101/2014

AML/BSA 101: Essential Training for Compliance Professionals

Edwin F. Beemer III APR, CAMS

Principal

ComplianceComm

Arlington, VA

R. Joe Soniat, CFE, CAMS, BCP

Bank Secrecy Act Officer

Union Bancshares

Richmond, VA

AGENDA

01/2014 2

8:45 am –9:00 am

WelcomeRemarks

12:15 pm –1:15 pm

Networking Luncheon

9:00 am –10:00 am

Exploring the Evolution of Money Laundering & Financial Crime

1:15 pm –3 :00 pm

Laying a Solid Foundation for your AML Operations with an Effective Risk Assessment Program

10:0 am –10:15 am

Networking & Refreshment Break

3:00 pm –3:15 pm

Networking & Refreshment Break

10:15 am –12 :00pm

Examining the Four Pillars of AML/BSA Programs

3:15 pm –4:45 pm

Analyzing Key Elements of a Robust AML Program

12:00 pm –12:15 pm

Interactive Q&A 4:45 pm –5 :00pm

Q&A Closing Remarks

Why are you here???

What do you want to learn???

01/2014 3

Evolution of Money Laundering and Financial Crime

01/2014 4

DEFINITION1. Money laundering -- the process of concealing the

source of funds gained through illegal activity by attempting to “wash” the money through legitimate financial channels.

2. Money laundering is the disguising of funds derived from illicit activity so that the funds may be used without detection of the illegal activity that produced them. It is typically accomplished in three stages:

Placement

Layering

Integration01/2014 5

01/2014 6

Stages of

Money

Laundering

Who may play a part in laundering the money

01/2014 7

How

Banks and Other Depository Institutions

Electronic Transfers of Funds, Electronic Banking, Cash, Monetary Instrument, Electronic Cash, Lending Activity, Trade Financing, Correspondent Banking, Payable -Through Accounts, Concentration Accounts, Private Banking, Bank Complicity

Non-Bank Financial Institutions

Money Service Businesses (Money Remitters and Money Exchange Houses), Credit Card Industry, Pawn Shops, Casinos and card clubs., loan or finance companies, Dealers in High-Value Items (Precious Metals, Jewelry, Art , etc .)

Insurance Companies Most significant laundering and terrorist financing risks in the insurance industry are found in life insurance and annuities products.

Real Estate Industry The laundering cases that have involved the use of criminal proceeds in real estate transactions support the need for this sector to be under the anti-money laundering regulatory umbrella.

Vehicle Sellers 1. Structuring cash deposits below the reporting threshold, or purchasing vehicles with sequentially numbered checks or money orders.

2. Trading in vehicles and conducting successive transactions of buying and selling new and

used vehicles to produce complex layers of transactions.3. Accepting third-party payments, particularly from jurisdictions with ineffective money

laundering controls.

How

Travel Agencies 1. Purchasing an expensive airline ticket for another person who then asks for a refund.2. Structuring wire transfers in small amounts to avoid recordkeeping requirements, especially

when the wires are from foreign countries.

Gatekeepers : Notaries, Accountants, Auditors , Lawyers

1. Performing financial transactions2. Providing financial and tax advice3. Buying or selling property Creating corporate vehicles or other complex legal arrangements,

such as trusts. Such arrangements may serve to confuse the links between the proceeds of a crime and the perpetrator.

4. Providing introductions to financial institutions.

Investment and Commodity Advisers

1. Withdrawal of assets through transfers to unrelated accounts or to high-risk countries.2. Frequent additions to or withdrawals from accounts.3. Checks drawn on, or wire transfers from, accounts of third parties with no relation to the

client.

Trust and Company Service Providers

1. Acting as a formation agent of legal persons2. Providing a registered office, business address or correspondence for a company, a

partnership or any other legal person or arrangement.3. Acting as (or arranging for another person to act as) a trustee of an express trust.4. Acting as (or arranging for another person to act as) a nominee shareholder for another

person.5. Acting as (or arranging for another person to act as) a director or secretary of a company, a

partner of a partnership, or a similar position in relation to other legal persons.01/2014 8

Who may play a part in laundering the money

How

Nongovernmental Organizations and Charities

Because NGOs can be used to obtain funds for charitable organizations, the flow of funds both into and out of the NGO can be complex, making them susceptible to abuse by money launderers and terrorists.

