a presentation on the bank secrecy act, essentials berg.pdf · the bank secrecy act, essentials ......
TRANSCRIPT
A presentation on
The Bank Secrecy Act, EssentialsWilliam G. Berg, MBA, CCUE, CUCE, BSACS, CUERME
February 27, 2017
FinCEN Advisory FIN-2014-A007• BSA/AML shortcomings have triggered recent civil and
criminal enforcement actions – FinCEN seeks to highlight the importance of a strong culture of BSA/AML compliance for senior management, leadership and owners of all financial institutions subject to FinCEN’s regulations
regardless of size or industry sector.
2
FinCEN Advisory FIN-2014-A007• Compliance Should Not Be Compromised By Revenue
Interests – An institutions' interest in revenue should not compromise efforts to effectively manage and mitigate BSA/AML deficiencies and risk, including submission of appropriate and accurate reports to FinCEN.
• Money Services Businesses (MSBs), often derive a significant percentage of their revenue from the activity of their agents. When principal MSBs learn of possible inappropriate activity by an agent, the activity should be investigated thoroughly and appropriate action taken regardless of the impact on revenue.
3
Money Service Businesses
I have just six words to say about MSBs
Regulators hate ‘em. Don’t do ‘em
Actually, that’s seven words!
4
Money Service Businesses
• Very easy to have an MSB in your FOM.
• Cash a check $1000 to one person in a day and that business is an MSB with the myriad of compliance issues.
5
Assessment of Civil Money Penalty• North Dade Community Development FCU, Miami Gardens,
Florida Number 2014-07.
• FinCEN determined that grounds exist to assess a civil money penalty against North Dade Community Development FCU (North Dade) pursuant to the BSA and regulations issued pursuant to that Act.
6
Assessment of Civil Money Penalty• North Dade was founded in 1997 to serve the North
Dade/Broward County community area. Since they were a federal credit union, the NCUA was their functional regulator.
• North Dade’s BSA failures derived significantly from its banking services to certain money services businesses (MSBs). These MSBs were located outside of its geographic field of membership and were engaged in high-risk activities, such as wiring millions of dollars per month to high-risk foreign jurisdictions.
7
Assessment of Civil Money Penalty• In 2013 alone, the total transaction volume through North
Dade by MSBs included $54.8 million in cash orders, $1.01 billion in outgoing wires, $5.3 million in returned checks, and $984 million in remote deposit capture. The assets of this credit union were $4.1 million.
• North Dade’s MSB activity accounting for 90% of their total annual revenue and was not the expected business behavior of a small credit union and led to substantial BSA compliance failures and violations.
8
Assessment of Civil Money Penalty• In December 2009, North Dade entered into a contract with a
third-party vendor (the vendor), itself an MSB, to provide financial services to other MSBs, including check-cashing stores and currency exchangers.
• The vendor in turn provided sub-accounts for other MSBs and 56 of them could receive financial services directly from North Dade. North Dade’s own counsel advised that, although it could open this type of account, North Dade would still have AML compliance responsibilities for the vendor’s MSBs.
9
Assessment of Civil Money Penalty• The substantial revenue generated by the Vendor’s program
(more than 90% of North Dade’s total annual revenue) appeared to outweigh any consideration by North Dade of associated risk and appropriate compliance measures.
• In 2010, the NCUA instructed North Dade to ensure that its MSB members all met field of membership requirements. But by December 2012, North Dade had 56 different MSBs under its Vendor contract that were located outside its field of membership. Many were located in the Middle East and Central America that pose a significant money laundering risk.
10
Assessment of Civil Money Penalty• For example, one individual, connected to over 60% of the
businesses banking with North Dade conducted transactions between January 2010 and August 2013, that resulted in 2,036 CTRs for cash withdrawals. North Dade never identified this customer as being potentially high-risk or reviewed his activities. Instead, they relied upon the vendor to deal with the compliance burden.
11
Take Away
#1 1 CTR should change a member from low risk to moderate risk.
