How to understand compliance regulations

Regulatory compliance is a bank’s adherence to laws, regulations, guidelines and specifications relevant to its business activities, practices, products and services to protect its clients’ best interests. This also extends into defined rules and guidelines for bank staff across the entire spectrum of a bank’s activity. Violations of compliance regulations often result in legal punishments, regulatory constraints, reputational damage and financial penalties. All of these can have a negative effect on a bank, its shareholders, clients and employees, who need to be protected.

To protect its shareholders, clients, and employees yet also remain competitive, banks must address these challenges and stay up-to-date with changing regulatory requirements, expectations and industry practices. Banks do this by having a governance, risk management and compliance strategy in place that keeps pace with these changes. Examples of compliance regulations vary from regulatory authority requirements specified by the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) and, specific legislation such as the Money Laundering Regulations Act 2017 and the Proceeds of Crime Act 2002.

As a bank maintains regulatory compliance through having this comprehensive strategy in place, it can become more efficient and effective applying processes and tools to approve clients, client transactions and products or services offered to clients. This translates to better client experiences, from quicker client on-boarding, faster payments services and more tailored product and services offerings from banks. In addition, the bank’s shareholders, clients and employees will be better protected from events leading to non-compliance with regulations.

How to provide compliance information

In order to remain compliant with current Know Your Customer (KYC) regulations, banks’ clients are asked to provide specific information and documents at the point of on-boarding, account opening, transacting and periodically at various stages of their relationship. These must be provided to the satisfaction of the bank to start (or continue) a banking relationship.

Compliance information is needed for an individual’s identity and address verification varies. This ranges from, for example, attested copies of passports, identity cards, driving licences or utility bills not more than two months old. Further security questions may be asked during transactions to verify your identity. Compliance information requests for business detail verification also vary and in addition to the above may also include certified copies of a business’s Certificate of Incorporation, Memorandum and Articles of Association, latest annual returns, organisational and shareholder structures to verify the ultimate beneficial owners/controllers of a business bank account.

Banks may also request the above and other information from clients in order to update records periodically or where there are changes to account holder signatories, mandate holders, beneficial holders, etc. In order for banks to remain compliant, they must obtain this updated information from clients and be satisfied it fulfils regulatory obligations. This reduces any delays in opening or operating a bank account or executing a transaction. Providing compliance, KYC and due diligence information protects your identity and funds. It is necessary to remain compliant with regulations, and desirable to reduce fraud and money laundering activities which have a negative impact across the financial sector.

Also visit: The Global Anti-phishing Working Group. The Home Office’s Identity Theft website. The Miller Smiles record of the latest online scams.

How to be alert to fraudulent transactions and report suspected fraud on one of your accounts

The sooner fraud is detected, the lower the financial impact. Here are some suggested actions to help stay alert and spot fraud early:

Monitor your accounts

The sooner fraud is detected, the lower the financial impact. Here are some suggested actions to help stay alert and spot fraud early:

Check your accounts frequently for unusual activity. Online banking makes this much easier on a regular and ongoing basis.

Check your accounts frequently for unusual activity. Online banking makes this much easier on a regular and ongoing basis.

Check the balances of accounts on a regular basis. Look for balances lower than expected and unusually high transactions.

Are there unexpected charges on accounts? What are they for? Do they have the same description as previous legitimate charges posted?

Has an unexpected bill or statement been received? This could mean that someone has taken over your account.

Has a notification about an address, password or information change been received?

Protect your computer

Make sure your computer is protected with updated anti-virus and anti-spyware software, and a good firewall. Research first and only purchase software from a source that you know and trust.

If it sounds too good to be true, it probably is. Criminals do not only use the internet. They also use phone calls, text messages social media and emails to gain information.

Be very wary of requests for account information. Also be wary of a promise to pay a large sum of money in return for transferring funds Internationally that has nothing to do with a business transaction.

Be very wary if a friend or business associate sends an urgent request for money via email or social media to help them out. For example, they are stuck in a foreign country.


How safe is online banking?

Online banking is safe with the proper precautions. The following sections detail types of fraudulent attacks you may encounter, safety steps for online banking as well as ways your personal and business information may become compromised.

