Best Practice Recommendations

Best Practice Recommendations

Wire Transaction Monitor

Revised December 6, 2015

Copyrighted by Wayne Barnett Software, a Texas Corporation

Disclaimer of Liability

Disclaimer of liability: We’re often asked for Best Practices in using or software. Unfortunately when it comes to detecting money laundering, fraud, identity theft, financial abuse of the elderly and other nefarious activity, there isn’t one strategy that works for all financial institutions. However, based on our years of experience, we do offer the following recommendations as a starting point.

Very important note: Please understand that the procedures we recommend in this document may be different from what we recommended in previous documents. We update our Best Practice Guides (BPG) periodically, to reflect what is current in the banking and credit union industries. The bad guys are always doing new things—and these guides help you stay one step ahead!

This copyrighted document is owned by Wayne Barnett Software (WBS), a Texas Corporation. It is intended solely for the use of WBS current and prospective customers. Any distribution of this document by anyone other than Wayne Barnett Software is prohibited.

WTM Best Practice Guide, copyrighted by Wayne Barnett Software, a Texas Corporation

Table of Contents

Contents

WTM Dashboard 1

Daily Best Practice 1: Import the Wire Files into WTM 2

Daily Best Practice 2: Review the Daily Wires for Completeness 4

Daily Best Practice 3: Check Incoming and Outgoing Wires for OFAC Compliance 7

Daily Best Practice 4: Update OFAC Files 10

Daily Best Practice 5: Check Customer Names for OFAC Compliance 12

Bi-Weekly Best Practice 1: Update the CIF 16

Bi-Weekly Best Practice 2: Update Risk Ratings 18

Bi-Weekly Best Practice 3: Check Wires Against 314(a) List 19

Monthly Best Practice 1: Monthly Wire Report Review 22

Monthly Best Practice 2: Monthly Wire Report Review for Account Relationships 25

WTM Best Practice Guide, copyrighted by Wayne Barnett Software, a Texas Corporation

Dashboard

WTM Dashboard

Dashboard.png

Very important note: The WTM dashboard is referenced in several parts of the Best Practice Guide (BPG). To save space, we will only display one copy of the dashboard.

Ø  Dashboard panels 1 – 4 are the top row, going left to right.

Ø  Dashboard panels 5 – 7 are the bottom row, going left to right.

WTM Best Practice Guide, copyrighted by Wayne Barnett Software, a Texas Corporation

18

Daily Best Practice 1—Import the Daily Wire Files into WTM

Daily Best Practice 1: Import the Wire Files into WTM

You can import the daily wire files through the dashboard, by clicking anywhere within the “X” and “Y” axis area in dashboard panel 1.

Dbpanel1

1.  If I was importing a file for the 29th, I’d click in the white area above the number 29, located on the far right of the “X axis”. (I hate to write the words “X axis” and “Y axis”, as it brings back stressful memories of Mr. Sanchez and my high school geometry class.)

2.  The screen below will appear; in most cases you’ll just click Continue.

Allitemsimport

3.  The screen below will appear. The default date is the prior business date. You can change the date, if necessary.

Importfiles

4.  Click Continue, navigate to the file and double-click on the one you want to import.

Importfilesselect

Very important note: The circle in dashboard panel 1 shows a number, and below the circle are the words “Missing Files”. The number in the circle shows how many “anticipated file imports” were skipped in the past 30 days.

Ø  Click on the circle and WTM will display the “Processing Recap Report” for the past 30 days. Look for the words “Missing”, “Partial” or “Not Imported” to see the day where the anticipated file was not imported.

Auditprorecapresults

WTM Best Practice Guide, copyrighted by Wayne Barnett Software, a Texas Corporation

18

Daily Best Practice 2—Review the Daily Wires for Completeness

Daily Best Practice 2: Review the Daily Wires for Completeness

Banks in the US are required by law (31 CFR 1010.410) to obtain and keep certain information for all wire transfers of $3,000 or more. The information that must be obtained kept includes the name, address and account number of both parties (that is, the originator and the beneficiary). Banks must also retain the date of the wire, the amount and any special instructions stipulated by the originator and/or the originating bank. 31CFR 1010.410 is often referred to as the “Travel Rule”.

