Almost everyone has authorized a draft transaction from a checking account, whether to expedite a payment to a creditor, purchase an item via telephone or Internet, or compensate a merchant for the return of an initial paper check due to insufficient funds. The payee remotely creates these preauthorized drafts, or remotely created checks (RCCs), under the authority of the accountholder but without the accountholder's signature. This lack of signature makes RCCs vulnerable to fraud.
How can the payments industry balance the legitimacy and convenience of an RCC with the risk management challenges it presents? Staff at the Atlanta Fed's Retail Payments Risk Forum explored this question and other challenging issues in a recently published concept paper, "An Examination of Remotely Created Checks."
Risk management challenges: RCCs are hard to monitor
RCCs, like traditional checks, can be sent forward for collection through the banking system or processed electronically by converting the paper check into an electronic file acceptable to image-exchange networks. Electronic-only RCCs can also be presented for payment and sent forward for clearing, and in some instances can be converted and processed as an ACH debit item and cleared through the ACH network. RCCs that exist in this format may easily bypass detection because, when they are sent forward for clearing, they appear in a format indistinguishable from files of images captured from paper checks.
Distinguishing electronic-only RCCs from paper RCCs converted to an electronic image is crucial to understanding and appropriately applying the new RCC warranty and presentment claims. Yet reliable data on the prevalence of RCCs as well as the true magnitude of fraud perpetrated through this payment channel is difficult to quantify because, as stated above, RCCs are indistinguishable from files of images from paper checks.
Risk management concerns and applicable due diligence protocols
In 2005, Regulation CC was amended to addressed RCC's unique attributes and the risks and challenges that accompany them. Ultimately, Regulation CC altered the final payment rule by shifting liability for unauthorized RCCs from the paying bank to the bank of first deposit. The change in liability structure also altered presentment and transfer warranties.
Risk management concerns for the bank of first deposit are substantial due to the inherent risk of unauthorized RCC transactions. Often, reported incidents of RCC fraud are tied to poor internal controls and due diligence practices of banks, particularly with their "know your customer" programs.
The Office of the Comptroller of the Currency (OCC) issued updated guidance in 2008 suggesting that account relationships with third-party payment processors are the riskiest for a bank that accepts RCCs as deposits. The guidance was intended to serve as a supplement to existing risk management practices while enhancing underwriting and monitoring of entities that process payments for telemarketers and other merchants.
Depository banks may be best poised to manage the unique risk of RCCs
Some experts firmly believe that RCCs provide consumers the important benefit of avoiding late fees by facilitating the expedited payment of a bill, while others oppose the use of RCCs because their risks outweigh any benefits they may provide. Rather than prohibit their use, exploring improved ways to manage RCCs may preclude the need for new laws or regulations.
Only the bank of first deposit possesses the information necessary to manage RCCs, and only the bank of first deposit has a financial incentive for mitigating RCC fraud. By creating comprehensive risk management practices, beginning with account relationship agreements, the bank of first deposit could detail the quantity of RCCs it will accept, the quality of the images, and the permissible percentage of returns it will accept as RCCs. The institution with the most to lose has the most to gain by policing its own payments activities, while identifying, monitoring, and controlling RCC fraud risk.
By Ana Cavazos-Wright, payments risk analyst in the Retail Payments Risk Forum at the Atlanta Fed