Locking an Account
In the normal course of maintaining a deposit offering, it may become necessary to lock a customer’s account to block certain activity while an investigation or remediation takes place. This is usually done to prevent fraudulent activity after an event of suspected fraud.
Together with account KYC and account closure, having a plan to manage locking accounts can be an indispensable tool to prevent identity and payments fraud.
This guide will provide you the context to understand when and how accounts should be locked, and subsequently unlocked. While valuable, these actions are also sensitive and must be done with careful consideration of their regulatory and operational impact.
When can accounts be locked?
For those with permission, Treasury Prime ledger accounts can technically be locked or unlocked at any time by making a PATCH call to the /account endpoint.
However, locking an account must always be done for an appropriate reason, and doing so may have a regulatory impact. Accounts cannot be locked arbitrarily or for indefinite periods of time. Always be sure to lock accounts with care and in coordination with your banking partner.
Permissions & Availability
All accounts on the Treasury Prime ledger are capable of being locked and unlocked via the API.
Due to the potential regulatory compliance impact of preventing accountholders from accessing their deposits, additional permissions are required to lock and unlock accounts, both in the Treasury Prime API and in the Console.
For more details on the compliance impact of account locking, see the Regulatory Compliance Impact section below. For details on being granted account lock and unlock permissions, contact your Treasury Prime Account Manager.
Lock Reasons
When locking an account, it is necessary for you to include the reason why you are locking that account in the reason parameter of the lock object. e.g.:
Use this table for guidance when selecting the most appropriate reason.
| Reason | Description |
|---|---|
transactions_being_investigated_wire | Investigating potentially fraudulent wire payments. |
transactions_being_investigated_ACH | Investigating potentially fraudulent ACH payments. |
transactions_being_investigated_card | Investigating potentially fraudulent card transactions. |
transactions_being_investigated_check_issued | Investigating potentially fraudulent activity around checks issued from this account. |
transactions_being_investigated_check_deposit | Investigating potentially fraudulent check deposits made to this account. |
identity_of_customer_being_investigated | Investigating potential identity fraud related to the accountholder(s). |
When should accounts be unlocked?
An account should be unlocked as soon as the investigation that caused it to be locked is resolved. In instances where fraud is verified, it is preferable to initiate the process of account closure than to leave the account locked indefinitely.
Allowing accounts to stay locked for an indefinite period of time may run afoul of regulatory requirements, including Reg CC and other regulations.
Treasury Prime recommends that any single account should not remain locked for more than 5 business days, but you should always collaborate with your bank partner to make this determination. For this reason, it is important to have an Account Lock Remediation Plan in place with your bank partner before locking any accounts.
Regulatory Compliance Impact
Locking an account may have regulatory impact and should always be done with care and in coordination with your banking partner. Specific regulatory constraints on locking accounts include but are not limited to Reg CC. Treasury Prime, along with your bank partner, can help you create a safe and lightweight compliance program. Contact your Treasury Prime Account Manager for details.
Account Lock Remediation Plan
Before locking any accounts, we recommend that you build out an Account Lock Remediation Plan with your bank partner(s) and Treasury Prime.
Your plan should at least address the following questions, though this is not an exhaustive list:
- The length of time you’ll allow an account to be locked
- How to handle customer communications and inquiries related to a locked account.
- What criteria trigger the account to be locked
- The processes to communicate with the account owner to gain additional context on the nature of the actions that caused the lock.
- What message will be displayed to the accountholder when a transaction is attempted on a locked account.
Treasury Prime recommends that no single account remains locked for more than 5 business days, with final determination reached in collaboration with your banking partner.
How to Lock an Account
For details about how to lock an account using the API, see the Locking an Account section of the /account endpoint API reference docs.
How to Unlock an Account
For details about how to unlock an account using the API, see the Unlocking an Account section of the /account endpoint API reference docs.
Activity on Locked Accounts
Locking an account will change the expected behavior of payments, cards, and API activity related to the locked account.
It is important to understand the impacts noted below in order to build a favorable and complete experience for your accountholders while their accounts are locked.
Payments
| Payment Type | Behavior When Locked |
|---|---|
| ACH | All pending and processing ACHs will be canceled when the lock is initiated. Locked accounts are blocked from creating any new ACHs. Inbound credit ACHs will be allowed, but inbound debit ACHs will be returned. |
| Wire | All pending wires will be canceled when the lock is initiated. Locked accounts are blocked from creating any new wires. Inbound wires will continue to function on a locked account. |
| Book Transfer | Locked accounts are blocked from being either the from_account_id or to_account_id on a book transfer. |
| Check Issuing | Locked accounts are blocked from issuing new checks. |
| Check Deposit | Check deposits continue to work as normal on a locked account. |
Cards
When an account is locked or unlocked, any cards associated with the account may automatically update their status, depending on the card’s status prior to the lock/unlock action.
Status Change When Account is Locked
| Card Status Prior to Lock | Change When Locked |
|---|---|
active | Will be updated to a suspended status. |
unactivated | Will be updated to a terminated status. |
suspended | No change. |
terminated | No change. |
Status Change When Account is Unlocked
| Card Status Prior to Unlock | Change When Unlocked |
|---|---|
active | N/A — cannot have active cards on a locked account. |
unactivated | N/A — cannot have unactivated cards on a locked account. |
suspended | Will be updated to active if this card was automatically updated to suspended at the time the account was locked. |
terminated | No change. |
Error Messages
When an API call is blocked due to a locked account a 403 - forbidden response will be returned with an error message detailing the cause.