FUNDS TRANSFERS Developing Commercially Reasonable Security Procedures For Your Bank

Funds Transfer
Developing Commercially Reasonable Security Procedures For Your Bank, Part 1
by Dana Turner

Procedures For Your Bank
Introduction
A funds transfer, or payment order, is generally the same as any other payable instrument -- with a few twists. The transfer may be transmitted orally, electronically, or in writing -- and it may be made in person, by mail, telephone, telex, facsimile or other wire means, including computer-to-computer communication. It may include a series of transactions, beginning with a customer's payment order request, for payment to the beneficiary of the order.

A receiving bank needs to be able to rely upon objective criteria to determine whether it can safely act upon a payment order and differing procedures may be implemented, based on the varying needs of different customers. The bank must also safeguard confidential security information and restrict access to transmitting facilities, to reduce the risk of compromise to security procedures. The responsibility for making commercially reasonable security procedures available to the customer generally belongs to the receiving bank.

The customer must also be able to rely upon the bank to follow established procedures. The customer has the responsibility to supervise its employees, to assure compliance with security procedures. The customer also has the responsibility for selecting the most appropriate security procedures.

Developing commercially reasonable security procedures between the bank and its business customers is not only a regulation -- it's just sound business sense. The concept is designed to protect both the customer and the receiving bank and each must exercise reasonable care in conducting its business activities.

Definitions
Definitions are easy -- it's often the interpretation and practical application that's sometimes difficult. For discussion purposes, let's use these definitions:

Commercially: generally available to the public and accepted as effective;
Reasonable: logical, feasible and sensible for the particular customer and the particular bank, meeting the prevailing standards of sound banking and business practices;
Security: the process of providing protection, defense, safety and confidence by developing and implementing effective policies and procedures; and
Procedure: a method, process, tactic or strategy for achieving the desired result(s).

Agreement
A security procedure is generally considered commercially reasonable if:

The customer and the receiving bank have agreed that the authenticity of orders will be verified pursuant to a security procedure (both to verify the identity of an authorized sender and to detect transmission error); and
The receiving bank acts in good faith and in compliance with the security procedure, and any written agreement or instruction from the customer; and
The procedure is an effective method for providing security against unauthorized payment orders or errors; or
It was chosen by the customer after the receiving bank offered -- and the customer refused -- a security procedure that the bank considered was commercially reasonable for that customer; and
The customer expressly agrees, in writing, to be bound by any payment order, whether or not authorized, issued in its name, and accepted by the receiving bank in compliance with the security procedure chosen by the customer.

Each branch and facility should be required to furnish a list of personnel authorized to give and/or receive payment order information, individual access codes, and indicate each person's level of authority. This list should be treated in the same manner as combinations and other dual custody mechanisms. Copies of this list should be maintained in appropriate locations, including the Wire Transfer and Security Departments, and Branch Operations if it's appropriate, and include limits requiring a validation and verification call back. The transfer should use three (3) employees to reduce the opportunities for fraud: