FinCEN: Batch e-Filing of CTRs and SARs

By RICHARD B. KELSKY

We get a lot of requests from our customers, many of which end up in development projects and new software releases.
The most we have had in a long time relate to mandatory e-Filing of CTRs and SARs with FinCEN. When it comes to e-Filing, one request has come up way more often than others: “Batch Filing.”
By now, you are trying to adjust to FinCEN’s July 1, 2012 mandate for electronic filing of CTRs and SARs.
By now, having used e-Filing, you have discovered that just because the process incorporates “Adobe forms,” it does not mean that you can scan in a form and send it off to FinCEN — you cannot.
By now, you may have found that filling out forms one-at-a-time on-line is time-consuming and tedious, and can create errors. By now, you may want to switch to “Batch Filing.”

Discrete Filing

Back in late June (and since), many folks called our support center asking about the FinCEN registration process, followed by asking about how to use FinCEN e-Filing once they registered. Most check cashers have had only one choice (is one choice really a choice?): something called Discrete Filing.
What is Discrete Filing? It is the one-at-a-time, manual, on-line creation of a CTR or SAR filing on the FinCEN Website.
It is the process of going to the FinCEN site, logging in and selecting the Discrete Filing option. Under that option, you can choose between using the “legacy form” or the “new form.”
By the way, you can continue to use the “legacy form” until March 31, 2013, after which you will have to use the “new form” (http://goo.gl/r5FCB).
Once you log in, you fill in the form on the FinCEN site with the transaction and customer information. You can store certain recurring administrative entries for use on future forms, such as your company’s name, address, etc.
If you rarely file a CTR or SAR, Discrete Filing may be fine for you, but be very careful about making errors during the entry process, since the data has to be typed in by hand. If you file CTRs and SARs regularly, you’ll probably find yourself muttering “B-atch” fairly soon.
And don’t forget: If your state regulator requires that a copy of the form be filed with it, you still need to print out the form from your system and send it to the state.

Do You Want to Batch?

For those of you who have had enough of filling in forms one-at-a-time on-line, FinCEN has a next level of filing, called Batch Filing.
Last year, when FinCEN was seeking comments on the proposed implementation of both e-Filing and the new CTR and SAR forms, Scott K. McClain, regulatory counsel to FiSCA, provided comprehensive comments. One of the issues that he addressed was called “Technical Issues with Batch Filing Function.”
In his letter, McClain explained:
“FinCEN’s BSA E-Filing system supports discrete, computer to computer and batch filing functions. Based on our discussions with industry consultants and systems programmers, it appears that there are technical challenges in adapting existing point-of-sale systems to FinCEN’s batch filing function.
“More specifically, although FinCEN offered a recent Webinar to instruct financial institutions on the process to register for and utilize the electronic filing system, the final specifications for the batch filing function have not yet been made available to industry.
“We have been informed that FinCEN will make the new specifications available in December, 2011. Systems programmers and consultants, however, have indicated that due to the relative complexity of the programming specifications provided by FinCEN, and the fact that the final specifications have not yet been completed or made available to industry, additional time beyond the proposed June 30, 2012 date may be required to modify existing systems with respect to the batch filing function.
“Finally, in this regard, industry consultants and systems programmers have expressed concerns that it has been difficult to obtain technical information and get answers from FinCEN with respect to systems problems. In order to facilitate the industry’s transition to mandatory electronic filing, we would request that appropriately knowledgeable personnel at FinCEN be made available to provide timely technicalinformation to industry.”
While e-Filing became mandatory on July 1, 2012, submissions such as FiSCA’s resulted in the required use of the “new form” being pushed back to March 31, 2013, to allow for systems development.

Development to Reality

The development of the software behind integrated batch filing was complex and time-consuming.
The idea was to allow a user to generate CTRs and SARs in their POS system, and aggregate them in batches for automated electronic filing with FinCEN without having to enter, by hand, the information for each and every transaction and customer on the FinCEN “Discrete” e-Filing website.
We completed our development of the product, but in some ways, that was just the beginning.

What’s Involved in Going “Batch”?