Cash-Intensive Businesses Some businesses and entities may be misused by money launderers to legitimize their illicit proceeds. For example, a criminal may own a cash-intensive business, such as a restaurant, and use it to launder currency from illicit criminal activities. The restaurant’s currency deposits with its bank do not, on the surface, appear unusual because the business is legitimately a cash-generating entity.

Securities Broker-Dealers 1. Its international nature.2. The speed of the transactions.3. The ease of conversion of holdings to cash without significant loss of principal.4. The routine use of wire transfers from, to or through multiple jurisdictions.5. The competitive, commission-driven environment, which, like private banking,

provides ample incentive to disregard the source of client funds.

01/2014 9

Who may play a part in laundering the money

A BRIEF HISTORY U.S. Regulations and Rules

01/2014 10

Evolution of Money Laundering and Financial Crime

• Understanding your requirements under the US Bank Secrecy Act, the USA PATRIOT Act and related AML requirements

• Examining the practical impact of the expanded definition of what constitutes a financial institution

• Connecting AML regulatory obligations to your responsibilities as a compliance professional

• Reviewing international AML standards, regulations and established procedures

01/2014 11

1201/2014

01/2014 13

01/2014 14

01/2014 15

U.S. Regulations and Rules• Bank Secrecy Act (BSA), as amended, including the USA

PATRIOT Act

• 31 USC 5311 et seq.

• BSA Regulations (31 CFR 103 Chapter X)

• Federal Functional Regulator regulations and rules (e.g., OCC and Fed AML Program and SAR filing regulations, FINRA and SEC Rules)

• State regulations and rules (e.g., rules applicable to MSB licensing and registration, casinos)

01/2014 16

Bank Secrecy Act• Financial Institutions (FIs) must identify the source,

volume and movement of currency and other instruments deposited into financial institutions or transmitted into or out of the U.S.

• FIs must file Currency Transaction Reports (CTRs) for designated thresholds, which are used to identify individuals conducting cash transactions and maintain a paper trail

• FIs must file Suspicious Activity Reports (SARs) when transaction activity patterns might signify money laundering or other criminal activity.

01/2014 17

RegulationsBank Secrecy Act (BSA) Statute

• 31 U.S.C. 5311-5314e

• 5316-5330

• 5331

• 5332e

• 12 U.S.C. 1829b

• 12 U.S.C. 1951-1959e

• Federal Crime of Money Laundering - Title 18, U.S. Code, Crimes and Criminal Procedure

• Federal Crime of Operating an Unlicensed or Unregistered Money Transmitting Business - Title 18 U.S. Code, Crimes and Criminal Procedure

Codified Bank Secrecy Act (BSA) Regulations

• 31 CFR Chapter X (Effective March 1, 2011)

• 31 CFR Part 103 (Effective through February 28, 2011)

01/2014 18

19

USA PATRIOT Act• "Uniting and Strengthening America by Providing Appropriate

Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001

• Section 311– 5 Special Measures

• Section 312– Special Due Diligence for Correspondent & Private accounts

• Section 313– Prohibition against Foreign Shell Banks

• Section 314a– Sharing of information between Government & FIs

• Section 314b– Voluntary sharing of information between FIs

01/2014

USA PATRIOT Act• Section 319

– Reply within 120 hrs to U.S. regulator request– Reply within 1 week to law enforcement request– US FIs must know of an agent for service of legal process within the

U.S. address for foreign banks

• Section 326– A Customer Identification Program (CIP)

• Section 351– Suspicious Activity Reports (SAR) Safe Harbor

• Section 352– Requires Internal Control, Officer, Training & Independent Testing

