Blogs

Wire Transfer Policy

Developing and maintaining adequate policies and procedures ensure all financial institution personnel know and understand what is required. Our auditors have noted certain information absent from members’ wire transfer policies. We encourage the following to be included in wire transfer policies to warrant compliance with your organization’s risk appetite guidelines and your Board of Directors’ strategic plan.

·       Addressing how authorized users and limits are determined, how often users and limits are reviewed and how any over-the-limit situations will be handled.

·       Although financial institutions have a separate Information & Security Policy that addresses physical and data security issues at an enterprise level, this policy typically does not explicitly reference wire transfer activity. Therefore, it is recommended the wire transfer policy include some general language recognizing data security issues (i.e., the receipt, transmission and storage of confidential information) related to its wire transfer activities.

·       Outgoing domestic and international wires requested by accountholders are usually detailed in internal policy. Something commonly missing from a financial institution’s policy is the process that addresses incoming wire transfers and internally created wire transfers which are initiated by internal departments such as the loan, trust or accounting departments.

Wire Transfer Reporting

Providing wire transfer information to the Board of Directors on a regular or recurring basis, outside of the annual policy review, is a best practice. EPCOR auditors have noted financial institutions are either not providing any wire information to their Board or the information provided is minimal.

·       It is recommended that financial institution management consider compiling reports of key wire information to be presented to the Board on a periodic basis. Key wire information may include but is not limited to:

o   Wire volume (transactions and dollars),

o   Allocation of incoming vs outgoing,

o   Domestic vs international,

o   International wire volume by consumer and non-consumer,

o   Wire fee income and

o   Any wire errors or losses.

This type of information should prove useful to the Board and assist in determining profitability, as well as highlighting fundamental risks related to the product offering.

Wire Transfer Documentation

When a financial institution is developing a form to use for outgoing wire transfer requests, be sure the form is as robust as possible to capture all required information. Wire Transfer forms should include all information as found in the BSA’s Travel Rule requirement, but also key components found in the financial institution’s internal policy and procedures. EPCOR auditors noted inconsistencies in the completion of internal wire forms, including:

·       In-person wire transfer requests were missing accountholder signatures.

·       Incomplete documentation of callback procedures and originator verification requirements if the wire transfer request was not received in person (i.e., by phone, email, online, etc.)

·       Evidence that an account balance verification was completed prior to sending a wire transfer request. 

Many financial institutions have policies and procedures related to acceptable methods of receiving outgoing wire transfer requests (in person, by phone, email, etc.) and originator verification requirements. Additionally, confirmation of available collected funds is a key internal control in the processing of outgoing wire transfers to reduce the potential for loss to the financial institution. Proper and full completion of procedures should be adequately and accurately documented on the outgoing wire forms, to ensure the procedure was completed and to support the fact that the financial institution followed its own procedures in the event a claim is made suggesting otherwise.

Reconciliation of Wire Transfer Activity

We have noted that daily wire activity is frequently reconciled by an individual who has wire transfer processing capabilities, or the reconciliation of wire activity is not reviewed by an independent individual who did not prepare the reconciliation. To ensure adequate segregation of duties, staff responsible for balancing and reconciling daily wire activity should not have receiving, processing or sending capabilities.  A secondary independent review should also be performed by an individual who did not prepare the reconciliation to ensure balancing is performed accurately and timely, and to monitor the clearing of outstanding items. 

·       Internal controls such as segregation of duties and secondary independent reviews reduce the risk of inappropriate actions and the likelihood of errors by preventing an individual from being able to conceal errors or perpetrate fraud in the normal course of their duties. A lack of such internal controls could result in financial loss for the financial institution.

Risk Assessments

Our team has also found that risk assessments were not being conducted periodically or financial institutions did not have risk assessments conducted specific to wire transfer activities. Not conducting a risk assessment or incorporating wire activity into other internal risk assessments does not sufficiently address all the various risks involved in wire transfer activities. 

·       Strong safety and soundness considerations should lead a financial institution to periodically conduct risk assessments on key operations functions, including wire transfer activities, and to implement risk management programs based on the results of such assessments and in accordance with the requirements of their regulator(s).

o   Components to be assessed include but are not limited to:

§  Systems and controls,

§  Credit risk,

§  Regulatory compliance,

§  Vendor management and contingency planning,

§  Operational and transaction risk and

§  Information technology risk.

When reviewing internal policies and procedures to improve compliance, consider applicable laws and/or regulations or enhance wire transfer risk management practices by aligning with industry standards or best practices.