After the software is installed, each MSB has to be separately approved by FinCEN for batch filing. This process involves the MSB’s registering for FinCEN’s batch filing test site, obtaining a “test” login from FinCEN, and sending sufficient successful batch test submissions for FinCEN to grant a “live” user batch login.
The good news is that by working with our customers, we figured out how to make the process relatively painless.
First, we realized how important it would be to guide each customer step-by-step through the test registration and test batch creation/submission process.
This would include both helping them to create and submit multiple test batches, and to understand the messages returned by the FinCEN system as well as the process of correcting submissions, until a “live” batch user login is granted.
Second, we created a user manual and trained our trainers on preparing and submitting “live” batches of CTRs and SARs, how to read and understand certain FinCEN communications, how to handle certain FinCEN requests for correction, how to handle corrected filings, and more.
These major steps took implementation of integrated Batch Filing from concept to reality.

I’d Choose to Batch

If you ask me, “Discrete or Batch?” my answer is clear and unequivocal: Integrated Batch Filing is a must-have. First and foremost, the time involved is substantially reduced. And since the data moves internally, there’s less chance of entry errors. You do all of your work off-line — on one or several CTRs or SARs — and add them to a CTR or SAR Batch.
When you are ready to send them in, you log on to the FinCEN Batch filing site, and send the file, then check your mailbox for confirmations of receipt and validation. Any detected errors can be corrected and the filing resubmitted.
Perhaps more important, my answer is based on customer comments.
Being in compliance is very important. Spending valuable hours typing on-line to get there is just a waste of your time. So today, if anyone asks you “Discrete or Batch?” there really is a choice.

Richard Kelsky is president of TellerMetrix, a provider of POS transaction, compliance, interface, electronic deposit and marketing software to check cashers, payday lenders and retail banks. He is also a New York and Connecticut Bar member, a Polytechnic Institute of New York University and New York Law School grad, a Certified Anti-Money Laundering Specialist and a frequent lecturer on business, legal, compliance and technology issues. He can be reached at rkelsky@tellermetrix.com.

How Safe is Your Safe (Part 4)

 

By RIC BLUM

If an alarm goes off and nobody hears it, does it make any sound?
Once your alarm system has been activated, you need to let the world know a burglary may be in progress.
For many years, the standard method of acknowledging a breach in a security system was the audible alarm bell or siren. The loud noise was intended to alert the surrounding neighbors and any law enforcement within ear’s reach, as well as to scare away the burglar.
The trend in security systems lately has been the silent alarm where an alarm company, a monitoring facility or the police are alerted the intrusion. These alarm signals are usually transmitted in four ways: telephone lines (sometimes, dedicated), the Internet, radio waves or cellular telephones.
Many alarm systems will use telephone lines or Internet connections as their primary form of communication with the alarm provider, and may use a radio or cellular connection as a secondary contact method in case the primary method is disabled.
Today’s alarm systems are really specialized computers that monitor all functions of the alarm system and its detection methods, phone lines, Internet connection and backup transmission on a regular basis. They look for someone or something attempting to tamper with the overall system.
If the alarm system doesn’t report that everything is working properly, this may be taken to represent a breach in the system. The monitoring station may take the same actions as if an alarm was reported or the owner was contacted to make the decision about what actions to take.
Ideally, your alarm system should have Internet monitoring capabilities with cellular backup for more line security. The Internet allows the monitoring station to communicate with the alarm system on a continual basis every one to five minutes. This is better and cheaper than having a dedicated telephone line and still provides redundancy.
Modern alarm systems have changed. Everything and everyone is synched by computer. All computers are on the Web. Do you have Wi-Fi in your store? Can I, or the bad guys, get access to your computers, video surveillance system or alarm system from a notebook computer in your parking lot? How secure is your secured network?

Cut Lines and Jammers

Mobile jammers are one of the tools the bad guys may use when breaking into your business and cutting into your safe. Your telephone and Internet lines have been cut and your cellular backup can’t make the call for help because it is being jammed.