2 CTRs within six months should change a member to high risk.
• Moderate Risk Members – review their account activity on a monthly basis
• High Risk Members – review their account activity on a weekly or more often basis
12
Assessment of Civil Money Penalty• Suspicious Activity Reports (SARs) – between April 2010 and
April 2013, North Dade only filed 15 SARs, they were filed late and the narrative section lacked essential information explaining why the suspicious activity was being reported. North Dade failed to file SARs on customers engaged in suspicious activity, including a customer that was arrested and charged with conspiring to launder money. Law enforcement seized more than $1.5 million dollars from an owner of an MSB who held an account at North Dade yet North Dade never filed a SAR on the MSB or its owner.
13
Take Away
#2 If a member is arrested and charged with money laundering, you might just want to review their account history and file a SAR!!! Duh
14
Assessment of Civil Money Penalty• Section 314(a) of the USA PATRIOT Act – financial
institutions are required to review and respond as appropriate to requests from FinCEN on behalf of law enforcement for information relating to individuals, entities, or organizations engaged in, or reasonably suspected based on credible evidence of engaging in, terrorist activity or money laundering.
• North Dade failed to comply with its Section 314(a) obligations by failing to review these lists from 2012 through 2013.
15
Assessment of Civil Money Penalty• Because FinCEN has determined that North Dade willfully
violated the program, reporting, and recordkeeping requirements of the Bank Secrecy Act and its implementing regulations, as described in this ASSESSMENT, and that grounds exist to assess a civil money penalty for these violations. FinCEN has determined that the penalty in this matter will be $300,000.
16
Take Away
• #3 If the government or anyone else comes into your credit union and seizes more than $5,000 you might just want to file a SAR – DUH!
17
Liquidation• March 31, 2015, the NCUA issued a press release that they
had liquidated North Dade Community Development FCU.
• Liquidation was decided after determining the credit union had violated various provisions of its charter, ,bylaws, and federal regulators. At the time of liquidation, the credit union had 616 members and $3 million in assets.
18
Is the CTR Level Too Low?
19
DUH!
Is the CTR Level Too Low?
20
• Using the Social Security COLA numbers since 1976 (when COLA was first put into place for social security recipients).
• If we used the same COLA, the 10,000 CTR what do you think threshold in 2015 would be?
• 17,340• 27,340• 37,340• 47,340
Is the CTR Level Too Low?
21
Before I give you the answer, the first and only new car I ever bought was in 1974. It was the cheapest, cruddiest, American built car at the time and it featured an exploding gas tank if you were hit from the rear.
It was a true POS (Point of Sale ) car.
I give you the Ford Pinto.
In 1974 I could have bought about three new Pintos for $10,000.
Is the CTR Level Too Low?
22
• Drum roll for the answer….
• If we used the same Social Security COLA, the $10,000 CTR the threshold in 2015 would be?
$47,340
High Risk Business AccountsMarijuana Dispensaries
• In states where marijuana is legal either for medical or recreational use, those businesses will need to find financial services somewhere.
• U.S. Department of Justice Deputy Attorney General James M. Cole issued a memorandum (the Cole Memo to all United States Attorneys providing updated guidance to federal prosecutors concerning marijuana enforcement.
23
High Risk Business Accounts• The Cole Memo applies to all of DOJ’s federal enforcement
activity. • Reiterates Congress’s determination that marijuana is a
dangerous drug and that the illegal distribution and sale of marijuana is a serious crime that provides a significant source of revenue to large-scale criminal enterprises, gangs, and cartels.
• DOJ attorneys and law enforcement should focus their enforcement resources on person or organizations whose conduct interferes with any one or more of the following important priorities:
24
High Risk Business Accounts• Preventing the distribution of marijuana to minors;• Preventing revenue from the sale of marijuana from going to
criminal enterprises, gangs, and cartels;• Preventing the diversion of marijuana from states where it is
legal under state law in some form to other states;• Preventing state-authorized marijuana activity from being
used as a cover or pretext for the trafficking of other illegal drugs or other illegal activity
• Preventing violence and the use of firearms in the cultivation and distribution of marijuana;
25
High Risk Business Accounts• Preventing drugged driving and the exacerbation of other
adverse public health consequences associated with marijuana use;
• Preventing the growing of marijuana on public lands and the attendant public safety and environmental dangers posed by marijuana production on public lands; and
• Preventing marijuana possession or use on federal property.
