Outsourcing Identity Protection, Fraud DetectionBank's Off-the-Shelf Approach to ID Theft, Money Laundering
Regulatory requirements related to consumer protections in the areas of identity theft and money laundering are weighing ever-more heavily on financial institutions of all sizes. For Team Capital Bank, a $670 million institution in Bethlehem, Pa., meeting the demands of compliance became too much to handle in-house, so the bank signed with a third party for an off-the-shelf solution.
In this interview, Richard Boyer, Team Capital's executive vice president and general counsel, and Bill Johnson, Team Capital's security officer, discuss:
- Why automating anti-money-laundering detection made sense;
- How compliance with the Bank Secrecy Act will gradually push more institutions to third-party vendors; and
- What steps institutions should take and consider when deciding on which vendor they would like to manage their fraud-detection services.
Boyer also serves as corporate secretary and Bank Secrecy Act compliance officer. Before joining the Team Capital in 2005, when the bank was founded, Boyer practiced law for 33 years in a firm he founded that focused on several aspects of banking law and regulation, including commercial loan documentation, residential mortgage review and corporate trust advice. Boyer started his career as a bank examiner with the Federal Reserve Bank of New York. Boyer has been instrumental in the design, implementation and management of all aspects Team Capital's Bank Secrecy Act/anti-money laundering program.
Johnson, a bank vice president, implements and administers the bank's security procedures. He maintains records and schedules of inspections, and oversees testing and servicing of security devices for the bank and all branch offices. He also is responsible for staff training in the areas of security and fraud. Johnson has more than 25 years of experience in banking and branch operations, for community banks and larger financial institutions.
TRACY KITTEN: How one Pennsylvania community bank is attacking identity theft and implementing protections to prevent money laundering. I'm here today with Bill Johnson, the security officer for Team Capital Bank, and Richard Boyer, the executive vice president and general counsel for Team Capital Bank. Team Capital Bank is a $670 million financial institution that serves five regions in Pennsylvania and New Jersey. Bill, before we get started, could you please tell the audience a little about your role within Team Capital Bank, as well as a little about Team Capital Bank's security team that is dedicated to fraud and identity-theft prevention.
BILL JOHNSON: I am the security officer, which also includes a lot of BSA (Bank Secrecy Act) and AML (anti-money-laundering) monitoring. Right now, for us, it is a manual process, which we are in the process of, obviously, updating to an automated system that Wolters Kluwer (a financial services firm) is providing for us. We are looking really forward to that. As far as compliance challenges, because of the fast changing compliance laws, rules and regulations that have been happening, this, we hope, will help us meet those goals that we have to absolutely achieve.
KITTEN: What unique challenges did Team Capital face, where compliance with, as you mentioned, BSA, the Bank Secrecy Act, The USA Patriot Act and the Red Flags Rule, is concerned?
JOHNSON: Primarily, staff training, I think, and also the monitoring aspect of it as well. As the regulations change for banks, you know banks have to be up to snuff and ready to roll. So, they've got to constantly keep changing and altering and training.
KITTEN: And then from a fraud and identity-theft perspective, what have been some of the trends that Team Capital has been faced with over the last 12 months?
JOHNSON: Well, we primarily have seen our customers, who normally wouldn't have done so in the past, now trying to structure their deposits to avoid reporting requirements, as well as some instances of attempted check kiting; but because of the speed of the check clearing now, thanks to Check 21, that has started to die off. It's almost impossible to pull off an actual check kite these days, because of the speed of the processing of the checks.
KITTEN: Now, Richard, I would like to bring you into the call. Could you please tell us a little bit about your role within Team Capital, as well as a little bit about the bank?
RICHARD BOYER: I can tell you about the bank. We were chartered as a federal savings association in the fall of 2005. We actually opened for business in January 2006; so we're about 5 years old. However, we operate as a full-service commercial bank. As you indicated, we have nine branches. We have three loan-production offices over the five regions, in Pennsylvania and New Jersey. We also have three branches on the drawing board that we intend will be constructed and in operation by the end of this year or early '11. Currently, we have about 110 employees throughout the organization.
I am the Bank Secrecy Act compliance officer, and have been since the bank's inception; and until two years ago, I was also the designated compliance officer for the bank. Those are the two areas in which I serve that are applicable to the discussion today.
KITTEN: What do you see as being some of the unique regulatory or compliance challenges for Team Capital?
BOYER: I believe, right now, that the biggest compliance challenge is the institution of the regulatory changes occasioned by the recent economic downturn and the perception that the downturn has to do primarily with fair consumer lending. We are seeing things like Truth in Lending (Act), HUD (federal Department of Housing and Urban Development) requirements being changed, being tightened up, being added, and we also are working our way through the new consumer credit protection legislation (The National Consumer Credit Protection Reform Package), with respect to what that new body is going to do and how it will affect us in the application and adherence to new and different regulations.
KITTEN: As a result of the economic downturn, has Team Capital had to cut its resources, or has that affected its fraud prevention and/or security teams in any way?
BOYER: It has not. In fact, due to our very rapid growth, we have committed additional resources to AML and fraud issues, both financial and personnel resources.
KITTEN: And what prompted Team Capital to invest in an off-the-shelf anti-money laundering or identity-theft protection solution?
BOYER: Our core processing is provided by a third-party vendor, so we are accustomed, to some extent, to some off-the-shelf applications. As I said, we're not yet 5 years old and we don't have the resources or the desire to reinvent the wheel, particularly with an entity-wide solution for what we perceive to be a low BSA, AML risk profile.
KITTEN: And this is a question I would like to ask you, Richard, as well as Bill, and either one of you can step in and then be followed by the next. What options did Team Capital explore?
BOYER: We never considered our own customized solution to AML, BSA and fraud issues.