The fact that cellular telephone jammers are against the law in the United States won’t stand in the way of a criminal. They are quite common in other parts of the world, available online and will be shipped to a U.S. address in a plain brown box.

Most portable, handheld cellular telephone jammers resemble a handheld police scanner with multiple antennas. However, larger, more powerful models are available.

Interactive Audio, Video Service

If you have the latest in security hardware, you (or your alarm monitoring facility) may be able to get online on your computer or smart phone and check things out yourself. Chances are your digital video surveillance system is capable of being connected to the Internet.
If this is the case, you can monitor your store from home and see and/or listen to what may have activated your alarm system without leaving the comfort of your home. Or, for that matter, if you aren’t at home, you may do so from almost anywhere in the world. Your monitoring station may also have access to your video surveillance system and may verify if an actual alarm condition exists.
However, don’t expect to be able to recognize a professional burglar from your video surveillance system recordings (if he didn’t find and destroy it). If he’s not wearing a mask to conceal his identity, he may don a set of head-worn, high-intensity lights which will help him maneuver in the dark while also emitting enough light to make video recognition impossible.
And just to make you feel safe and secure, I have found information on the Web on ways to defeat all of the above detection methods. If I can find it, anyone can. And for those with experience in the security/alarm/electronics fields, it should be even easier.

Path Integrity Vital

Chip Shiver, president, Shiver Security Systems, a Sonitrol franchisee serving Ohio and Northern Kentucky, says the most important thing to maintain with an effective alarm system is the integrity of the communication path from the alarm panel to the central station.
Shriver, an expert in the electronic security industry, says this is key to preventing an alarm system from being defeated. Obviously, early detection video monitoring or audio monitoring is the first step of prevention.
Shiver believes if intruders are able to get to the alarm panel and cell unit thus disabling communication, the alarm panel becomes useless.
You need solid protection around the alarm panel and dual paths of transmission to the central station (IP, telephone, cellular or all three).

Alarm System Comes First

Gary Wasserman of Wexler Insurance, Coral Gables, Fla., prefers clients to have a TL-30 rated safe or better. But that is not where it all begins.
First and foremost, he says, is the need for a UL-approved burglar alarm system. The current UL burglar alarm system certificate uses a modular format in which the service that the alarm customer has is specifically described for various categories.
Such a system requires a central station from which the alarm company monitors the premises, dispatches guards and may request the police to respond. Trained operators monitor the alarm system to determine if a signal is an unauthorized entry or any other kind of breach to the system.
Each certificate will describe such things as the various systems located at the protected property, the extent of protection, all physical hardware installed, whether the safe or vault protection is complete or partial, if there is an alarm sounding device, type of remote monitoring, who should be notified in the event of an alarm, the type of signal transmission for the primary and secondary system, and issues of line security.
Alarm response time is specified with options for having runners respond, with or without keys and with or without local police accompaniment.
The biggest fault Wasserman finds is that some alarm companies are not keeping up with the times and UL requirements. Your alarm system needs to have constant contact with its monitoring station. This is done by what the industry terms a “heartbeat.”
Typically, a signal is sent every 200 seconds from the alarm system to the monitoring station. In reality, every 3 to 5 minutes is probably adequate.
But in fact, the heartbeat may be programmed anywhere from 1 minute to once every 12 days. And there are some monitoring stations that chose to reduce costs by not sending so many signals.
You need to be certain that your alarm system is sending its signal at an adequate frequency. Many store owners report that their systems aren’t sending the signal as often as the alarm company had promised.
Another problem Wasserman sees is that the monitoring station’s line security may not be set up properly. Alarm systems are primarily defeated by cut telephone lines, cut Internet lines, broken cellular antennas and finally, the destruction of alarm panels.
In one instance, he recalls, a throw-away cellular telephone was clipped into an alarm system to dial a false number.
If your telephone, Internet or cellular connection to your monitoring station is disrupted and the monitoring station doesn’t know this because line security is only checked every few hours (or days), the thieves will have plenty of time to go about their trade.
To further complicate matters, owners don’t always take alarm calls seriously. Don’t be complacent, Wasserman says. Add a digital CCTV system to monitor your business. Have cameras cover the entire property. Use technology to remove some personal threat of entering an unknown situation.

