Friday, September 9, 2011

Regulation E: Using It To Our Best Advantage To Reduce Our Client Based ATM Fraud Risk Without Affecting The Legitimate Client

Reg. E ( specifically 205.11 Procedures for resolving errors ) as those in the business who know like to call it is, in short, the law gives consumers protection and certain rights regarding claims of fraud and/ or errors on their bank accounts.
When this provision was first established, it was a victory for the honest consumer because some banking institutions may have made it incumbent upon the consumer to prove they did not commit the fraud reported in their accounts resulting in denial of their claims. . It is now incumbent upon the financial institutions to prove a consumer’s liability. This regulation put the banks on notice that if they did not follow the regulation, they would be subject to unwanted scrutiny, heavy penalties and civil liability from banking regulators. These liabilities and penalties instilled fear in financial institutions, which resulted in a pay the claim attitude (then deny it, and take the loss.) This contributed to an existing atmosphere conducive to fraudulent behavior in this country or what I like to call “a fraudsters Disneyland.”
Naturally, what occurred is that some institutions became more vulnerable than others because their flawed investigative policy resulted in a reluctance to deny claims. Fraudsters and possibly terrorists too, target specific institutions because of their policies.

Some financial institutions are now advertising that they will reimburse fraud claims within 24 hours. This customer service issue will surely put a smile on the fraudsters face. It will make it easier to commit fraud and have the money credited to them even faster. For those consumers that are true victims, I say that’s great and it should be done. However, between 15% -40% of ATM, Point of Sale and Debit Card claims are from clients that require scrutiny. (Such claims are fraud reported within 90 days of the account opening, the 2nd or 3rd claim within a year and /or the claim of a client losing his card with the pin written down on the back of the card.) It’s too easy to claim fraud in these situations, and once a provisional credit is issued the money is taken out of the account and the client disappears.

Could it be that financial institution's loss prevention units aren’t very good at investigating fraud? Do they have the investigative acumen required? There are so many claims, they cannot properly investigate every one; not to mention, the fear of denying a claim and the penalties of this regulation, which I believe after customer service is one of the reasons so many fraudulent claims are honored. This Regulation, although unintentionally, has created a sense of paranoia among financial institutions. Even in cases where claims such as these are denied, if the fraudster is smart enough and makes a complaint, some banks will usually pay these claims to avoid the cost or hassle of litigation.

The Regulation does state that FI’s may not be held liable if they show good faith in their investigations. How many investigators are aware of this and are willing to take the steps to conduct this good faith investigation and deny the claim? How many investigators know what this means? It’s probably safe to say that most of the investigators on the loss prevention side of FIs aren't former law enforcement investigators nor do they know the Regulation. Investigations are usually based on a checklist of questions that are inadequate. They rely on the Compliance and Legal Departments to make sure the Regulation is being followed. However, all too often it’s compliance that sets the pace looking at customer service as the broader perspective.

Case in point: A client made a claim with a bank stating that he left all his bank cards in his car when he was moving, and his car was broken into and all the cards were taken when he was on vacation in Florida. He stated that he had the pin numbers written down on an index card with all his cards in the car. All were in the same box that was stolen and monies were taken from all the cards via ATM machine withdrawals over a 10-day period. Total claims made on all seven institutions involved over $80,000. After my initial interview, I contacted the six other institutions involved, which also included a major brokerage company. All the institutions you would know by name. All six told me that they were paying this claim because they didn’t want to violate the Reg. I asked all the institutions to hold off on paying the claim and within days I could deny his claim. It turned out this client was never on vacation in Florida at the time of the fraud; he was at work. I found several inconsistencies in his statements to me. A further interview revealed that he lied about the claim, and that he was the one who made the fraudulent transactions. As a result, all the institutions involved denied his claim, and a FBI investigation was later conducted. How much work did this take: maybe 10 calls and 3 - 4 man-hours over a 3-day period? The cost of denying this $80,000 claim was about $300.00; not bad, right. I have no problem investing $300 dollars to save $80,000. Do you? During my investigation, I never violated the Reg. Why? I conducted a good faith investigation. This denial could and would stand up to any scrutiny by regulators. I proved that the client was the “bad guy.”



A common argument made by bankers is: “We made $150,000,000 last year and $2,000,000 of those were losses due to fraud. No big deal. It’s the cost of doing business.” This way of thinking is way outdated and requires a major paradigm shift. For example, $2,000,000 in losses this year makes the fraudsters want to double it next year because we made it much easier for them this year and it will be even easier the next. Especially vulnerable are small banks that cannot absorb such losses. They pour more resources into the investigative side, or they make the wrong decisions and deny a legitimate claim by a client leaving them wide open for the sting of the regulators for violation of the Reg.

With fraud on the rise year after year, it’s going to eventually get to unacceptable levels. It appears that the more technologically advanced we get in the industry the more vulnerable we become. Investigating the non- client fraudster is hard enough and with the resources available to the Criminal Justice system we cannot seem to ever get a lid on that problem and probably never will. Law Enforcement is inundated with fraud cases that are at uncontrollable levels. We cannot depend on the statistics we read about regarding ID Theft because most fraud is not reported to the police. Customers who become victims usually just call the bank, and their claim is paid. They see no reason to go to the police; they see it as the bank’s problem. It seems to me that we can put a lid on client-based fraud, and it is easily investigated. We do have the ability to control it if we want, in a cost-effective manner.

We also, to a certain extent, need to make consumers responsible for some of their actions. It’s my opinion that if someone writes their PIN number on the back of a bank card. they are indeed compromising that information and should be liable for any loss incurred as a result of that card’s loss. Now, I know fraud investigators agree with me here. However, Regulation E does not. This is a common sense issue. I mean really, lets wake-up! A police report of the fraud should be required.

We can’t be willfully blind to the fact that financial fraud is not affecting us. If we wait to properly address the situation, it may be too late. When I was a detective with the NYPD investigating ID theft in three years I saw the complaints more than triple and, of course, these are just the persons who make a report; most don’t.


When I was a VP at Citibank, I developed and instituted a new Regulation E investigation unit called the Major Incident Unit. In short, this innovative investigative process that I developed significantly reduced Citibank’s client based fraud exposure. Let’s put it this way, if you’re a client at Citibank looking to make a false claim, it's over for you. The unit was so successful they tripled the unit’s manpower.

Let me be clear, I’m not saying that Reg. E is bad, nor is it responsible for most of the fraud that exists today, but it makes a considerable contribution to client based fraud. It needs to be amended to deal with today’s specific financial fraud threats. Protecting the consumer’s rights is paramount; however, a more common-sense approach needs to be implemented.

Fraud and identity theft in this country are out of control to the point where sooner, or later it will affect the bottom line of banks worldwide, or the consumer will pay for the losses with bank fees. Is that good customer service?

How will changes in the Regulation help the consumer? It will help by reducing the financial institutions fraud exposure and losses; therefore, the bank saves money and this will stabilize or reduce their cost of doing business and trickle down to the consumer. It will significantly reduce client-based fraud and the possibility of terrorist financing.

In light of the new federal regulations coming into effect this year for cards, losses are even more important to the bottom line. This is an area that banks can recoup millions of dollars every year depending on their losses.

Some bankers say we can’t have the best of both worlds, I say we can, and I have proven it.