We plan to start allowing business customers to transfer funds via ACH, both for business-to-business transfers and intra-business transfers. Are there any special risks when customers transfer funds to their accounts at other banks by ACH transfer? We will attempt to control risk by requiring that transfers be prefunded. Are there any BSA/AML activity monitoring concerns or special issues with ACH, particularly as to fraudulent transactions?

Jul 3, 2017

—

We are not aware of any BSA/AML monitoring issues that are unique to inter-company or intra-company ACH transfers to accounts at other banks. While such ACH credit and debit transactions could result in some exposure for your institution for money laundering or fraudulent transactions, these risks would be reduced considerably by requiring your customers to prefund their ACH transfers.

Although the OCC is not your primary federal regulator, its 2006 bulletin on ACH activities may be helpful — it identifies a number of risks and discusses BSA/AML monitoring requirements for ACH transactions, among other issues.

For resources related to our guidance, please see:

OCC Bulletin, OCC 2006-39, Automated Clearing House Activities: Risk Management Guidance (September 1, 2006) (“ACH transactions can be used in the layering and integration stages of money laundering. . . . Banks should consider the layering and integration stages of money laundering when evaluating or assessing the ACH transaction risks of a particular customer. Because of the nature of ACH transactions, adequate and effective customer and originator due diligence policies, procedures, and processes are critical in detecting unusual and suspicious activities. Equally important is an effective risk-based suspicious activity monitoring and reporting system. . . .”)