When financial institutions think about due diligence for Remote Deposit Capture (RDC), the conversation almost always centers on business users. It's easy to see why: larger check values and volumes make commercial RDC users feel like the apparent risk.
But What About Consumers?
Today, mobile deposit is typically considered a standard feature for consumer checking accounts. Financial institutions often provide access by default when mobile banking is enabled or after a brief enrollment process. So, where exactly does due diligence fit in?
What Do the Rules Say?
The 2009 FFIEC Risk Management of Remote Deposit Capture guidance sets out general expectations for customer due diligence. While it doesn't make a substantial distinction between business and consumer users, it does provide a framework for understanding and implementing due diligence procedures.
In practice, this means most institutions rely on their broader account-opening procedures, fraud monitoring tools and deposit limits to manage risk for consumer mobile deposit users. But does that count as due diligence?
Where Due Diligence Might Be Hiding
You might already be performing due diligence on your consumer mobile deposit users without realizing it. Consider these questions to uncover where it may be happening:
- Eligibility Criteria
- Is mobile deposit access granted to new accounts, or is there a waiting period before it becomes available?
- Is a certain length of satisfactory account history required?
- Are age requirements in place for the service itself or the accounts eligible for the service?
- Are there flags that would lead to denial or revocation of access?
- Deposit Limits
- Are check amounts and daily/monthly caps based on account type, tenure or observed behavior?
- Does the consumer’s request for an increase require additional review and approval?
- What procedures are in place if a deposit exceeds the daily or monthly cap?
- Revocation Policies
- If fraud occurs, are there procedures in place for revoking access to mobile deposit or potentially closing the account?
|
- Monitoring Tools
- Does your system flag mobile check images for duplication or unusual activity?
- Does staff conduct additional reviews?
- Has training been provided for the appropriate staff to ensure they can identify and act when they notice duplicates or unusual activity?
- Are escalation procedures in place if potential fraud is identified?
- Do you require restrictive endorsements to prevent receipt of an RDC indemnity claim?
- Holds and Funds Availability
- Are longer holds placed on mobile deposits for newer accounts or high-dollar items?
- Are funds made available immediately or on the next business day?
- Is this addressed in the Mobile Banking Agreement or Mobile Deposit Terms and Conditions?
|
Why It Feels Unclear
Unlike commercial RDC, consumer mobile deposit doesn't always trigger a formal approval process. It's embedded. That can make it difficult to pinpoint specific due diligence procedures.
Fraudsters are well aware of the less formal approval process for consumer mobile deposit, making it an attractive entry point for fraudulent checks and duplicate deposits. These threats remain common, underscoring the need for caution and vigilance in managing consumer mobile deposit services.
So, if consumer mobile deposit access is treated as default and included with access to mobile banking, it's worth asking: Have we thought about what we're saying yes to?
Questions to Consider
When reviewing your RDC program's level of due diligence for consumer mobile deposit users, these questions may help:
- Do we document how eligibility for mobile deposit is determined?
- Are deposit limits reviewed or adjusted over time? Do we have a maximum allowable deposit limit?
- How do we monitor for misuse? Who reviews those alerts, and what is our escalation process?
The good news is that enhancing the due diligence process for consumer mobile deposit doesn't necessarily require a brand-new system or costly investments in new technologies. With careful thought and consideration, simple adjustments to processes, such as more frequent reviews of deposit limits or additional staff training on identifying and handling potential fraud, can significantly improve the level of risk mitigation for mobile deposit.
Mobile deposit isn't new anymore, but that doesn't mean it's risk-free or that consumer use is too simple to merit oversight. If anything, its simplicity makes it easier to overlook and also more appealing to fraudsters. You don't need to overhaul your entire program. But if you haven't revisited your consumer RDC controls in a while, now might be the time to ask: Are we being thoughtful? Or are we just assuming it's fine?