Home Compliance Topics Fraud
Wire Transfers
View/Print All Return

Wire Transfers

Last Reviewed: November 2024

A Bank Secrecy Act (BSA) rule [31 CFR 103.33(g)] - often called the "Travel" rule - requires all financial institutions to collect, retain, and pass on certain information to the next financial institution, in connection with “funds transfers” equal to or greater than $3,000 (or it's foreign equivalent). The term “funds transfers” generally refers to wire transfers. These rules are designed to help law enforcement agencies detect, investigate, and prosecute money laundering and other financial crimes by preserving an information trail  about persons sending and receiving funds through funds transfer systems.

Certain credit union services and activities are more vulnerable to being exploited in money laundering and terrorist financing activities. These higher-risk products and services include wire transfers, as the wire transfer systems allow for the quick movement of funds both within the U.S. and internationally. 

Print Summary

Wire Transfers: Summary

The BSA’s “Travel Rule” requires a credit union to include certain information in payment orders relating to transmittals of funds (mostly wires) of $3,000 or more, whether or not currency is involved. In other words, certain information must “travel” with the wire. Funds transfers governed by Regulation E (made through ATM, or point of sale systems (ACH)) are not covered by the Travel Rule.

Note: NACHA ACH rules require all international payments made via the ACH Network to be identified as International ACH Transactions using the Standard Entry Class (SEC) Code – IAT. The rules also require that all IAT payments include the specific data elements defined by the BSA’s “Travel Rule”.

For all wire transfers for $3,000 or more, information must be collected and retained. The information collected and retained depends on:

  1. The credit union's role in the transfer (originator, intermediary, or beneficiary),
  2. Whether an originator or beneficiary is an established member of the CU, and
  3. Whether a transfer is made in person or otherwise.

Responsibilities of an Originating Financial Institution

For a payment order of $3,000 or more where a credit union acts as the member's originator credit union, it must obtain and retain the following records:

  • The originator's name, and mailing address of the originator
  • The amount of the payment order
  • The execution date of the payment order
  • Any payment instructions
  • The identity of the beneficiary's financial institution
  • As many of the following items as are received with the payment order:
    • Beneficiary's name and mailing address
    • Account number of the beneficiary
    • Any other payment instructions or specific identifier of the recipient.

In addition, an intermediary financial institution must pass on all the information it receives from an originator's financial institution or the preceding intermediary financial institution but has no general duty to retrieve information not provided.

Exceptions to the Funds Transfer Rules
The following transfers are excluded from the BSA funds transfer rules:

  • Transfers of less than $3,000
  • Debit transfers
  • Transfers governed by the Electronic Fund Transfer Act, as well as any other funds transfers made through ATM, ACH, and POS systems
  • Transfers where both the originator and the recipient are any of the following:
    • Domestic bank (definition of “bank” includes credit union)
    • Wholly-owned domestic subsidiary of a domestic bank
    • Domestic broker or dealer in securities
    • Wholly-owned domestic subsidiary of a domestic broker or dealer in securities
    • The United States
    • Federal Agency or instrumentality
    • State or local government or
    • State or local government agency or instrumentality

Recordkeeping Requirements - Non-Established Members

If the originator is not an established member, the credit union should collect and retain the information listed above. In addition, the originator's financial institution must collect and retain other information, depending on whether the payment order is made in person.

Payment Orders Made in Person
If the payment order is made in person, the credit union must verify the identity of the person placing the payment order before it accepts the order. If it accepts the payment order, the credit union must obtain and retain the following records:

  • Name and address of the person placing the order.
  • Type of identification reviewed.
  • Number of the identification document (e.g., driver's license).
  • The person's taxpayer identification number (TIN) (e.g., Social Security number (SSN) or employer identification number (EIN)) or, if none, the alien identification number or passport number and country of issuance, or a notation in the record of the lack thereof. If the originator's financial institution has knowledge that the person placing the payment order is not the originator, the institution must obtain and record the originator's TIN (e.g., SSN or EIN) or, if none, the alien identification number or passport number and country of issuance, or a notation of the lack thereof.