Imminent Threat

This is not an all-encompassing article on security systems and safes; it is just the tip of the iceberg. I recommend a security analysis by your security service provider every other year. New products become available on the market because of new methods of burglaries.
You might even call a competing security service provider to go over your system, telling them you are interested in adding a second system or considering changing providers and get their recommendations. Quite often, your local police department will also provide a free security analysis.
For years I have preached redundant alarm systems with at least one that includes audio detection. Then again, even the best alarms have been compromised.
Don’t ignore your first line of defense — your burglar alarm. Treat every alarm as it is were an actual attempted entry. If you don’t have confidence in your alarm system, replace it. Nonchalance to an alarm signal is one of the things thieves are looking for.
Verify all alarm calls with your monitoring station before responding. You don’t want to meet a robber when you show up or leave your business when your guard is down.
Responding to an alarm must include a check of the interior of the premises.
Don’t enter your business without the police or a guard escort.
Most serious break-ins take place over the weekend. They are well planned and you won’t notice they have occurred from casual observation. They will enter from the roof, HVAC units and ductwork, adjacent structures, floors, ceilings, crawl spaces and walls — not your front door!
The building ventilation system must be alarmed and protected with a physical barrier to prevent easy access to the interior of the building.
Your alarm control unit must be in the direct field of a motion detector.
Phone lines and broadband connections should be buried or come from a discrete location. Furthermore, your telephone and all network interface boxes should be located inside your business.
Also, consider the possibility of a home invasion scenario. Have a distress alarm code set up with your alarm provider for this type of situation.
I don’t need to tell you to have your safe combinations and alarm codes changed when an employee with access to either leaves your employment. Of course, this does no good if a current employee goes astray or shares this information.
Another consideration might be to split your inventory between multiple safes. I feel that one safe is never a good gamble, unless contents are lower value. It is much more difficult to open two safes than one.
Securely fasten the safe shelves to the interior of the safe.
TL-30 safes are obsolete and should be replaced with the minimum of a TRTL-30X6. The TL-30 rating only applies to the door of the safe. The walls of the safe will not stop an attack from common hand tools. If your safes don’t even rate TL-30, you have serious security issues!
On the face of it, it looks like the TRTL-30X6 is about twice as tough as the TL-30X6 safe. That just isn’t so. If you really haven’t tried cutting any of these materials then look up the test results of UL labs and see what they do to test the safes.
The reality is the TRTL-30X6 safe is about 8 to 12 times as tough as the TL-30X6 safes in almost all cases and many times tougher than that if you are looking at a straight TL-30 safe.
When you look at the actual work it takes to cut a significant hole into a TRTL-30X6 safe compared to cutting into a TL- 30X6 safe, you will find that 98 percent of the criminals don’t have the patience, nerve, skills and determination to open the TRTL-30X6.
With proper safe placement, redundant alarms with overlapping coverage, TRTL-60X6 safes and luck, you might survive a professional break-in. Your primary goal is to make your business the least desirable or to appear un-penetrable to the bad guys. If your place of business appears to be Fort Knox, they will look elsewhere.
Given enough time, anything is possible. All alarm systems can be defeated. The fact that all safes are rated in minutes should tell you something right there. If someone wants in bad †enough, they will get into your store. Once in, they have alarms and safes to contend with.
And finally, don’t forget to hang a horseshoe over your safe (with proper positioning — which I leave up to you) and tie a lucky rabbit’s foot to your safe door handle. Then again, the rabbit had four feet and it doesn’t appear they were any luckier for him.

Ric Blum is a vice president of Ohio Loan Co.in Dayton, Ohio. He has served as president of the Ohio Pawnbrokers Association, secretary/treasurer of the National Pawnbrokers Association and as a member of the board of directors and the board of governors of the National Pawnbrokers Association. Please feel free to e-mail your comments to RicBlum@att.net or mail them to Ric Blum, Ohio Loan Co., 3028 Salem Ave., Dayton, OH