26
BSA AND MARIJUANA• Washington and Colorado have legalized marijuana for
recreational use.• First cannabis credit union
– The Fourth Corner Credit Union/
• Since the medical marijuana movement began, 21 states and the District of Columbia, starting with California in 1996, have legalized medical cannabis or effectively decriminalized it: Alaska, Arizona, California, Colorado, Connecticut, Delaware, Hawaii, Illinois, Maine, Massachusetts, Maryland, Michigan, Montana, Nevada, New Hampshire, New Jersey, New Mexico, Oregon, Rhode Island, Vermont, Washington; Maryland allows for reduced or no penalties if cannabis use has a medical basis.
• Florida or Alabama could be next.27
Credit Union Journal Headline January 7, 2016
Legalizing Pot Banking Will Require Joint Effort With Congress
28
OMG….BSA Acronyms • BSA = Bank Secrecy Act• CTR = Currency Transaction
Report• SAR = Suspicious Activity Report• AML = Anti-Money Laundering• NCUA = National Credit Union
Administration• CFR = Code of Federal
Regulation, Treasury Rules for BSA Compliance
• FinCEN = Financial Crimes Enforcement Network
• NSL = National Security Letter• FFIEC = Federal Financial
Institutions Examinations Council
• MIP / CIP = Member or Customer Identification Program
• USA PATRIOT Act = Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism
• MDDP = Member Due Diligence Program
• OFAC = Office of Foreign Assets Control
• SDN = Specially Designated Nationals
• HIDTA = High Intensity Drug Trafficking Area
• M / I = Monetary Instruments
29
BSA/AML PURPOSE• Purpose:
– To help identify the source, volume and movement of currency and other monetary instruments transported or transmitted into or out of the U.S. or deposited into financial institutions.
– Create a paper trail of financial transactions to aid in the investigation of money laundering, tax evasion, international terrorism and other criminal activity .
30
MONEY LAUNDERING• Money Laundering is:
– The introduction of illegally obtained currency into the banking system– Launders hide the source of these illegal funds by making a series of
intricate transactions. The source of the money is “washed away”
• It works by:– Placement – the process of depositing illicit assets into the financial
industry through ANY method: wires, cash, checks, money orders, travelers check, etc. Physically placing bulk cash proceeds.
– Layering – separating the proceeds of the criminal activity from their origins through layers of complex financial transactions:
wire transfers, CDs, drafts, letters of credit, internal transfers, negotiable instruments, foreign exchange,
– Integration – providing an apparently legitimate explanation for the illicit proceeds; the movement of “laundered” funds back into the economy as legitimate funds (wire transfers, ACH, checks, Internet, etc.)
31
LAWS AND REGULATIONS THAT FORMBSA• Bank Secrecy Act of 1970 – requires certain financial
reporting, records for currency transactions greater than $10,000 (Currency Transaction Reports or CTRs)
• Anti-Drug Abuse Act of 1986 – law to strengthen federal law enforcement struggles with drug problems, domestic and foreign
• Money Laundering Act of 1986 – complementary to 1986 Anti-Drug Abuse Act
• USA PATRIOT Act – signed by President Bush post 9/11legislation, targets terrorist money laundering
32
ENFORCEMENT• The Financial Crimes Enforcement Network (FinCEN),
along with assistance of the banking regulatory agencies (NCUA) is tasked with administering the Bank Secrecy Act.
• Created in 1990 to work towards maximizing information shared between law enforcement agencies and financial institutions.
33
USA PATRIOT ACT• Four basic requirements
1. Verify the identity of anyone opening an account.
2. Maintain records of the verifying information.
3. Check the lists of known or suspected terrorists.
4. Provide member with a notice of the information collection requirements.
34
CUSTOMER IDENTIFICATION PROGRAM (CIP)• The credit union must obtain the following information from
members: Name, Date of Birth, Physical Address, Tax Identification Number
• The credit union must independently verify the information, such as drivers license, passport, work identification, along with credit reports, reference checks, etc.
• Physical address is absolute; P.O. Box acceptable for mail, etc.• Military: if no residential available, then substitute with APO, FPO, or
residential address of relative or other contact.
• Businesses: principal place of business, local office or other physical office address.
