5.6 Wire Stripping Configuration

Wire Stripping is a deliberate and illegal practice of removing, tampering, or altering the payment information from wire transfers, so that the identity of potentially sanctioned countries, entities, or individuals is hidden. Wire Stripping practice involves the following methods:

  • A financial institution deleting information from the wire transfer message
  • Inserting false information in the wire transfer message
  • Requesting that the transferring institution delete or falsify an incoming transfer message

For example,

If the sanctioned country A needs to purchase goods from the country B, the transaction originates with the business in sanctioned country A sending funds to an intermediary bank in Country C. Banks from Country C then transfers funds to Country B.

When the bank from Country C transfers the money to the bank in Country B, the details are stripped, i.e., the wire details are removed during the fund transfer to the bank in Country B to avoid OFAC filter detection. The bank from Country B then forwards the currency to the Country B-based goods supplier, and the materials are supplied at the intermediary location (Country C). The intermediary bank (Country C) may remove evidence of any nexus with the sanctioned country (Country A) from within the Society for Worldwide Interbank Financial Telecommunications (SWIFT) messages, inserting false details or returning it to the customer to resubmit.

The Financial Institutions (FIs) may conceal or remove true originators from the transactions to avoid the sanctions-monitoring programs put in place by those institutions. The FI may weed out, tamper, or even alter the payment details of the transfer. In some instances, some FIs even go a step further and advise originating banks in the sanctioned countries on how to format their transfers to allow the transactions to avoid detection entirely.

As a result of the wire stripping activities, the institutions are subjected to substantial regulatory fines and reputation damage.

To detect potential wire-stripping activity, a FI needs to focus on comparing previously submitted and rejected payments. In many cases, payments are linked to other payments, and discrepancies between these payment pairs may indicate that wire stripping has occurred. A possible detection method for this situation is to compare certain key fields of these payment pairs. This method will require FIs to maintain and leverage historical profiles of payment messages that were blocked or rejected.

TF will generate a suspected wire stripping alert using methodology built into the product and harnessing the power of EDQ.

When a message is blocked or rejected by the sanctions team, the transaction is stored in the database of blocked transactions (the property of the transaction is configurable) with a unique identifier code or Fingerprint assigned. Using the Fingerprint, identical wire transfers are identified with variable attributes and a look back period.

The fingerprint is calculated on items such as currency, amount, ordering customer, beneficiary bank or other beneficiary information. Fingerprint contains a combination of multiple fields to compare. You can create multiple rules in Transaction Filtering Admin which will create multiple fingerprints.

To configure the Fingerprint attributes for the Wire Stripping, follow these steps:

  1. Navigate to the Financial Services Analytical Applications Transactions Filtering landing page.
  2. Click Transaction Filtering Admin. The Configuration screen is displayed.
  3. Click Wire Stripping Configuration tab.

    Figure 5-7 Wire Stripping Configuration Tab


    Wire Stripping Configuration Tab

  4. In the Wire Stripping configuration section, select Yes if wire stripping is required or select No

    if wire stripping is not required. By default No is selected.

    If you select Yes, message category section and Fingerprint sections are enabled.

  5. Select Yes adjacent to Message Category (Swift, ISO20022 and FEDWIRE) and click Save to add the message category to the fingerprint list. You can add multiple message category to the fin- gerprint.
  6. In the Fingerprint section, to display the fingerprint list table select the message category from the Message Category drop-down list and message type from the Message Type drop-down list.

    The Fingerprint list table displays the results for the combination of message category and mes- sage type that you selected.

    To add new fingerprint to the Fingerprint list table click Add. The Add Fingerprint Screen is dis- played.

    For information on available message types, see Appendix F: Message Categories and Message Types.

    To add new fingerprint to the Fingerprint list table using the Add Fingerprint Screen, follow the subsequent steps:

    1. Enter the parameter value for the following fields:

      Note:

      The following fields are mandatory.
      • Fingerprint Details
        • Fingerprint Name: You can enter the desired fingerprint name.
        • Enable: Select Yes or No to enable or disable the fingerprint. By default, the value is Y.
        • Jurisdiction: Select a jurisdiction name from the drop-down list.
        • Business Domain: Select a Business Domain name from the drop-down list.
        • Look back Period (days): Enter the time period in days. The lookback period (days) is the time limit the WS alert generator uses to consider the previous alerts for comparison.
      • Attribute Details
        • Business Data: Select the Business Data parameter from the drop-down list.
        • Condition Type: Select the matching condition type as Exact, Contains, or Percentage Range.
    1. Select the field combinations and click Add to add the new fingerprint to the Fingerprint Attribute Table.

      You can add multiple Fingerprint attribute by repeating the above steps with different com- bination.

    2. To edit a fingerprint attribute in the table follow the below steps:
      1. Select the attribute from the Fingerprint Attribute table.
      2. Edit the Fingerprint details and Attribute details in the Add Fingerprint screen.
      3. Click Update.
    3. To Remove the fingerprint attribute from the table, select the attribute row and click

      Remove. Click OK to confirm.

    4. Click Cancel to reset the Fingerprint attribute table.
    5. Click Save to add the Fingerprint with selected Fingerprint attributes for the message type selected in Step 6 in Fingerprints section. You can add multiple Fingerprint for the message type with different attribute combinations.
  7. The following buttons are enabled when a fingerprint is added/available in the Fingerprint list table:.
  • Update: To update the selected Fingerprint.
  • Remove: To delete the selected Fingerprint.
  • Enable All: To enable all the Fingerprints in the table.
  • Disable All: To Disable all the Fingerprints in the table.

The selected attribute combinations of Fingerprint for the massage type will be considered to compare the posted message with the previously blocked alerts within the look-back period.

If the current posted message matches with previously compared alerts, a risk score will be generated using the assessment in the IPE. For Wire Stripping Fingerprint Evaluation, a risk score of 100 is preconfigured to create an alert for all matched messages.

For more information on configuring the Wire Stripping Fingerprint risk score, see Configuring Risk Scoring Rules. For more information on alert list, see Oracle Financial Services Transaction Filtering User Guide.