Brush up on RDC risk management before targeting SMBs

Mehul Patel October 27th, 2017

Remote Deposit Capture (RDC) was such an alluring concept when it first appeared that aggressive banks rushed into it. The effects of this mad dash to market resulted in financial institutions buying early versions of bug-riddled systems that delivered a user experience best described as challenging. Others who built their own RDC systems would encounter the common and inevitable difficulties associated with home-grown solutions, such as staying current with all the latest software updates, integration with other bank apps, and issues with risk management and compliance.

As RDC became more mainstream, it inevitably attracted fraudsters. Celent reported that the percent of financial institutions reporting some RDC loss grew from 11 percent in 2012 to 23 percent in 2013.

Eventually, regulators started to integrate RDC into Know Your Customer (KYC) and Anti-Money Laundering (AML) controls and regulations. One condition of the KYC regulation required financial institutions to better understand customers through identifying deposit locations. In an effort to prevent fraud and money laundering, regulators wanted banks to know where their items were being captured, and suggested that this information be tracked for compliance.

The increased oversight motivated financial institutions to seek enhanced risk management capabilities that offered protection against fraudulent RDC transactions, as well as satisfy regulatory requirements. The majority of financial institutions had some form of RDC risk management in place, but many didn’t have the ability to identify exactly where their deposits were captured.

Innovation’s answer to fraud

This conundrum was addressed at Deluxe’s RDC Steering Committee composed of financial institutions and bank technologists from around the country.

A question was posed: if a bank doesn’t have a customer’s face in their branch, what if they could at least have information about the customer’s location when they make a deposit?  From these dialogues, the answer of Location Awareness functionality was formulated.  Location Awareness tracks the IP address of the location from which the check was captured and alerts the bank if a capture is made from an unexpected location, providing greater visibility to possible fraudulent activities. The bank then has the opportunity to review the suspicious transaction and determine whether or not any action is required.

Location Awareness was developed to be scanner-agnostic, which was a key benefit for organizations that used scanners from multiple vendors. This measure also helped banks provide information to auditors faster, protected them from fraudulent activity and helped them to meet internal and external audits.

Banks jumped at the opportunity to further dial in risk management policies to better fit each client’s own unique business practices. The ability to block deposits from outside the U.S. while creating their own white list of permitted exceptions to allowed for people doing business abroad or military personnel on foreign assignments. Banks could flag deposits made from unexpected locations and block them until the deposit can be confirmed and authorized.

Robust risk management is essential to a diverse SMB market

Today’s RDC industry (and other technologies, for that matter) has and will continue to evolve in sophistication and complexity, and so will requirements from federal regulators. It’s important to keep this big-picture view in mind, especially for banks that are gearing up to bring the next generation of enhanced RDC, like business mobile, to the largely untapped SMB market.

Flexible rules around the amount and velocity of deposits will be essential for banks targeting this market. Many Millennial SMB owners do not have brick-and-mortar stores but still accept dozens of checks as payment from customers at locations (art shows, fairs, sporting events) far away from home. More than ever, banks will the need the ability to fine-tune their risk monitoring and location awareness capabilities to guard against fraud and satisfy regulators while not impeding SMB owners looking to grow their business.

After the first generation of RDC, it’s time for banks to take a critical look at how their current RDC provider is helping them manage the risks of RDC today and how they intend to do so in the future. Before targeting SMBs, it’s worth asking how RDC providers are investing to help your organization to stay ahead of the regulatory curve.

This content is accurate at the time of publication and may not be updated.