Monday, May 07, 2007
( 10:26 AM ) Andy
Reinforced Reasons for Thorough CIP and EDD
The Bank Secrecy Act imposes many requirements on banks. Knowing your customer is one of them and recognizing suspicious activity in their accounts is another. This can be very difficult, but here is one more reason to be suspect of some accounts you may not know so well.
Robert Arant of Des Moines, Washington was recently arrested because he operated a "warehouse bank" out of his home. He had approximately $28 million in deposits and offered his couple of hundred customers anonymity similar to that enjoyed with Swiss bank accounts. His customers could have been concealing assets for the purpose of evading income taxes. Arant now faces a civil complaint charging him with promoting abusive tax shelters and unlawfully interfering with internal revenue laws. He faces a fine of $1,000 per false statement which is usually the equivalent of one statement per customer.
How did he do this? Arant pooled his customer's money in six accounts at Bank of America, U.S. Bank and Wells Fargo Bank. He then charged his customers $75 annually, plus fees for the account set up and wires. For an additional $30 debit cards were available. They could also access their funds with checks and money orders. These depositors of Arant's obviously were not seeking FDIC coverage.
Should these banks have better known this customer? It is very difficult to say considering that his accounts were under his business name and if the transactions were initially for large deposits and monies in, and out, there may have been no change in behavior that triggered red flags. We don't know what supporting documents were provided for the accounts or how long they existed. There is no mention that the banks have done anything wrong in this case. But it is safe to assume they will spend a lot of time reviewing these accounts and doing their own post mortem to know if some flags should have been seen. #
Wednesday, May 02, 2007
( 7:54 AM ) Andy
Reputational Risk - Breach of Customer Information
A video on YouTube purports to show a person dumpster diving to demonstrate how one bank trashes customer information and makes it available to anyone wanting to look in the trash bags. While most banks have a system to divide trash from documents requiring special handling for destruction, some things may slip through.
There are two risks here. One is the breach of confidential customer information, including names, addresses, Social Security Numbers, balance summaries and even temporary usernames and passwords. The other risk is reputational. Reading the comments posted by YouTube viewers there are opinions and perceptions that "It is amazing how many people think this could never happen. Of course it does. If the bank has trash cans papers get tossed," to "My advice to you would be to go check the trash at your bank before you post comments! This stuff happens every day, and not just at banks." and "A classic union verses management battle." Several branches were visited to demonstrate that this is not a single incident.
Regardless of the reason this video was made, assuming it is factual (and that's a big assumption), it displays a lack of security banks have worked to avoid for many years. Bankers, especially those involved in the document destruction process, need to review their procedures used and ask some key questions:
- Will our procedures protect our information;
- Are the procedures usable - will they actually work in the bank or are they too difficult to be carried out in real life;
- Are employees being taught what is thrown away, what goes in the bank shredder and what is outsourced for destruction;
- Do we have controls in place to verify on an ongoing basis that we follow the procedures; and
- Have we become complacent about physical security and focused instead only on electronic data?
It may be good for management and even the board to know that videos such as this exist. What would it do to your reputation and to your bank's plans and goals? Not only can it be an embarrassment, but addressing this takes manpower and energy away from other duties. It is simply easier to know that policies and procedures exist, are effective and that controls are in place to ensure all is done correctly. Then you can better concentrate on growing your bank and serving your customers.
The YouTube video may be seen here. #