Payment Orders Not Made in Person
If a payment order is not made in person, the credit union must obtain and retain the following records:

  • Name and address of the person placing the payment order; and
  • The person's TIN (e.g., SSN or EIN) or, if none, the alien identification number or passport number and country of issuance, or a notation in the record of the lack thereof, and a copy or record of the method of payment (e.g., check or credit card transaction) for the funds transfer. If the originator's financial institution has knowledge that the person placing the payment order is not the originator, the institution must obtain and record the originator's TIN (e.g., SSN or EIN) or, if none, the alien identification number or passport number and country of issuance, or a notation of the lack thereof.

Retrievability Requirements
Information retained must be retrievable by reference to the name of the originator. When the originator is a member, whose account is used for funds transfers, information retained must also be retrievable by account number. Records must be maintained for five years.

Responsibilities of an Intermediary Financial Institution

Recordkeeping Requirements
The credit union must retain a record of each payment order of $3,000 or more that it accepts as an intermediary financial institution.

Travel Rule Requirements
The credit union as an intermediary financial institution must pass on all information received from the preceding institution, including the following: 

  • Name and account number of the transmitter.
  • Address of the transmitter.
  • Amount of the transmittal order.
  • Date of the transmittal order.
  • Identity of the recipient's financial institution.
  • As many of the following items as are received with the transmittal order:
    • Name and address of recipient.
    • Account number of the recipient.
    • Any other specific identifier of the recipient.
  • Either the name and address of the numerical identifier of the transmitter's financial institution.

However, the credit union has no duety to obtain any additional information.

Responsibilities of a Beneficiary's Financial Institution

Recordkeeping Requirements
The credit union must retain a record of each payment order of $3,000 or more that it accepts as a beneficiary's financial institution. 

For each payment order accepted for a non-customer, the financial institution must obtain and retain the record of the payment order in addition to:

Proceeds Delivered in Person
If proceeds are delivered in person to the beneficiary or its representative or agent, the institution must verify the identity of the person receiving the proceeds and retain a record of the following:

  • Name and address
  • The type of document reviewed
  • The number of the identification document
  • The person's TIN, or, if none, the alien identification number or passport number and country of issuance, or a notation in the record of the lack thereof
  • If the institution has knowledge that the person receiving the proceeds is not the beneficiary, the institution must obtain and retain a record of the beneficiary's name and address, as well as the beneficiary's identification

Proceeds Not Delivered in Person
If proceeds are not delivered in person, the credit union must retain a copy of the check or other instrument used to effect the payment, or it must record the information on the instrument. The institution must also record the name and address of the person to which it was sent.

Retrievability Requirements
Information retained must be retrievable by reference to the name of the beneficiary. When the beneficiary is an established member of the credit union and has an account used for funds transfers, information retained must also be retrievable by account number (31 CFR Chapter X §1010.410(a).

International Transportation of Currency or Monetary Instruments Report
A Report of International Transportation of Currency or Monetary Instruments (FinCEN Form 105) is filed whenever a person physically transports, mails, or ships, or who causes, attempts, or attempts to cause the physical transportation, mailing, or shipment of currency or other monetary instruments in aggregate amount exceeding $10,000 at one time out of or into the United States. This form should also be filed when the credit union receives more than $10,000 in currency or monetary instruments which has been transported, mailed, or shipped from somewhere outside the United States. If a member declares they received or transported currency in an aggregate amount exceeding $10,000 from a place outside the United States and wishes to deposit the currency into their account, the credit union is under no obligation to file a CMIR on the member's behalf or its own behalf.

Recordkeeping Requirements
The credit union must keep the original, a microfilm, or a copy of the form for at least five years.

Latest Guidance on Wire Transfers

Wire Fraud
Electronic payment systems, including wire transfers, are particularly vulnerable to fraud, as wire transfers allow for the quick and irreversible movement of money between accounts. It is important to manage the risk of wire fraud for effective fraud prevention and detection. 