If the originating bank violates the law and sends a wire that is missing required information, the receiving bank can accept or refuse the wire (refusals almost never happen). If the receiving bank accepts the wire, it is not required to contact the originating bank, to try and obtain the missing information—but it can if it wants too. Likewise, the receiving bank can notify the sending bank of a conditional acceptance, pending receipt of the missing information. (Conditional acceptances are becoming more common, especially when the receiving party has been identified as a high-risk customer.)

Bottom line: you can’t be cited for a violation of law, when it was the originating bank that failed to obey the Travel Rule. But, it is incumbent upon management to show that all information presented was retained—and that’s where WTM is extremely beneficial: when a wire arrives from Fed, it can have up to approximately 300 data fields. WTM retains every data field for every wire, regardless of the dollar amount.

Very important note: you may be wondering if you have to keep Travel Rule data for wires below $3,000; the answer is no. However, the U.S. is the only country in the G20 group of nations that doesn’t require monitoring of all wire—and this bugs the bejeebers out of the regulators. So, if you aren’t keeping data on all wires, you can bet the regulators will recommend that you do so. They will justify their recommendation by explaining it will help the bank to better spot suspicious activity.

1.  Review the Daily Wire Report, to ensure all wires for the day are accounted for. Dashboard panel 5 (lower level, first panel on the left) has links to the four most-used wire reports. Please click on the first report (Report #101). The screen below will appear.

Viewall

Ø  Click Continue to see the wires imported into the system.

Viewallscreendetail

Ø  The bottom of this report shows the total amount for incoming and outgoing wires. You should verify that the totals on this report match the totals provided by Fed or Bankers Bank.

Ø  If the incoming and outgoing totals in WTM do not match the totals from Fed or Bankers Bank, you need to document the reason for the discrepancy. (Such discrepancies almost never happen). We recommend you create a dossier in DiCK, to document the discrepancy.

Important note #2: All of the columns on the screen are click-through columns. Some of the more common click-thru tasks are listed below. (Note: in some instances, you must have specific authority to perform the click-thru task.)

i.  Clicking on the Account Number will let you see all wires posted to that account number.

ii.  Clicking on an originator or beneficiary name will let you see all wires with that originator or beneficiary name.

iii.  Clicking on the Transaction Type will let you edit some of the information for that wire (for example, account number, name, beneficiary ID, originator ID, foreign wire identifier, etc.).All changes are logged and the logs are kept forever.

iv.  Clicking on the Amount will let you see all details for the wire.

v.  Clicking on the Risk Rating column will let you assign a risk-rating to this account.

WTM Best Practice Guide, copyrighted by Wayne Barnett Software, a Texas Corporation

18

Daily Best Practice 3—Check Incoming and Outgoing Wires for OFAC Compliance

Daily Best Practice 3: Check Incoming and Outgoing Wires for OFAC Compliance

There is no law that says you have to check the OFAC Specially Designated National (SDN) list, prior to opening an account or doing a transaction. Likewise, there’s no law that says you have to routinely check your existing customers against the SDN list. Yes ma’am and yes sir—you read that correctly: there is no law that says you have to do these things.

But, there is a law that says you can’t do business with anyone on the OFAC SDN list.

So, if your bank doesn’t check new accounts and third-party transactions against the list, you are operating fool heartedly.

What are the fines for OFAC violations? At a minimum, it’s the amount of the transaction. So, if you cash a check that is payable to someone that’s on the SDN list, you will have to pay OFAC a penalty that’s equal to the amount of the check. You will also have to pay a fine, the amount of which is usually $2,000 - $3,000 (assuming it’s just your first or second OFAC fine.) The fine’s increase dramatically after the first couple of violations. Also, criminal prosecution and jail time has occurred at banks where the number of OFAC violations was egregious. (We’ve seen BSA officers, president and CEOs prosecuted for willful blindness, when it comes to OFAC violations).