• ID Number:
• US Persons: Taxpayer Identification Number TIN (usually SSN)
• Non-US Persons: ITIN, passport or other government-issued document reflecting an identification number, country or origin and photo or similar safeguard
35
VERIFICATION OF IDENTITY• Credit unions are not required to verify the validity of
documents reviewed unless there is evidence to suggest they may be false/altered, etc. but must verify enough of the information to establish a reasonable belief that you know the true identity of the member.
• Two methods which can be used:– documentary (using documents) or
– non-documentary methods to verify identity.
36
DOCUMENTARY METHOD• Unexpired government issued identification such as:
– Individuals
• Driver’s license or state issued ID
• Passport
• Military ID (prohibits photocopying Title 18, U.S. Code, Part I, Chapter 33, Section 701)
– Businesses verify actual existence of business (pose higher risker for money laundering)
• Articles of incorporation• Government-issued business license• Partnership agreement• Whatever is appropriate
37
NON DOCUMENTARY METHOD• Information obtained from a credit bureau or against fraud and
bad check databases• References from other FI or information available from other
trusted third-party source• Confirm information such as telephone numbers and address
by contacting member • Tax return or a financial statement• Online verification system • Public databases (telephone book or local telephone number)
38
CUSTOMER IDENTIFICATION PROGRAMRECORDS RETENTION
• Record Keeping Requirements
– Maintain identification information for five years after account is CLOSED.
– Maintained as either a copy of the actual document or a description of the document
• Type of document
• Identifying number on the document
• The location issued (country, state)
• The date of issuance, expiration date
39
NOTICE TO MEMBERS• You must provide your members and potential members
with a notice describing the information collection requirements of the BSA.
• You must ensure that every member will see the notice before account opening. Do not have to give each member a notice.
• Notice can be placed on website, applications, posted in the credit union.
• This is a federal requirement.
40
QUESTION• True of False: BSA requires credit
unions to photocopy ID?
41
QUESTION• True of False: BSA requires credit
unions to photocopy ID?
False
42
CUSTOMER DUE DILIGENCE (CDD)• Requirements are found in the FFIEC BSA/AML
Examination Manual located at www.ffiec.gov
– Obtain information at account opening to understand normal activity for all members;
• Collection of this information allows credit unions to distinguish low and high risk members.
– Member’s normal and expected transactions activity
– Changes in the member’s risk profile
– Periodically monitor information to ensure it’s up to date
– Collect from all members-not just high risk
43
CUSTOMER DUE DILIGENCE (CDD)• For high risk members consider obtaining:
– Purpose of account;– Source of funds and wealth;– Individuals with ownership or control over the account– Occupation or type of business– Financial statements– Financial institution references– Where the business is organized– Member’s place of employment– Are international transactions routine?– Business operations, volume of currency and sales, major
customers and supplies– Change in account activity
44
RISK ASSESSMENT• The credit union’s BSA/AML Compliance program is
based on the credit union’s Risk Assessment
• There are two steps:– 1. Identify the specific risk categories unique to your credit
union
– 2. Provide a detailed analysis of the data gathered in Step 1
45
RISK ASSESSMENT• Some factors to consider during Step 2:
– Purpose of the account
– Actual or anticipated activity in the account
– Nature of member’s business or occupation
– Member’s location
– Type of products and services used by the member
46
RISK ASSESSMENT• Develop appropriate polices and procedures to monitor and
control the credit union’s BSA risks, with more emphasis on higher risk products, services, members and branches.
• Risk assessment is an ongoing process not a one-time exercise.
• Recommend reassessing the BSA risk ever 12-18 months.
• Refer to the FFIEC BSA/AML examination manual-Appendices “I” and “J” to assist in developing their risk assessment.
• These appendences should be considered a starting point for your risk assessments.
