RDC Can Be A Risky Business

Amy Donaghue

By: Tricia Longo, AAP, APRP, NCP, Manager, Audit Services

The Federal Financial Institutions Examination Council (FFIEC) defines Remote Deposit Capture (RDC) in its risk management guidance as “a deposit transaction delivery system, allowing a financial institution to receive digital information from deposit documents captured at remote locations.” These locations may be the financial institution’s branches, ATMs, physical business locations or mobile devices used by both consumers and businesses.

While RDC offers considerable benefits to financial institutions and their clients, the service has risks. When RDC is offered, the financial institution no longer gets to physically examine the item being deposited for counterfeit items or forged/missing endorsements, and security features may be irrelevant.

Financial institutions will have to decide how these items will be processed, either by electronic imaging or converting items into an ACH Entry. Appropriate agreements should be in place taking rules and regulations into consideration, including Check 21 Act, Regulation CC, Regulation J, applicable state laws, agreements and ACH Rules.

Consumer Use
For consumer applications of RDC, having a smartphone and adequate connectivity established, the user should be able to sit on their couch, capture an image of the check and send it off to their preferred financial institution. In this case, technology is already in the hands of the consumer at no cost to the financial institution. Software is usually built into the banks online banking platform.

Commercial or Retail Use
For commercial or retail merchants, RDC technology takes on a different risk perspective. In this situation, a merchant likely has a stack of checks from that day’s business to process. Transaction volumes are higher, and the dollar amounts are potentially higher as well. Hardware equipment is needed and usually provided by the financial institution.

Having a one size fits all risk mitigation strategy may not be the best policy when it comes to providing each of these service types. A financial institution should develop and implement risk measuring and monitoring systems for RDC activity. This includes endorsement requirements, setting deposit limits on the amount and/or number of items or duplicate item detection. It is also important to determine storage, retention and destruction requirements.

Conducting an RDC Risk Assessment prior to implementing the service as well as annually reviewing the risk of your RDC Program is highly recommended and considered a best business practice.

Let Our Workbook do the Work for You!

Don’t spend your time trying to figure out what to do and how to do it when it comes to your financial institution’s RDC Risk Assessment. Our Remote Deposit Capture Risk Assessment Workbook is designed to assist your institution in addressing remote deposit capture risk. The workbook content mirrors the FFIEC Remote Deposit Capture Risk Management Guidance and guides you in completing the step-by-step risk assessment. Skip the headache and pick up the workbook today by clicking here. Or, consider booking one of our RDC Risk Assessment Services! To book, contact Member Support at 800.500.0100 or via email at memserve@epcor.org.