risk-based question. Do you know this customer already? Is this transaction unusual for that customer? If so, then you may ask, what is the source of funds? They do not necessarily have to tell you, but you could certainly ask if there are other suspicious elements to the transaction of any kind.
Q: What happens if many incoming wires are coming with no originator account number?
A: That could be something that the receiving institution may want to have a have a conversation with the sending institution. There is a possibility that one particular type of institution is doing a lot of non-customer wire transfers, especially with large unbanked populations. Then they may not be providing anything. They do not have an account number because they do not have an account.
Even if they do not have an account in that originator identification field, they should have something, such as a driver’s license or, or some other identification form of identification.
Q: Do you request professional or nature business for the sender and detailed information on the major shareholders owning 10% or more relationship between sender recipients as documentary evidence of the sender’s source of funds?
A: Not typically, at least not in my practice or my history because we have already done that KYC on our customer. Now that’s not to say that, we do our initial KYC and establish a risk rating for our customer and, then, once we see their transaction activity over time, if there’s odd stuff going on, we may actually pursue that information with them to get more details from them. And in other words, enhanced due diligence.
Q: What is the IPE and number versus a SWIFT code?
A: So an IBAN number is like an account number. It’s a very long number, I think it is like 36 numbers and letters and that is used in Europe, predominantly to identify any recipient of funds. So it is as a way of identifying the person and the account number. And the institution where that account number resides all in one big long number whereas the SWIFT BIC is the identification of the financial institution in the SWIFT system.
Q: Is the purpose of transaction not mandatory for fed wire transfer? And if not mandatory, can the fund be returned?
A: To my knowledge, no, it is not mandatory. The Fed is not looking for that field to be completed the purpose of the wire. I have never been requested to provide that. And also from the travel rule perspective, it does not have to be provided unless your originator gives it to you.
Q: So, if not mandatory, can the funds be returned?
A: I don’t think so. The only reason that a bank would want to return funds is if they could not post it in some way. And then you get into sanctions issues as well if they are rejecting a wire transfer if it had an OFAC match on it that they consider to be legitimate, but that’s outside of this subject.
Q: Will you provide some guidelines on OFAC screening on wire transfers? For example, is it required to OFAC screen domestic banks?
A: There are no regulatory requirements for screening. There is no regulatory requirement that you screen anything, and so, that’s why it becomes a risk-based approach. Therefore, OFAC describes screening as a tool that you can use to make sure that you comply with the economic sanctions. So, it’s screening as a tool, you decide how you want to use that tool to protect yourself, and make sure that you are complying with the sanctions, so that there is no legal requirement.
That, being said, in my opinion, you should be screening the banks because there are banks that are sanctioned parties. I know the OFAC screening tool we used had sort of added-value lists that had major banks in sanctioned countries, for example. So those would be flagged so we could take a look at it more closely.
So, my opinion, absolutely, you should be including banks in your screening process.
Q: If a U.S. bank has a foreign branch and others in another country and it is the originator bank for a wire transfer from an OFAC standard, is it required to OFAC screen the Foreign Branch?
A: We saw a number of years ago where a bank was doing something called payments stripping, where they were getting a SWIFT payment message from their counterpart banks in Iran that included names of sanctioned parties that were bringing funds to the U.S.
And they had people modifying the SWIFT payment message before it went to their U.S. branch to take out the sanctioned parties so that their U.S. branch wouldn’t flag anything from an OFAC perspective.
So I think absolutely you should be screening anything that comes to you.
Q: Is it true to say that all U.S. dollar transactions have to transit the fed wire system? Even if SWIFT is being used?
A: No, they would not have to. So they can either be through CHIPS where those 50 or so banks that are members of CHIPS are basically processing transactions amongst themselves all within the system.
And then, if you are a member of a SWIFT in the U.S. and you have correspondent relationships with banks in foreign countries, through SWIFT, you can absolutely do your year foreign wire transfers that way and bypass the Fed completely.
Q: If an outgoing wire receipt and the transaction does not make sense with the customer profile, at what point do you reach out to the customer for clarification? And if it does not satisfy the response or continued behavior, at what point do you reject a payment?
A: My opinion is unless there is a legal reason, like an OFAC match or some others sanctions match that requires you to block an outgoing payment, you have to let it go. And that is when you file a suspicious activity report (SAR).