KITTEN: Team Capital has signed with Wolters Kluwer Financial Services, which Bill you mentioned earlier, and you are using Wolters' risk ID solution to verify customer identities and screen high-risk users. The bank also is using Wolters' AML suite to monitor, analyze, investigate, and prevent suspicious activity that could lead to money laundering. The bank expects to have services completely rolled out by early 2011. How will Team Capital gauge the success of those programs?
JOHNSON: I would think that from the suspicious-activity monitoring itself, because it is analyzing everything together, that we would see an increase in what we consider to be suspicious activity.
KITTEN: And are you talking about just the AML suite, or are you talking about across the board?
JOHNSON: Across the board, because it not only monitors the physical transactions, but is seeing transactions coming in, wire transfers coming in, the items going out. So it monitors it all together.
BOYER: We're going to be looking at the solution and its accuracy, its transparency, its use of operation, the extent of integration, the opinions and reports of our auditors and examiners, satisfaction in the staff, and the overall effectiveness of the solution.
KITTEN: And Richard, how long do you think it will take to actually gauge that success? Are you looking at information over the course of 12 months, or will you be able to, perhaps, have a feel within six months?
BOYER: I would anticipate somewhere between six and 12.
KITTEN: Now, I would like to introduce Tom Leuchtner, the director of financial crime control solutions for Wolters Kluwer Financial Services. Tom, would you please tell us a little bit about your roll?
TOM LEUCHTNER: My role, as you mentioned, I'm responsible for the financial crime control solutions at Wolters Kluwer, and what that really means is I lead the product creation, development and delivery.
KITTEN: Great, now, Tom, are both solutions being used by Team Capital Web-based, are they in the cloud?
LEUCHTNER: They are, in fact, web-based, ASP (application service provider) solutions. So, Team Capital does not have to install and configure and support the servers, etc., in their environment. They are using and connecting their systems to our ASP services.
KITTEN: OK. That kind of goes back to what Richard was saying earlier about tying all that in with the roll out of their new core processing platform?
KITTEN: Now, Tom, I would like to start with you, and then, Richard, I would like you to follow up. Tom, could you tell us what the advantages and disadvantages are for banks and credit unions when they are looking to move to this type of off-the-shelf Web-based or cloud solution? What are the considerations?
LEUCHTNER: I think, typically, at least from what we hear, is cost of ownership, as financial institutions look at whether they should decide to have an installed or deployed solution in their environment, versus an ASP. They look at the overall; first they look at their business strategy, and does part of their business strategy include having their own infrastructure or their own IT department, their own SAS70 hosted infrastructure in their environment? Or did they really look to business partners to provide those solutions for them? Then, that really enables us to look at how is this system used; what is the efficiency of the system; how do different systems connect and share information; and what is the responsiveness of the system? So, those are the kinds of considerations, at least we hear, when we are in discussions with our customers.
BOYER: I think cost is always an important factor, but I also think the resources of the particular financial institution, both in terms of personnel and in technology, when you start considering hosting your own application, become very important. I also think that the experience of the vendor and its experience with the particular programs available are very important; and, finally, I think the comfort level that the bank or credit union has with the vendor and with the particular solution that you elect, are also important.
KITTEN: And now, Bill, I would like to come back to you and just see if you could offer some advice to other banking institutions that might be considering a similar solution. You know, what are some of the considerations that they should take into account, from a security prospective?
JOHNSON: Well, of course, as your institution grows, it becomes harder and harder to follow through on some of these threats that you might be, you know, perceiving to come into your institution. So, I would say that you would need to go to some sort of an electronic monitoring, if you're not already doing it, and to keep on top of it and do the best you can do with what you've got.
BOYER: Another resource is to do some of the risk-identification profiling for our customers; and our products and services have the ability to identify, to a large extent, our new customers. We also have the ability to check them against all the government systems. So then, I think, that in terms of the front-end analysis, although Wolters Kluwer is significantly more sophisticated and might add more of a level of standardization to what we do, I think we can do that pretty well, given our size. However, as Bill indicates, the things we cannot do as well as we should is the monitoring of the activities, because Joe was forced to look at so many reports and events to discover transactions which may be unusable. And, also, inability to aggregate different types of transactions in order to determine whether or not an activity appears to be of the nature that we will need investigate it a little further. So, the monitoring is really what we're looking forward to.
KITTEN: And, finally, in closing, Tom, we will start with you. From a fraud and security prospective, how does money laundering rank among the greatest challenges facing the financial industry?
LEUCHTNER: I think it is quite high. Over the last number of years, we've seen a dramatic change in the profile of money launderers, in particular, the sophistication of fraudsters and money launders has increased exponentially, in their ability to exploit technology, electronic payments, cross-border funding, terrorist financing, etc. All of these things tend to be intertwined. And the leveraging of the technology at financial institutions has opened up their systems for improved customer service and more rapid processing of payment, etc., but it also has created a real window of opportunity, if you will, for money launderers; and, I think, as a result, there is a heightened awareness and scrutiny by regulators, as well as financial institutions, to track and monitor and respond to these threats.
KITTEN: And, Richard, what is your perspective?
BOYER: I think BSA, AML, from the institution's standpoint, and also the regulators' standpoint, BSA is No. 1 in importance and No. 2 in importance. Recently, I think, as I said, fair lending may be a risk and a challenge to the financial community, to the economy and the regulators. I think, however, AML and also fraud activity, become more of a concern, and a continuing important concern, due to competition, particularly in the electronic-banking arena. The old face-to-face identifying, verifying and then monitoring activity has gone away with the dawn of the electronic-banking age; and I think that, again, it's been since I started in the business - and since 9/11 - AML, BSA, fraud are the No. 1 challenge.