RSK.IQ Question of the Week 6/29/15

Business Lines of Credit and Online Transfers


The Bank is looking to allow its business borrowers access to commercial lines of credit through online transfers. Would there be an audit or compliance issue if the Bank chooses to offer this?

Response Summary

From a BSA/AML and audit standpoint, the Bank will want to have sufficient controls in place to ensure that the request for an advance is authorized and for the purpose for which the credit was granted. This would include appropriate customer due diligence and monitoring, and may include restrictions on the size of advances or how often they can be requested.

Response Detail

Generally, the conditions for an advance from a commercial line of credit are established by the credit agreement between the Bank and the borrower. This would include the parties authorized to request an advance, the purpose for which an advance would be used, any verification of the purpose, the manner in which the disbursement would be made, and any limitations on the size or timing of the advance.

Allowing advances from a commercial line of credit to be requested and disbursed electronically would not be subject to the requirements of Regulation E, since this pertains only to consumer transactions. From both a BSA/AML and an audit standpoint, however, the Bank will want to have sufficient controls in place to ensure that the request for an advance is authorized and for the purpose for which the credit was granted.

The risks of conducting transactions online are not as significant as the risks of opening an account online, but the Bank should have established policies and procedures for authenticating the borrower’s identity each time an attempt is made to access private information or to conduct a transaction. The authentication methods recognized by federal regulators would include one or more of these factors:

  • Information only the user should know, such as a password or personal identification number (“PIN”)
  • An object the user possesses, such as an automatic teller machine (“ATM”) card, smart card, or token
  • Something physical of the user, such as a biometric characteristic like a fingerprint or iris pattern

The Bank will also want to comply with BSA/AML rules concerning funds management, including a strong customer due diligence program which would consider the following:

  • Purpose of the account
  • Actual or anticipated activity in the account
  • Nature of the customer’s business or occupation
  • Customer’s location
  • Types of products and services used by the customer

The transfers of advances from the line should be to a business account and not a personal account in order to mitigate money laundering or funds being used for a purpose not authorized by the credit agreement.

Otherwise, online banking activity related to commercial lines of credit should comply with the Bank’s BSA/AML program, including adequate monitoring of transactions. FDIC: Risk Management Manual of Examination Policies, section 8.1 – Bank Secrecy Act, Anti-Money Laundering and Office of Foreign Assets Control.

If the Bank ordinarily uses the request for an advance as an opportunity to ascertain the financial condition of the borrower, it should be aware that online transfers may allow advances to be obtained without such a determination having been made, unless proper controls are in place. For that reason, the Bank may wish to limit the size of advances requested online or how often such advances can be requested. The Bank should also consider setting up alerts on its system for transfers above a certain dollar amount and having follow-up contact with borrowers to confirm the request and use of an advance.



This entry was posted on Monday, June 29th, 2015 at 2:00 pm.

Leave a Reply

Your email address will not be published. Required fields are marked *