Ask Mary: Wire Transfers are Risky – What Can We Do?!

Dear Mary, how can we manage our risk with wire transfers?

All financial institutions participate in the wire transfer network in one form or another; whether by sending and receiving wire transfers on behalf of clients or transmitting wire transfers on behalf of their financial institution. A wire transfer is a single-entry, electronic credit push from one financial institution to another. Compared to other payment types, wire transfers are low-volume/high-dollar transactions and, in most cases, are irrevocable, which makes them a high-risk function of any financial institution. Also, due to the high-dollar, high-risk nature of wire transfers, there is the potential for significant financial losses inherent in the wire transfer business. With such great inherent risk, it is imperative for financial institutions to implement a strong risk management program over the wire transfer function.

An effective wire transfer risk management program will help financial institutions appropriately manage their risks related to wire transfers. Components of a strong risk management program include periodic risk assessments, board-approved policies and procedures, wire transfer related agreements, physical and logical controls, reconciliation and balancing, record retention and data security, contingency (business continuity) planning and board reporting.

Since the risk environment in which financial institutions send and receive wire transfers is ever-changing, particularly during these uncertain times, the financial institution’s risk management program should be periodically assessed. The wire transfer risk assessment should have identified various risks within the financial institution’s wire operations, including credit risk, operational risk, systemic risk, compliance risk, technology/security risks, reputational risk, sovereign risk and fraud risk.

Armed with information gathered from the completed risk assessment, now it’s time to begin the wire transfer audit. The first step of the audit is to define the objectives for the wire transfer audit.

A wire transfer audit generally has three main objectives:

1. Ensure the safety and soundness of the wire transfer function and help reduce financial losses. A periodic examination of a financial institution’s wire transfer operations will help identify policy deficiencies, internal control weaknesses and procedural inefficiencies.
2. Determine the financial institution’s compliance with various regulations related to wire transfer activity. While not covered by its own statute, wire transfer activity falls under several regulations, including:
   
   • Regulation J – Subpart B: covers legal relationship between the financial institution and the Federal Reserve;
   • Bank Secrecy Act/Anti-Money Laundering (BSA/AML): travel rule;
   • UCC 4A: wholesale EFTs;
   • Regulation E – Subpart B: foreign remittances;
   • Regulation CC: funds availability;
   • Federal Reserve’s Payment System Risk Policy: deals with daylight overdrafts with the Federal Reserve;
   • Compensation Rules: between financial institutions;
   • OCC Banking Circular 235; and
   • Office of Foreign Assets Control (OFAC).
3. Identify and mitigate various risks related to wire transfers, including security and fraud risks.

To meet the overall audit objectives, the wire transfer audit should incorporate procedures directed at determining that wire operations are accurate, secure, efficient and compliant. Such audit procedures include a review of policy, procedures and agreements (wire networks, third-parties and clients), assessment of physical and logical security, transaction testing of individual wires, observation and walk-throughs of daily functions, reperformance of reconciliations, inquiry of wire personnel and review of required disclosures.

Although wire transfers are an inherently risky business for financial institutions, the chance for the financial institution to have significant wire transfer losses can be reduced to a tolerable level when the risks are properly managed and assessed through the wire transfer audit.