Now there could be in this scenario that your customer may be being defrauded. And so then you want to talk to them and try to convince them that they need to make sure, and corroborate with somebody else that this is a legitimate transaction.
Now if it isn’t flagged by your fraud monitoring system, but it comes up later as suspicious activity from a money laundering perspective, then you have to decide when you’re looking at that and looking at the alert and actual payment or looking more closely at that wire transfer and deciding whether this is something you should approach your customer about.
Like in the example I gave with the Sony home theater system that was just so bizarre that we asked our customer about it. They could clearly see the Latvian bank and the Sony theatre system explanation.
So at that point, we said, OK, time to file a SAR and not even push it any further with the customer. Because we don’t want to take that risk of tipping them off.
What ended up happening with that customer was the kickoff to a pattern that we started to see with wires coming from these shell companies in different countries all through banks and one of the two major banks in Latvia.
And, when we finally approached the customer about this activity, we asked them about a couple of others ones. We asked them in the same way as we did the first wire about the Sony home theater system. We asked them what is the business purpose of this? And then after, a couple of inquiries what we started noticing was they were still getting payments from all these shell companies, but the explanation for the purpose of the payment on the wire had changed.
And all of them said the exact same thing “for fruits and vegetables.”
It’s like you could just picture somebody’s picking up the phone and saying, hey, you guys quit using all these funny explanations, you have to just say it’s for fruit. We had a kind of a laugh about that, but, they obviously changed their behavior for some reason, and we could observe that, and obviously, report it.
Q: So, if the wire was conducted on the fraudulently open account, using an identity theft victims information, is this still reported? The victim had never authorized the use of his information. And so the follow up is if you report it, wouldn’t it be misleading, as we would be reporting using the victims themselves?
A: What we would do on all of our SARs that related to fraud that had been perpetrated against our customer, is that you do not list the customer anywhere as a subject on the SAR. You can describe it in the narrative. But the only subject on the SAR would be if we had any details about somebody involved in the fraud.
So let’s say they were fooled into sending a fraudulent wire transfer to some third party. The subjects on our SAR would be that third party.
If it were a fraud instance where we had no information about the sender, then we would just check that box on the side that said: no subject information.
But with a wire, you usually have somebody’s name that this money is going to or coming from, so that’s what goes on the SAR, and you leave your customer out of it.
And you just explain in your narrative that this was your customer who was impacted by this. So that’s what you would do in that particular case. And you would report it because law enforcement again needs to know about these instances. That is the whole purpose of SARs is to let law enforcement know what is going on.
And so for that same wire transfer, the person getting the money could be getting this from banks all over the place through other victims. And so that name, if it’s used the subject field on the SAR is going to pop up in our database with FinCEN.
Q: How do you handle PEP wires?
A: So, that really is a know-your-customer issue. So if your customer is a PEP you could look at that from both directions. So what wire transfers are they doing, that goes into what is your monitoring process for that individual.
What do you know is normal activity and expected activity for that particular PEP customer? And then what would be out of pattern?
In other words, PEPs are just red flags. So a customer getting a wire transfer from Maduro in Venezuela would probably raise a big red flag. Why are they getting money from this individual?
So, it becomes out of pattern activity. And then, you would do some due diligence to figure out why. But it’s not something that you unnecessarily block you could certainly reported if it ended up being suspicious.
Q: Would the quantity, like how much is being sent, be a consideration?
A: It can, or it can’t. Actually, in the majority of my SAR cases, the dollar amounts of the wire transfers were rarely over $100,000 at a time.
And I think that’s deliberate, because you would just assume that a huge $1-million wire transfer is going to raise a lot of red flags just because of the dollar amount. But something from $10,000, $25,000, $50,000, that establishes a sort of ordinary pattern. And again, it depends on the customer.
If we’re talking about a consumer account that may be because any wire transfer could be potentially suspicious, but on a business account, it may be they’re looking to establish a pattern. If they’re laundering money, what we did see, way back when we had that we initially at my bank experienced our customers were getting malware where the fraudster could actually come in secretly and stay online.
In the online banking system, for example, even if the customer thought that they had logged out; the fraudster was still in the system and could look at everything that they had done. They look at what’s a normal wire transfer for them dollar wise.