47
Gulf CoastAlabama: Baldwin, Jefferson, Madison, Mobile,
Montgomery and Morgan Counties Arkansas: Benton, Jefferson, Pulaski and
Washington Counties Louisiana: Bossier, Caddo, Calcasieu, East Baton
Rouge, Jefferson, Lafayette, Orleans and Ouachita Parishes
Mississippi: Hancock, Harrison, Hinds, Jackson, Lafayette, Madison and Rankin Counties
HIGH INTENSITY DRUG TRAFFICKING AREA
50
HIGH INTENSITY DRUG TRAFFICKING AREA – FLORIDA
• HIDTA (High Intensity Drug Trafficking Areas) counties in Central Florida’s HIDTA include Brevard, Pinellas, Hillsborough, Polk, Osceola, Orange, Seminole, and Volusia. Counties in North Florida’s HIDTA include Alachua, Baker, Clay, Columbia, Duval, Flagler, Marion, Nassau, Putnam, and St. Johns. Counties in South Florida’s HIDTA include Broward, Miami-Dade, Monroe and Palm Beach Counties. If your credit union has a branch in any of these HIDTA counties, that should be addressed in your risk assessment.
• Here is the website address to get this current HIDTA http://www.whitehousedrugpolicy.gov/statelocal/al/index.html
51
High Intensity Financial Crime Area – Alabama
• HIFCA (High Intensity Financial Crime Area) Currently, there are not any counties in Alabama that are listed as HIFCAs.
• Here is the website address to get the current HIFCAs http://www.fincen.gov/law_enforcement/hifca/index.html
52
High Intensity Financial Crime Area – Florida
• HIFCA (High Intensity Financial Crime Area) counties in Florida include Broward, Indian River, Martin, Miami-Dade, Monroe, Okeechobee, Palm Beach and St Lucie. If your credit union has a branch in any of these HIFCA counties, that should be addressed in your risk assessment.
53
INTERNAL CONTROLS• The Board of Director’s is ultimately responsible for
ensuring the credit union has an effective internal control structure.
• Policies, procedures and processes should be in place to monitor and identify unusual activity.
• The level of monitoring is dictated by the credit union’s risk assessment, with an emphasis on high-risk products, services, members and geographic locations.
54
CURRENCY TRANSACTION REPORTS• These forms are FinCEN Report 112
• Must be filed for each deposit, withdrawal, payment, transfer or other transaction involving currency (cash) of more than $10,000.
• Multiple transactions by or on behalf of one person in one business day: consolidate the transactions and report them as one if the total exceeds $10,000.
• Must be filed within 15 days after the date of the transaction
• May be fined up to $10,000 per day for each CTR not filed
55
CURRENCY TRANSACTION REPORTS• Examples of reportable transactions:
– Denomination exchanges, IRAs, loan payments, ATM transactions, purchases of certificates of deposit, deposits and withdrawals, funds transfers paid in currency, and monetary instrument purchases
• Management should ensure the credit union has an adequate system to:– Aggregate currency transactions throughout the credit union; and
– Appropriately report
56
CURRENCY TRANSACTION REPORTS• CTR’s must be filed within 15 calendar days.
• If a credit union misses the filing deadline begin the process of completing the forms and contact BSA Helpline for assistance immediately.– FinCEN Regulatory Helpline: 1.800.949.2732 or
• Keep all copies of CTRs for 5 years
57
CTR EXEMPTIONS• Credit unions may exempt certain types of
members from currency transaction reporting• Must file a Designation of Exempt Person form
with the Internal Revenue Service (IRS)• Two types of exemptions (Phase I and Phase II)
62
BUSINESSES INELIGIBLE FOR EXEMPTION
• Certain business can never be exempted from CTR filings– Gaming Institutions
– Law Firms
– Accountancy Firms
– Doctors
– Motor Vehicle Dealers
– Investment Advisors and Investment Banking Service Providers
– Real Estate Brokers
– Pawn Shops
– Title Insurance and Real Estate Closing Companies
63
SUSPICIOUS ACTIVITY REPORTING• “Suspicious activity reporting forms the cornerstone of
the BSA reporting system. It is critical to the United States’ ability to utilize financial information to combat terrorism, terrorist financing, money laundering, and other financial crimes.”– FFIEC Bank Secrecy Act/Anti-Money Laundering
Examination Manual
66
SUSPICIOUS ACTIVITY REPORTING• Examiner will assess policies, procedures, processes,
internal controls and overall compliance with statutory and regulatory requirements for monitoring, detecting and reporting suspicious activities.