Wire transfer scams typically involve criminals impersonating trusted individuals or institutions. Fraudsters may trick an individual to send money to their back account under false pretenses, or they may fraudulently obtain an individual's account information and initiate a wire transfer from the member’s account. Examples of fraudulent wire transfer scams and activities include:

  • Real Estate Transactions
    • The National Credit Union Association (NCUA) reports that financial institutions and home buyers are increasingly becoming victims to wire transfer scams connected to real estate closings. A fraudster may hack into a title company or lender's email server or computer system to search for upcoming real estate closings. They then would email the buyer or financial institution with bogus wire-transfer instructions related to a particular real estate loan closing.
    • Red flags of this type include emails with misspellings, poor grammar, a sense of urgency, and last-minute change requests to payment type or account numbers: as well as emails that are sent outside of normal business hours.
  • Business Email Compromise (BEC)
    • In this scam, criminals send an email that appears to come from a business or individual you know and requesting a seemingly legitimate payment, often urgently, via wire transfer.
    • Red flags include unusual payment requests, vendor information changes, and requests for wire transfers to unfamiliar accounts.
  • Credit Union Insiders
    • Credit union employees, third-party vendors, and other insiders have access to sensitive information and can pose a risk, as they can abuse their access for personal gain. An employee may manipulate controls within the wire transfer system to initiate unauthorized wire transfers to personal or accomplice accounts. An employee may also collude with another party to facilitate and make the transfer seem legitimate.

Mitigate Risks
To mitigate the risk that wire transactions may be vulnerable to error or fraud, credit unions should implement wire controls, inluding:

  • Conduct background checks on new employees
  • Conduct ongoing screening of current employees
  • Provide comprehensive and ongoing employee training
  • Access controls and restrictions - passwords, PINs, security tokens, user access levels, multi-factor authentication
  • Implement segregation of duties and dual control in wire processing
  • Clearly define requirements for identifying the member originating the wire-call-back procedures, authentication methods
  • Review samples of wire transfers to confirm compliance with internal controls
  • Monitor employee activities to detect suspicious activity
  • Review unusual wire activity
  • Create a culture of vigilance
Print Checklist

Wire Transfers: Checklist

  1. Does the credit union keep records of all wire transfers and other payment orders for $3,000 or more? 
        
  2. As the originator's bank, does the credit union obtain the name and physical address of originator; amount of the payment order; execution date; payment instructions; identity of the beneficiary's bank; and, if received with the payment order, beneficiary's name, address, account number and any other specific identifier?
     
  3. Is the above information retained for five years?     
     
  4. Is the information retrievable by reference to the name of originator and by account number if the account is used for wire transfers?
     
  5. Does the transmittal order (upon first sending to the financial institution) include: transmitter's name; number of the account from which the payment is ordered; amount; date; identifiers for transmitting and receiving financial institutions; and recipient identifiers?
     
  6. As the beneficiary's bank, does the credit union retain a record of the payment order for five years?     
     
  7. Is the payment order record retrievable by reference to beneficiary name and, as applicable, account number?
Print FAQs

Wire Transfers: FAQs

How long must information collected be kept under the Travel Rule?
Does the rule require the credit union to report the collected information to the government?
Do the funds transfer rules apply to transfers from a member’s individual credit union account to their joint account at the same credit union?
Are all funds transfers subject to the recordkeeping requirements, regardless of the size of the transaction?
Since ATM, ACH and POS transactions are exempt from coverage, what is an example of a funds transfer that does not involve a wire that would still be covered by the BSA funds transmittal rules?
How many beneficial owners are we required to obtain information for?
When a credit union requires the assistance of its corporate credit union to wire funds, which party has responsibility for recordkeeping?

Print Model Policies

Wire Transfers: Model Policies

CU PolicyPro contains the following policies which can be used to help you craft your own policy on this topic:

  • Model Policy 2110: Bank Secrecy Act
  • Model Policy 2290: Wire Transfers

Click to login if your credit union subscribes to CU PolicyPro.

If you're not sure if your credit union subscribes, contact policysupport@cusolutionsgroup.com for assistance.

Go to main navigation