And then they started initiating wire transfers of those similar dollar amounts to see if they could get away with that. So, monitoring systems wouldn’t necessarily pick it up.
Q: Can a person remit funds with an ABA for one institution and a SWIFT code for another in the same transaction?
A: So say both are U.S. banks, and you’re using fed wire and you try to use the routing number of your bank as the sender. And for the receiver, you try to use their SWIFT code that you still need to populate that receiver depository institution, fed routing number, the Fed cannot process a wire transfer without that sender DI, and receiver DIs Fed Account, fed routing number.
So They’re going to kick it back. If it doesn’t have those two fields populated.
But the beneficiary bank could certainly be a SWIFT number because really, what the Fed is looking for, mostly, are those to the sender DI, and the receiver DI, because that’s how they’re going to post the transaction.
Q: Is the beneficiary date of birth and place of birth necessary to be on the wire transfer template?
A: Not in the United States. I’ve seen thousands of incoming wire transfers from other countries where that information is always provided in the OBI field. I’m thinking that it probably is required in many other countries.
A large proportion of these were in Asia, India, Asia, and sometimes the Middle East, but not very much from Europe. So, it could just be that, that there are regulations in those countries that require that, But definitely not in the United States.
Q: What laws in the U.S. protect the consumer for bank fraud or phishing? And is it mandatory for the banks to reimburse the customer, if phishing or fraud was determined in the wire transfer of funds?
A: There are several programs. But it’s very true that consumer accounts have far more protections than commercial accounts do.
In fact, commercial accounts have to protect themselves with additional products and services, especially on the check side and the ACH side, to make sure that they’re not experiencing fraud.
So, the regulations are different and there are several of them that apply based on, for instance, what type of events, what type of transfer it is. And this could be in federal regulations that could be in for ACH, but most of the time, consumers are absolutely protected with wire transfers.
It is a little bit different than with checks and ACH because just the nature of wire transfers; they are not a negotiable instrument in other words. It’s a little tougher for a consumer to have if the consumer was the one who was defrauded and the consumer had initiated the wire transfer, they’re going to have a hard time getting money back from their bank. But if this was a hacker and impersonation, then definitely the bank is going to be on the hook for that.
Q: So if a wire transfer arrived from a bank account, which previously had a suspicious activity, do you consider this as a suspicious activity.
A: I could see that going two ways. One might be you have a customer who is receiving a wire transfer, and you’ve previously been monitoring this customer’s account for suspicious activity of the nature of wire transfers, or maybe it’s something else that they’re doing. Again, that is you are looking for out of pattern, right? So if you’re already monitoring a customer’s account for suspicious activity than pretty much any transaction that’s going on with them should be looked at more closely.
They could be asking the question that if the sender of the wire transfer, the originator, has been flagged as something suspicious through a payment to a customer – to one customer. And then the same suspicious party makes a payment to another customer.
We actually had that happen on a couple of occasions. And now, both of the customers who received payments from this one suspicious party, which we had identified as a shell company, they were both in the same business.
So again, the fact that it was a shell company that we could pretty much clearly identify was a foreign shell company, that’s a red flag. It doesn’t necessarily mean that it was illegal activity. Both of these companies are exporters. And a lot of times, foreign exports come through payments for foreign experts. Exports come through third parties, sometimes that are set up a shell company. So we were able to flag that in our monitoring systems and point it out.
So, then, because we had flagged that as a suspicious party on one customer, we flagged it again and would file a SAR on the other customer as well for receiving that payment.
And then we mentioned in our SAR, that corroboration between the two. And even referred in our SAR narrative to the SAR identification number of the original SAR on customer number one where we had seen this activity. So that way, law enforcement as they are reading the SAR can say I can see what you’re talking about here and I can go and look up this particular file and see the connection between them.
Q: Is this where you would document this information in the case report. Just so you can track all this this information?
A: Obviously yes. A case report is a tool we talk about in the webinar we did on SARs, too.
When you get these really complex cases, which wire transfers can often involve because you are dealing with layering for the most part of layering processes in the money laundering process. So this can get, these can get really complicated.
So being able to write out everything that you have investigated, every connection so that you have made, that are not just obvious from the alerts itself, that may or may not have been generated by your system, is important. And that is something that then you can provide to law enforcement to see how you have justified the SAR and give them more information than just your summary.