  • Phishing Email: Many attackers get into a bank account by tricking a user into thinking they are logging into their bank account when in fact they are not. This technique, known as phishing, is often done by email. Phishing emails are sent by fraudsters who pose as genuine companies such as a bank, PayPal or HMRC. The email informs you that you need to change your online information, verify a purchase, or something else that requires you to log into your bank account via a link in the email. Clicking on the link takes you to a fake website that records your account information. Here, fraudsters steal your financial or personal details to use for their own gain.
  • Phishing Malware: Untrusted links in an email can install malicious software (‘malware’) on your computer as another way to capture your personal and business details. Criminals can steal your password by tricking you into installing a program on your computer that records what you type in. For example, a warning sign that states Your computer is compromised. Click on this link to fix it. The next time you log into your online bank account, the malware program secretly records your password details. It then sends them to a fraudster over the internet who can then access your bank account.
  • Vishing / SMiShing (Telephone Fraud / SMS text fraud): Fraudsters call and pretend to represent the police, debt collection agencies, late payment notifications, a bank’s fraud department, etc. They may warn that your account has been compromised to trick you into moving your money somewhere safe. Some tell you to call a genuine number for your bank to verify the call, play a dial tone while they stay on the line, and then pose as your bank. This way they obtain your sensitive personal and business information and can access your funds. Alternatively, they may use spamming software to spam text numbers with urgent messages, and collect responses that confirm the user’s identity which are then used for fraud.

Phishing can be avoided by NEVER clicking on a link to visit your online bank. Instead, if you need to log into your bank, always visit it through a bookmark created in your browser or by typing your bank’s URL directly into the address bar. Make sure the page is secure when entering data. Look for a web page that encrypts data; it has a small padlock icon (Internet browser security ‘lock’) either in the bottom corner of the window or next to the address bar. The URL will start with https:// instead of http://. If you can’t see this, your data is not secure; anything you enter into the page could be captured and read by a criminal. When you visit your online bank login page, make sure you see this ‘lock’ before you enter your username and password. If you do not see this ‘lock’, do not log into the website.

Vishing can be avoided when you are aware of your bank’s practices and challenge the caller with sceptical questions. A common sense approach is the best protection against such calls. If a caller pressures you to give your bank account details or to move money using fear based messages (for example, Your account has been compromised) you must challenge them. If prompted for personal information, ask for the name of the company conducting the call (not who the call is being conducted for) and request the contact information of its fraud department. If you are not satisfied simply hang up. If you want to double check the caller is genuine, hang up and ring your bank / card company directly using the numbers given to you when you originally opened your account or obtained your bank card(s), cheque or paying in books.

SMiShing operates in a similar way to vishing, except the fraudster spam texts a large number of phone numbers with fear based messages (for example, Call your bank on 123-456-7890 about a recent unauthorised transaction on your account). Do not respond to such texts from unrecognised numbers: even a brief message from you confirms your telephone number. This number can then be used as a means of identification. A criminal could then pretend to be you and conduct a fraudulent attack against you and your bank account(s). If your phone has the ability to block or report such texts as spam, use this functionality to help reduce SMiShing attacks.

Business Networks For most business users BFC Bank suggests to only log into your personal online portal while at home on your own trusted Wi-Fi network. Your place of work can install key loggers or use other methods of monitoring you while online. Someone who has access to this information could access these logs that can contain all keystrokes including usernames and passwords.

Wireless network When on a wireless network it is important to understand that all information sent to and from your computer to the wireless router can be intercepted and read by someone nearby. Ensure your home network is secure and password protected from any intruders. If you need to log into your online portal while on a wireless network, make sure the network you are connected to is secure using WPA (Wi-Fi Protected Access). This is particularly true of public access wireless networks (for example, in a coffee shop or library) where you should be even more vigilant.

Passwords The password you use to log into your online bank account should be strong and difficult to guess. This means is that it should not be something easy for someone else to know such as your mother’s name, your street name, or your birthday. Your banking password should have a mixture of numbers, special characters, and upper / lower case. Never write your password anywhere.

Make sure your computer is protected and follow good practices Finally, it is always a good idea to keep your computer protected. Trustworthy security software will protect your computer against the installation of malware. You will also be protected against the installation of malware if you do not open any unexpected email attachments and avoid downloading files from websites that you do not trust. When an attacker attacks or infects a computer they could install a key-logger that logs each keystroke you enter. These can capture your username, password, and other confidential data.

Ensure you have effective and updated antivirus/antispyware software and firewall running before you log in to your bank account.

Be aware of ‘shoulder surfers’ viewing your screen.

Never send usernames, passwords, etc. through email. No bank will ever request you to send personal information over email. Never send or share your username, password, PIN, account information, credit card, etc. over email or on the phone. Email is unencrypted and if intercepted by a third-party could be read. It is also often stored on a server; if that server was to become compromised the attacker could read that email with your personal information. Remember your bank would never ask for your full PIN or passwords.

Lost token or forgotten password
How much notice do I need to give to cancel a future dated faster payment or a future dated international payment?

Clients will need to cancel a future dated faster payment the day before it is due to be sent to prevent it from being made. The cancellation of the future dated faster payment must be online. Future dated International Payments will also need to be cancelled online the day before the payment is to be sent to prevent it from being made.