• The four key components to an effective monitoring and reporting system are:
1. Identification/alert of unusual activity2. Managing alerts (i.e. investigate & evaluate unusual
activity)3. Suspicious Activity Report (SAR) decision making4. SAR completion and filing
67
SUSPICIOUS ACTIVITY MONITORING
68
SUSPICIOUS ACTIVITY REPORTING• The reporting forms are FinCEN Report 111• Credit unions are required to file a SAR with respect to
the following:– Criminal violations involving insider abuse in any amount– Criminal violations aggregating $5,000 or more when a suspect can be identified– Criminal violations aggregating $25,000 or more regardless of a potential suspect
69
SUSPICIOUS ACTIVITY REPORTING• Transactions conducted or attempted by, at or through a
credit union aggregating $5,000 or more, of the credit union knows, suspects or has reason to suspect that the transaction:– May involve potential money laundering or other
illegal activity– Is designed to evade the BSA or its implementing
regulations− Has no business or apparent lawful purpose, or is not
the type of transaction that the particular member would normally be expected to engage in, and the credit union knows of no reasonable explanation for the transaction
70
SUSPICIOUS ACTIVITY REPORTING• The term “transaction” includes:
– Deposits– Withdrawals– Transfers between accounts– Exchanges of currency– Extensions of credit– Sales of monetary instrument– Any other payments by, through, or to a financial
institution
71
SAR SAFE HARBOR• Credit union directors, officers, employees and agents
that report a suspicious transaction to the appropriate authorities are granted a safe harbor from any civil liability under any law or regulation, regardless of whether such reports are filed pursuant to the SAR instructions.
– This safe harbor applies to SARs filed within the required reporting thresholds as well as those filed voluntarily on any activity below the threshold.
72
“Red Flags” for Suspicious Activity
73
WHEN TO FILE A SAR• BSA structuring
• Check fraud
• Unauthorized electronic/computer intrusion
• Embezzlement
• Identify theft
• Credit/debit card fraud
• Mortgage loan fraud• Terrorist financing• Wire transfer fraud• A credit union is not
required to file a SAR for a robbery or burglary as long as it is reported to the appropriate law enforcement.
74
SAR EXEMPTIONS• When NOT to file a SAR:
– Robberies and Burglaries: A SAR does NOT need to be filed for those robberies and burglaries that are reported in writing to local authorities.
– Lost, missing, counterfeit , or stolen securities reported to the SEC and FBI when criminal activity is involved.
75
SAR FILING• When to file a SAR?
– Any suspicious transactions relevant to a possible violation of federal law or regulations.
– 30-day filing deadline from initial detection, but can be extended based upon date of detection
– In the case no suspect has been identified the time period is extended to 60 days.
– For filings where a subject has been identified, the timeline is as follows:
• Identification of suspicious activity and subject: Day 0.• Deadline for initial SAR filing: Day 30.• End of 90 day review: Day 120.• Deadline for continuing activity SAR with subject information: Day 150 (120
days from the date of the initial filing on Day 30).• If the activity continues, this timeframe will result in three SARs filed over a
12-month period (FinCEN SAR FAQs, Q&A #16)
• Old rule was to file every 90 days 76
DOCUMENT EVERYTHING• Document your decision making process regardless if
the credit union files a SAR.
• Maintain a copy of the SAR and supporting documents for 5 years from the date of filing the SAR.
• Be ready to respond to law enforcement requests should they occur.
– If it is not written it didn’t happen!!
77
SAR CONFIDENTIALITY• The unauthorized disclosure of a SAR is a violation of
federal law:• Civil and criminal penalties can be imposed for SAR
disclosures– No credit union, director, officer, employee or agent of
the credit union that reports a suspicious transaction may notify any person involved in the transaction that the transaction has been reported.
78
FinCEN ASSESSES CIVIL MONEY PENALTY FORSAR DISCLOSURE• VIENNA, Va. - The Financial Crimes Enforcement Network
(FinCEN) today announced the assessment of a $25,000 civil money penalty against Frank Mendoza of Garden Grove, California, for violating Bank Secrecy Act (BSA) prohibitions against disclosing suspicious activity reports ("SARs"). FinCEN determined that Mendoza violated the BSA and its implementing regulations by willfully disclosing the existence of a SAR to a person involved in the reported transaction. Mendoza was convicted in a criminal case of bribery and unlawful SAR disclosure in the U.S. District Court for the Central District of California.