Q: What are key elements regarding wire transfers that are scrutinized for either internal or external auditors?
A: For your external CPAs or your internal audit, is, I think, number one, they’re going to be looking for compliance with the travel rule.
So are you, on your outgoing wires, just where the traveler would apply to our outgoing wires? Are you capturing all the mandatory information and then what are you doing if anything to validate that?
Are you allowing an originator’s name to be changed. Processes like that.
And then on the incoming wire side, obviously they will be looking for you to be retaining all of the information you receive for the mandatory five year period. And per the FinCEN travel rule, how are you retaining it? Is it easy to retrieve because there are rules in the travel rule about how quickly you have to retrieve information, once it’s been asked for how are you storing it. Is it easy to find and how is it being analyzed by your AML system?
Also, what are the parameters and rules and models that your AML system is using to look for suspicious activity within wire transfers?
Q: Here at your institution when investigating a transaction involving your correspondent would you request supporting documents like invoice, bill of lading, or just a profile of your customer?
A: I guess that would depend on the nature of the transaction.
Let’s just say it’s a wire transfer, That was where the underlying transaction was done through open an account trading, meaning there’s no, the banks aren’t involved and issuing an letter of credit or anything like that. It’s just the parties are making payments directly if there is something suspicious. We would go to the correspondent bank and say, there is something about this transaction and we would like more information.
Do you have supporting documentation from your customer that verifies this as an export transaction like a bill of lading or commercial invoice, something like that.
Q: Do they require a financial institution to call every client that does an online wire to confirm it, even though it’s the same page and they’re sending often.
A: So our policy, and this is probably the case with most banks, is that we distinguish freeform wire transfers, versus template wire transfers. Let’s talk about templates at first. So our customers were able to create a wire transfer template that has the payee name and address the bank account information.
Even anything that they would want to regularly include in that OBI field.
And then, that template would get set up, and it would require two-touch approval to set up that template to begin with. And then, when that template is used, they’re going to routinely make payments to that particular vendor. Then the employee, whose job it is to make those payments, can pull up that template, change the dollar amount for whatever they are owed the vendor and then just initiate the wire, and you don’t need a second authorization. Because they can’t change anything, except for the dollar amount.
Now a freeform wire is where there is no template. So they’re setting up a wire, transfer instructions, or a payment order, with someone they’ll say they have never paid before and they don’t have a template for. So anytime one of these came through, it was stopped by a wire transfer system, we did a call back to the customer to confirm, we did a callback actually to a second party at that customer.
So I guess to answer the question, even if that customer does not understand that they can create a template. So that they do not have to go through the secondary approval process all the time. They may be sending a freeform wire every single time to the same party repeatedly. And so then, yes, every single time you should be authenticating or verifying that if it’s free form or if it’s through online banking, then a second person ticket user on their system should be able to, should have to approve it.
And so, then, if you start to see that a lot more of this, somebody should reach out to their customer and say we’ve got this feature here, that you don’t have to do this all the time. If you set up a template.
Q: Given most foreign wires have serious data issues, so, partial jurisdiction info, named accounts, what was your bank’s policy regarding fixing or interpreting geo data for risk by for risk facing each wire?
A: Actually, my experience was different from what this participant is enquiring about.
I always found that foreign wire transfers had way more information than domestic ones did.
Now, given the fact, however, all my customers were commercial clients. But the problem that we had was that we did not use SWIFT for payment messages. So we were always receiving foreign payments incoming through a U.S. intermediary who had received a SWIFT message for that payment from the foreign bank and then they had to convert it into a Fed wire. And so we had the issues around addresses. And it would end up being all kind of jumbled together and we had the purpose of the payment in several places where it would be entered in one or more fields on the Fed wire.
Another issue would be when information is being translated from the language of that country where it’s coming from into English. Foreign wires coming from Asian countries would convert names and so forth into English; they were using sort of a phonetic spelling on, on names, addresses, city names, street names.
In certain Southeast Asian countries, the addresses are really complicated, so there was this translation that was going on as well language translation, that made it a little challenging as well. But in terms of missing information, I honestly rarely saw that. That was more on the U.S. side, the fed wire, because the Fed doesn’t require pretty much anything except for that sender DI and receiver DI, and then the dollar amount and the date.