Download (direct link):
In addition to banks, there are many nondepository money-service businesses (MSBs) that provide financial services, such as money transmitters, check cashers, and foreign currency exchanges. The MSBs generally receive less attention by regulators than do the banks. A number of states have adopted legislation that attempts to address the activities of MSBs, but the lack of effective oversight has made meaningful enforcement difficult.
An important issue in the detection of money laundering is concern for the privacy rights of the customers of the banks. The Gramm-Leach-Bliley Act restricts the ability of a bank or other financial institution to disclose nonpublic, personal information about a consumer to nonaffiliated third parties. The Act also requires the institutions to disclose to their customers their privacy policies and practices as they relate to the sharing of information with both affiliates and nonaffiliated third parties.
The Federal Reserve has adopted regulations for the purpose of implementing the Act. The Federal Reserve regulations generally require a financial institution to make an initial disclosure, and then periodically an annual disclosure, to its customers that describes the institution’s privacy policies. The Act and the regulations thus deal with two kinds of disclosures. First, the financial institution is prohibited from disclosing private information about its customers. Second, the Act requires that the institution disclose to its customers information about its privacy policies.
Unless an exception applies or the customer has “opted out” of the requirements of the Act, the Act prohibits an institution from disclosing “nonpublic” information to a nonaffiliated third party. The Act also prohibits such disclosure if the institution has not made the disclosures to the customer that the Act requires the institution to make.
The disclosures required by the Act must inform the customer that the institution does not disclose nonpublic personal information about its current and former customers to affiliates or nonaffiliated third parties, except as authorized by the Act. The disclosures must also describe the categories of nonpublic personal information collected by the institution and the institution’s policies and practices with respect to protecting the confidentiality and security of nonpublic personal information.
An institution may not claim that a customer has opted out of the privacy provisions of the Act unless:
• The bank has provided an ”opt out’” notice to the consumer,
• The bank has given the consumer a reasonable opportunity, before it discloses the information, to opt out of the disclosure, and
• The consumer has not, in fact, opted out.
As noted earlier, the privacy provisions relate to the bank’s disclosing “nonpublic” information. There is no restriction on the disclosure of information that is “public” information. Nonpublic information includes personally identifiable financial information
Commerce and Payments in Cyberspace
as well as lists or description of consumers that are derived by the use of personally identifiable financial information.
INTEGRATING RISK MANAGEMENT
Risk management of commerce and payments in cyberspace should be integrated into a company’s risk management plan and monitoring of its corporate payment systems. These innovations should not be regarded as more secure because they are new and technologically impressive.
Management of Corporate Payment Systems Risks
This chapter discusses risk management for corporate payment systems risks. Suggestions for treasury operations and internal controls, a review of how risks are allocated in the company’s agreement with its banks, and a typical crime policy insurance checklist are included.
Risk management is a planned and systematic process designed to eliminate, or at least to reduce, the probability that losses will occur. Risk management concepts and procedures should guide corporate policy. Meeting the reasonable expectations of the insurers should help to control premium costs and maximize coverage benefits, as well as to reduce the likelihood of the occurrence of the covered event.
The goal of managing corporate payment systems risks is to ensure that the company maintains control of its obligation to make and its right to receive payments. The consequences of
Management of Corporate Payment Systems Risks
failure can be great. Some companies have lost huge amounts, and some have become bankrupt because of their failure to control liquidity or because of losses resulting from fraud.
The Office of the Controller of the Currency (OCC), in OCC Bulletin 98-3, summarizes transaction risk, in part:
Transaction risk is associated with internal controls, data integrity, transaction rules, employee performance and operating procedures or problems with service or delivery because of design deficiencies. Transaction risk has the potential to adversely impact earnings and capital as a result of fraud, error, and the inability to deliver products or services, maintain a competitive position and manage information. Transaction risk is evident in every product and service offered.