• Frank E. Mendoza
79
NOTIFYING THE BOARD OF SAR FILINGS
• Management must “promptly” notify the Board of Directors (or designated committee) of any SAR filings.– “Promptly” means at least monthly (monthly board
meetings)– There’s no required format for sharing the information
with the board
80
LAW ENFORCEMENT REQUEST• The decision to comply with a request from law
enforcement to maintain certain accounts to aid in their investigation is left to the credit union.
• Pros and cons for complying should be weighed by the credit union.
• Get the request in writing.• Ensure the request is issued by a supervisory agent or an
attorney representing federal, state, or local law enforcement
• Maintain documentation of such requests for at least 5 years after the requests have expired.
• If a credit union maintains an account that reflects suspicious activity would still be expected to complete and file a SAR on the account.
81
LAW ENFORCEMENT REQUEST• Complying with a LE request does not relieve a credit
union of its recordkeeping and reporting responsibilities under BSA.– For example, a CI that opts to maintain an account
that reflects suspicious activity would still be expected to complete and file SARs on the account.
82
MONETARY INSTRUMENTS• Records must be maintained for purchase of a cashiers
check, travelers check or money between $3,000 and $10,000 in cash.
• Record Keeping:– Purchases during one business day totaling $3,000 or
more are treated as one purchase.– Purchases of different types of instruments totaling
$3,000 or more as one purchase.
85
MONETARY INSTRUMENTS• For members credit unions must keep a record of:
– Name of purchaser– Date of purchase– Type of instrument purchased– Serial numbers of each instrument– Verify ID of purchaser
• For non-members– Name and address of the purchaser– Social Security or alien identification number of the
purchaser– Date of birth of the purchaser– Date of purchase
• Retain all records for 5 years86
MONETARY INSTRUMENTS• Yes, credit unions are permitted to implement a policy
requiring members to deposit their currency before purchasing a monetary instrument but the transaction is still subject to recordkeeping requirements.
87
FUNDS TRANSFER• Credit unions must retain records in connection with
funds transfers of $3,000 or more.• The term “funds transfer” mean any payment order
issued by the originators financial institution or an intermediary institution intended to carry our the originator’s payment order (e.g. wire transfers).
• Records must be maintained for 5 years.• Funds transfer rule does not cover:
– Transfers less than $$3,000– Electronic funds transfer– ACH transactions
88
FUNDS TRANSFER• Funds transfer of $3,000 or more the credit union must
collect:– Transmitter’s name and address– Amount, date and payment order and any payment
instructions received– Beneficiary bank identification– Beneficiary’s name, address and the account number if
it was provided to the credit union• Travel Rule: the information must “travel” with the
payment order to the receiving financial institution.
89
INFORMATION SHARING• USA PATRIOT Act
– Two types of information sharing:
• Between the law enforcement and financial institutions [314(a)]; and
• Between financial institutions [314(b)]
90
INFORMATION SHARING - 314(A) REQUESTS
• Between the Credit Union and Law Enforcement –FinCEN may require a credit union to search its records to determine whether it maintains or has maintained accounts for, or engaged in transactions with a specified person, entity or organization during the past 12 months (or 6 months if there is a transaction where no account is involved)
– Must report to FinCEN within 14 days, unless the request specifies otherwise
• Sent out once every 2 weeks via secure website
• Must be kept confidential
• Report matches to FiCEN91
INFORMATION SHARING - 314(B) REQUESTS• Permits sharing of information with another FI to help identify
and report activities that are suspected to involve possible money laundering or terrorist activity.
• Financial institutions must notify FinCEN of its intent to engage in information sharing, and that it has established and will maintain adequate procedures to protect the information
• A notice to share information is effective for one year
• Should ensure that the other FI or association has filed its required FinCEN notice
• Cannot share SARs or SAR filing information
– If request relates to a transaction subject to a SAR, disclose only the transaction and member information
requested92
POSSIBLE RAMIFICATIONS OFNON-COMPLIANCE:
> DOR (Document of Resolution Findings) > LUA (Letter of Understanding and
Agreement)> Cease and Desist OrdersFines North Dade Community Federal Credit
Union
93
OFFICE OF FOREIGN ASSETS CONTROL (OFAC) COMPLIANCE• OFAC is a division of the U.S. Treasury Department.