You may be wondering what are the most common transactions attempted by folks on the SDN list. The answer:

1)  Cashing of a check, made payable to someone on the SDN list.

2)  Incoming IAT transactions (both debits and credits)

3)  Receipt of a wire, where the wire originator is on the SDN list, or, delivery of a wire where the beneficiary is on the SDN list.

WTM and OFAC-It! can help you with #1, but that really isn’t the focus of this BPG; please call us at 877-945-4344 if you want to discuss this further.

SAM has you covered with #2; please review the Best Practices Guide for SAM-ACH for more information on this topic.

WTM has you covered for #3; we’ll discuss how this feature works below.

1.  Dashboard panel 4 (upper level, last panel on the right) lets you do OFAC checks on all incoming and outgoing wires, and, on your entire customer database.

Dbpanel2

Ø  Click on the lower circle to perform an OFAC check on your incoming and outgoing wires; the screen below appears.

Ofacfilecheck

·  Click Continue to review the report.

Ofacfilecheckscreen

Ø  Click on the far-right column to identify any name that you consider an OFAC match.

Very important note: We only check names that are not the bank’s customers. So, for outgoing wires we check:

1)  Receiving bank name

2)  Beneficiary name

3)  Intermediary receiving financial institution

For incoming wires we check:

1)  Sending bank name

2)  Originator name

3)  Instructing financial institution name

Why don’t we check your customer’s names? It’s because we don’t want any confusion. If you see a name on this list that may be a match, you need to investigate it. We don’t want you saying “Oh yes, Mohammed Jones is our customer,” when in fact this is a different Mohammed Jones.

WTM Best Practice Guide, copyrighted by Wayne Barnett Software, a Texas Corporation

18

Daily Best Practice 4—Update OFAC Files

Daily Best Practice 4: Update OFAC Files

OFAC updates happen at the discretion of OFAC. We’ve seen OFAC release updates 12 days in a row. We’ve also seen intervals of 22 days between updates. And in very rare instances, we’ve seen two updates in one day.

So, you will not perform this Daily Best Practice every day.

On those rare occasions (1 – 2 times a year) where two updates occur, the second update will include the first update’s revisions. So if you were slow to run the first import, you can skip it and just run the second. But if you were Johnny-on-the-spot with the first update, you’ll have to import the second update too.

We will advise you via e-mail when OFAC updates the SDN list. You can also sign-up for updates from OFAC. Both the updates from us and the updates from OFAC have links for you to use, to download the files.

1.  Dashboard panel 3 (upper level, second panel from the right) shows the number of days since you last updated your OFAC files. It also shows the date of the files.

Dbpanel3

2.  At this time, we don’t have a link on the dashboard to our download site. However, you can bookmark the link below to be taken to it.

www.barnettsoftware.com/downloads-private

3.  After downloading the three OFAC files (Primary SDN, Alternate SDN and SDN Address), you must import them into the WTM database. To import the files, click on one of the checkboxes that’s to the immediate left-of each file name. (It doesn’t matter which checkbox you choose.) The screen shown below will appear

Ofacfileimport

·  Select the file you want to import, click Continue and navigate to where the file is stored.

·  Again, please remember that you must import all three files. The system will show you which files have been imported.

Very important note: Let us say it again please: each file is cumulative. So, if new files come out on Monday and Tuesday, and on Wednesday you realize you didn’t import either one, all you need do is import the file from Tuesday.

WTM Best Practice Guide, copyrighted by Wayne Barnett Software, a Texas Corporation

18

Daily Best Practice 5—Check Customer Names for OFAC Compliance

Daily Best Practice 5: Check Customer Names for OFAC Compliance

As previously noted, there is no law that says you have to check the OFAC Specially Designated National (SDN) list, prior to opening an account or doing a transaction. Likewise, there’s no law that says you have to routinely check your existing customers against the SDN list.