Are You Ready for the RDC Indemnity Provision of Reg CC Final Rule?

The 2017 Regulation CC final rule becomes effective on July 1 this year.

3/20/18

Picture of E-banking KeypadThe final rule creates a new Remote Deposit Capture Indemnity in Section 229.34(f) to address the allocation of liability when a depositary institution, such as a credit union accepts deposit of a check through “remote deposit capture.” This applies when the depositor/ member sends the credit union electronic information about a check, such as a photographic image, which the credit union uses to create an electronic check or substitute check for collection. The proposed indemnity would be provided by a credit union that accepted a check via remote deposit capture to a financial institution that accepted the original check for deposit, in the event the financial institution that accepted the original check incurred a loss because the check had already been paid.

The final rule added an exception to the indemnity, and associated commentary, which would prevent a bank from making an indemnity claim if it accepted the original check
containing a restrictive indorsement inconsistent with the means of deposit, such as “for mobile deposit only.” The federal Reserve Board believed that providing this exception could reduce accidental double deposits and could provide incentives for financial institutions that receive remote deposit captures to take steps to minimize intentionally fraudulent deposits.

Something to consider: If your credit union accepts checks via remote deposit capture, you may want to add language to your Remote Deposit Capture Agreement requiring your member to add a restrictive indorsement to the check such as “For Mobile Deposit Only.” Such an indorsement may help reduce risks to your credit union.

Source:  CUNA Compliance Blog

Question of the Week

Is there a requirement that the credit union match the names on a tax refund received through direct deposit to the name(s) on the account?

NACHA does not require financial institutions to match names on incoming ACHs. It is important that credit unions do not try to change the intended destination if they do discover the names don’t match, because this could put them on the hook for any losses associated with the transaction. However, if the credit union becomes aware of a situation where a tax return has gone to the wrong account, they should try to return the funds to the IRS if they are still available.

FinCEN has released some guidance that can help financial institutions detect tax return fraud. FinCEN recognizes that there is a growing issue of tax refund scams that often are a result of identity theft. FinCEN put together a list of red flags that credit unions should carefully review to determine if any of their account holders might actually be attempting to commit fraud.

Red Flags:

  • Multiple direct deposit tax refund payments, directed to different individuals, from the United States Department of the Treasury (Treasury) or state or local revenue offices are made to a demand deposit or prepaid access account held in the name of a single accountholder.
  • Suspicious or authorized account opening at a depository institution, on behalf of individuals who are not present, with the absent individuals being accorded signatory authority over the account. The subsequent deposits are comprised solely of tax refund payments. This activity often occurs with fraudulent returns for the elderly, minors, prisoners, the disabled, or recently deceased.
  • A single individual opening multiple prepaid card accounts in different names, using valid TINs for each of the supplied names and having the cards mailed to the same address. Shortly after card activation, Automated Clearing House (ACH) credit(s) from Treasury, state, or local revenue offices representing tax refunds occur. This is followed quickly by ATM cash withdrawals and/or point-of-sale purchases.
  • Business accountholders processing third-party tax refund checks in a manner inconsistent with their stated business model or at a volume inconsistent with expected activity. Similarly, individuals processing third-party tax refund checks through a personal account with no business or apparent lawful purpose.
  • Business accountholders processing third-party tax refund checks and conducting transactions inconsistent with normal business practices, which may include:
    • A large volume of Treasury refund checks or bank checks being deposited, in contrast to other checks, such as payroll checks;
    • A large volume of refund checks bearing addresses of customers who reside in another state;
    • Multiple refund checks for the same or almost the same dollar amount;
    • Treasury refund checks or bank checks representing electronic refunds with sequential or close to sequential numbers; and
    • The dollar amount of checks being deposited is not commensurate with the amount of currency being withdrawn to cover the cashing of these refund checks.
  • Multiple prepaid cards that are associated with 1) the same physical address [individuals involved in criminal activity may also contact the customer service department requesting to change their address for their permanent prepaid card shortly after opening their temporary prepaid card account on-line]; 2) the same telephone number; 3) the same e-mail address; or 4) the same Internet Protocol (IP) address, which receive tax refunds as the primary or sole source of funds;
  • The opening of a business account for a check cashing business at a financial institution, which subsequently processed a high volume of tax refund checks issued to individuals from other states;
  • A sudden increase in volume involving the cashing of tax refund checks issued to individuals from across the United States, moving through the account of an existing check cashing service;
  • Individuals using bank accounts where the majority of the transactions are ACH federal tax refunds or refund anticipation loans;
  • Individuals attempting to negotiate double endorsed Treasury tax refund checks with questionable identification;
  • Individuals accompanying multiple parties to the bank to negotiate Treasury tax refund checks. Such items may or may not be double endorsed checks;
  • The freezing or closure of a personal or business account due to suspicious activity involving either Treasury tax refund checks or ACH Treasury deposits;
  • The signature/endorsement on the back of the check(s) does not match the identification of the individual conducting the transaction; and
  • The same signature/endorsement is used on multiple checks, with multiple names.

Employees of financial institutions may also facilitate tax refund fraud by conducting transactions inconsistent with normal activity through the following practices:

  • Tellers who regularly process large quantities of Treasury tax refund checks. This may include one or more tellers during a specific time frame;
  • Bank employees who open multiple bank accounts that received a large quantity of Treasury tax refund checks; and
  • Bank employees who did not follow proper identification procedures or accepted apparent fraudulent identification when opening an account.

Additionally, if a credit union does suspect tax return fraud, they should look to FinCEN’s guidance on how to prepare a SAR (link below).

Resources

Legal Briefs

National Credit Union Administration (NCUA)

The NCUA released its board action bulletin detailing the events at its March 15th board meeting. The NCUA’s bulletin states that the agency will issue an advanced notice of proposed rulemaking which will seek stakeholder comments on ways to streamline and improve the standard federal credit union bylaws.

The NCUA announced that its first round of streamlined applications for qualification as a certified community development financial institution (CDFI) will be open from March 19 through April 6, 2018.

Consumer Financial Protection Bureau (CFPB)

The CFPB announced that it is soliciting membership for its Consumer Advisory Board, Community Bank Advisory Council, and Credit Union Advisory Council. The application will be available March 19 through April 23, 2018, with new members being announced in September 2018.

The CFPB issued a request for information on adopted regulations and new rulemaking authorities.

The CFPB released an updated Small Entity Compliance Guidance to reflect the 2018 Prepaid Accounts Rule Amendments.

Court Decisions

The D.C. Court of Appeals recently overturned two of the provisions of the Telephone Consumer Protection Act (TCPA). The court overturned the FCC’s definition of an autodialer and vacated the FCC’s reassigned number approach. The court found that the definition of an autodialer, which included devices that simply had the capacity to function as an autodialer even though they weren’t currently configured as autodialers was too broad.

The U.S. Court of Appeals for the Fifth Circuit vacated the Department of Labor’s fiduciary rule. The court held that the DOL exceeded its statutory authority.

Federal Deposit Insurance Corporation (FDIC)

The FDIC released its board meeting notice detailing the items that will be considered during its March 20th board meeting.

Office of Foreign Assets Control (OFAC)

OFAC has updated the SDN list as of March 15, 2018. The last update prior to this was March 8, 2018.

Questions? Contact the Compliance Hotline: 1.800.546.4465, compliance@nwcua.org.