• Administer and enforces economic and trade sanctions against targeted countries and their agents, terrorist sponsoring agencies and organizations and international narcotics traffickers.
94
WHAT’S THE SDN LIST?• OFAC’s primary list of U.S. sanction targets which
includes:– Individuals and entities owned or controlled by or
acting for or on behalf or targeted countries and – Individuals groups and entities such as terrorists and
narcotics traffickers designated under programs that are not country-specific.
• Examples are Cuba, Syria, Libya and Russia, Iran, individuals etc.
• Sanctions for Cuba are still in place following President Obama’s announcement on December 17, 2014. Check treasury.gov for more information.
95
TRANSACTION PARTIES• Based on the credit union’s risk profile for each area of
the its operations and available technology, the credit union should establish policies, procedures and processes for reviewing transactions and transaction parties. (FFIEC BSA/AML Exam Manual)
• Transaction parties include primary members, joint account holders, check payees, beneficiaries, co-signers, parties on the other end of wire, etc… ANYONE!!
96
WHAT SHOULD THE SUPERVISORY COMMITTEEDO?
• Verify that the Board has approved a BSA, Member ID Program and OFAC policy– Verify that above are reviewed and revised as
necessary
• Verify that knowledgeable BSA compliance officer(s) have been appointed and are regularly monitoring the program for compliance
• Confirm that adequate BSA tools have been implemented at the credit union and are appropriate for the credit union’s level of risk
• Ensure that an independent audit and staff training are conducted at least annually
97
BSA COMPLIANCE OFFICER• Board designated qualified individual fully
knowledgeable of the BSA and all related regulations, as well as understand the credit union’s products, services, members and geographic locations.
• Responsible for coordinating and monitoring day-to-day compliance.
• Manages all aspects of the BSA compliance program
• Must have sufficient authority and resources to perform duties
• Must regularly apprise board of directors and senior management of ongoing compliance with the BSA
98
INDEPENDENT TESTING• Performed by parties who are not involved in BSA functions.
• Audit results should be reported directly to the Board of Directors.
• Independent testing should be performed generally every 12-18 months, depending on the credit union’s risk assessment.
• Testing should include:– Evaluation of the overall adequacy and effectiveness of the BSA/AML
compliance program, including policies, procedures, and processes
– Risk Assessment
– Transaction testing
– Resolved previous violations and deficiencies
– Staff training
– Review of suspicious activity monitoring systems99
BSA TRAINING• All personnel whose duties require knowledge of BSA
• Tailored to the person’s specific responsibilities
• New employee orientation
• Periodic training for BSA Compliance Officer
• Board of Directors should receive sufficient training to gain a general understanding to provide adequate oversight
• NCUA recommends BSA Training every 12-18 months but should be ongoing
• Document training programs
100
Resources• NCUA: www.ncua.gov• CUNA: www.cuna.org• NASCUS: www.nascus.org• FinCEN: www.fincen.gov• FinCEN’s BSA/AML Examination Manual:• www.ffiec.gov/bsa_aml_infobase/pages_manual/manual
_online.htm• FBI: www.fbi.gov• OFAC: http://www.treasury.gov• LSCU: www.lscu.coop PolicyPro and ComplySight• Elder Care Locator: www.eldercare.gov
101
Additional Contacts– Brooke Morris, Vice President, CU Relations
• 866.231.0545, ext. 2179 or [email protected]– Michael Lee, Director of Compliance
• 866.231.0545, ext. 2165 or [email protected]– April N. Ales, Member Relations Consultant (MRC), CI
• 866.231.0545, ext. 1038 or [email protected]– Jo Anne Funk, MRC, CI
• 866.231.0545, ext. 2111 or [email protected]– Juli Lewis, MRC, CI
• 866.231.0545 ext. 1108 or [email protected]– Judy Scott, MRC, Cooperative Initiatives
• 866.231.0545, ext. 1062 or [email protected]
102
Thank You!Please feel free to contact me with questions using the below information:
William G. Berg, MBA, CCUE, CUCE, BSACS, CUERMEVice President, Compliance Training and Information 866.231.0545 [email protected]
103