Insights: Article

Are You Banking Privately Owned ATMs?

By   Linda Albrecht

June 30, 2016

More businesses are beginning to have privately owned Automated Teller Machines. Do you know if any of your business customers have one? If so, have you stepped up your customer due diligence on them? You may be asking yourself, “Why would I need to worry about an ATM the bank does not own?” However, there are risks that come with privately owned ATMs, and some banks will need to make enhancements to address these increased areas of risk.

Risks of Privately Owned ATMs
Privately owned ATMs are typically found in restaurants, bars, gas stations and grocery stores. These ATMs link to an ATM transaction network that debits the customer’s account and credits the ATM owner’s account, or the Independent Sales Organization’s (ISO) account, which can be located anywhere. The ATM transaction network provider and sponsoring bank of the ATM should be completing adequate customer due diligence.

The reason privately owned ATMs have been deemed higher risk is that many of these ATMs have been involved in fraudulent activity, money laundering, theft and identity theft. A few examples of money laundering would be when an individual is replenishing an ATM with currency obtained from illegal activity that is later withdrawn through a legitimate consumer transaction. This would make the deposit to the ATM owner’s account appear like a legitimate transaction. Money launderers may also have agreements with merchants to fill their ATMs with illegal money at a discounted price.

Enhancements Needed
Enhancements should be made to the bank’s systems and customer identification program (CIP) to manage the risks associated with privately owned ATMs and Independent Sales Organization relationships. The bank’s customer due diligence (CDD) of privately owned ATMs should include verification of  the owner’s/ISO’s background, location of privately owned ATMs, source of funds to replenish the ATM, anticipated activity, and also include regular monitoring of the account to make sure the identified risks remain consistent with the conclusions of your customer due diligence. As addressed in the FFIEC Examination Manual, banks should implement appropriate policies, procedures and processes, including appropriate due diligence and suspicious activity monitoring, to address risks with ISO customers. At a minimum, these policies, procedures, and processes should include:

  • Appropriate risk-based due diligence on the ISO through a review of corporate documentation, licenses, permits, contracts, or references.
  • Review of public databases to identify potential problems or concerns with the ISO or principal owners.
  • Understanding the ISO’s controls for currency servicing    arrangements for privately owned ATMs, including source of replenishment currency.
  • Documentation of the locations of privately owned ATMs and determination of the ISO’s target geographic market.
  • Expected account activity, including currency withdrawals.

Understand Your Own Role
Here are a few questions to ask yourself before you start completing your review.

  • Do you know if any of your customers have privately owned ATMs? Consider adding a question to your new account applications to help you in identifying customers with ATMs.
  • Do you know how your customer’s privately owned ATM is being replenished?
  • Have you completed a policy, procedures, and risk assessment for privately owned ATMs?
  • Has any monitoring been completed since your bank has recognized any privately owned ATMs?

Bank Secrecy Act violations continue to reach the headlines, and penalties are harsh, especially if previously identified weaknesses have not been addressed. As businesses change, it is critical that you stay informed of their activities and the impact they have on your banking relationship. Even long-time customers deserve your attention; just because they have been a loyal customer, does not mean they can’t put you at risk for potential BSA violations. Ongoing monitoring is critical in identifying suspect activity in any part of the banking relationship, whether it is on the loan or deposit side. All customers should be considered when evaluating BSA risk, even those who may not have a deposit relationship.

Latest Insights

July 13, 2018
Here are some idea for giving your new hire a smooth start into your business and alleviating stress for you.
July 13, 2018
The impact of the recent SCOTUS Wayfair decision will continue to have a ripple effect on businesses and state sales tax compliance.
July 9, 2018
The revenue cycle is a complex system and we have historically given much attention to the front-end and back-end while oftentimes leaving the middle functions of the cycle neglected.
July 3, 2018
FASB Accounting Standards Codification Topic 606, Revenue from Contracts with Customers, provides a 5-step framework for determining revenue recognition.
July 2, 2018
As part of the Tax Reform Act of 1986, the “Kiddie tax,” a taxing regime designed to make the transfer of income items by wealthy parents to lower tax paying children less attractive, was implemented.
July 2, 2018
When it comes to your employees, you likely conducted interviews on them when you first hired them.
July 2, 2018
Nearly ten years after the release of the initial exposure draft, FASB issued ASU 2016-02, Leases - The standard may have been issued, but the conversation about this re-write of legacy guidance has not slowed.
June 29, 2018
Banks look at three broad categories when considering small business financing: business cash flow, personal financial strength, and collateral value.
June 28, 2018
You need to be cautious when entering into a bartering relationship and remember to track everything and the key to accounting for bartering is making sure you still record the income earned and expenses incurred.