Contracts Are Required Reading For Compliance Officers
One of the most common questions people often ask as an attempt to make conversation to get to know a person is, "What is the last book you read?".
For some of us whose livelihood depends on a large volume of reading daily (Compliance Officers), reading in our spare time is about the last thing of interest. I hate to read directions on putting some purchased item together, let alone a book. I can't remember the last book I read for pleasure.
However, despite all of our reading as compliance officers, one thing we should not overlook reading ourselves and having our financial institution legal counsel to look over as well, are contracts in our financial institutions.
A typical example would include such things as contracts related to secondary market investors (if applicable to your financial institution) and wire transfer related contracts. I could name numerous others, but for the subject of a newsletter, I will stick with these two contract types and deal in more detail with the one with the greater risk potential – wire transfer related contracts/agreements.
Regarding contracts related to secondary market investors, these like so many other contracts in your institution, are likely years old. They may be so many years old that no one even knows where to locate them now! But if they can be found, these contracts may very well have existed since a relationship with that investor was created years ago (pre-TRID). Hence, regulatory changes and perhaps even the way the process is now handled with that specific investor, have created the need for significant change to the contract, including updating of responsibilities of the financial institution and the investor. Thus, you need to take a look at those contracts and ensure they fit today's activity between your financial institution and its investors.
Wire transfer contracts definitely require a closer look from you in conjunction with your legal counsel. We all know the huge risks associated with wire transfer fraud are often attributable to the circumvention of such things as mandatory "callback"; but lacking contractual areas creates risks as well.
Just a few things to consider include:
- Are the customer's authorized initiators, authorization limits, and their contact information current and does the contract language protect the bank from unauthorized initiation by a customer representative?
- Is the process for customer revocation of authority spelled out?
- Are security procedures defined and responsibilities established and are the definite security procedures current?
- Are responsibilities for error detection by the customer established?
- Have the process, obligation, and responsibilities for handling amendments, revocations and discrepancies been established?
- Does the contract discuss cyber insurance?
- Is OFAC referenced?
Hopefully, contracts will be some reading you do consider. Locate them, look them over, and forward them to your legal counsel for an update review. In today's rapidly changing world and technology environment this reading will be time well spent.