• Section 373– Money Service Businesses (MSB) must be licensed

01/2014 20

Regulatory Environment• FinCEN• Federal Functional Regulators (e.g., CFTC,

Federal Reserve, FDIC, NCUA, OCC, SEC)• SROs (e.g., FINRA, NFA)• State Regulators (e.g., state banking, gaming or

insurance commissioners)• IRS• OFAC

01/2014 21

01/2014 22

Regulatory EnvironmentINDUSTRY Must file Form

8300Report of Cash Payments Over

$10,000 Received in a

Trade or Business

Must File SARs and CTRs

Mandatory E-File as of

04/01/2013

Must have AML Program

Must have Customer ID

Program

Depository Institutions No Yes Yes YesCasinos and Card Clubs No Yes Yes YesMoney Services Businesses(Check Cashers, Money Remittance, Currency Dealers and Exchangers)

No Yes Yes No

Securities Broker-Dealers No Yes Yes YesCredit Card Operators Yes No Yes NoMutual Funds Yes SARs only Yes YesFutures Commission Merchants No Yes Yes YesDealers in Precious Metals, Stones or Jewels Yes No Yes NoCertain Insurance Companies (company issues/underwrites permanent life insurance policy, annuity contracts & other insurance product with ash or investment features) Does not apply to agents or brokers

No SARs only Yes Yes

Residential Mortgage Loan Originators/Lenders

No Yes Yes Yes

A Bank’s BSA Compliance Program must have the following elements:

1. A system of internal controls to assure ongoing compliance with the BSA; 2. Independent testing for BSA/AML compliance; 3. A designated individual or individuals responsible for coordinating and monitoring BSA/AML compliance; and 4. Training for appropriate

Why is BSA / AML Important:

Protect the Safety and Soundness of the Financial Institutions

Current Economic Conditions

Enhanced Regulations

Centralized and Efficient Exchange of Information

Assisting Law Enforcement

Terrorist Financing

01/2014 23

BSA Compliance Program

• BSA AML Program Structures

– Size of the Bank

– Assessment of the risk

– Products and Services offered

– Business Lines at the bank

• Private Banking

• Mortgage

• Investments

01/2014 24

Elements of a BSA / AML Exam

01/2014 25

• The federal banking agencies require each bank under their supervision to establish and maintain a BSA compliance program

• In accordance with the Patriot Act, FinCEN’s regulations require certain financial institutions to establish an AML compliance program that guards against money laundering and terrorist financing and ensures compliance with the BSA and its implementing regulations.

• The federal banking agencies work to ensure that the organizations they supervise understand the importance of having an effective BSA/AML compliance program in place.

FinCEN ‘s Role: Under the Bank Secrecy Act (BSA), 31 U.S.C. 5311 et seq., and its implementing regulations at 31 C.F.R. Chapter X

FinCEN may bring an enforcement action for violations of the reporting, recordkeeping, or other requirements of the BSA. FinCEN's Office of Enforcement evaluates enforcement matters that may result in a variety of remedies, including the assessment of civil money penalties.

Civil money penalties may be assessed for recordkeeping violations under 31 C.F.R §1010.415 For reporting violations for failing to file a currency transaction report (CTR) in violation of 31 C.F.R. §1010.311, a suspicious activity report (SAR) in violation of 31 C.F.R. § 1021.320, a report of foreign bank and financial accounts (FBAR) in violation of 31 C.F.R §1010.350.

BSA/AML Examination Manual by FFIEC

Go to website: www.ffiec.gov to retrieve Manual

01/2014 26

Click BSA/AML Infobaseto access the BSA Exam

manual

27

The FATF 40 RecommendationsIssued in 1990

1996 – broadened scope beyond drug ML

After 2001 – added 9 recommendations on TF

2003 – stronger standard for ML predicate offenses, extended CDD and CIP, AML/CFT for nonfinancial businesses (casinos, real estate agents, dealers in precious metals/stones, lawyers, trust and company service providers, notaries, accountants (with some qualifiers); encouraged prohibition of shell banks; stronger safeguards for TF in the international space; expanded coverage to include TF

01/2014

International AML Standards• Financial Action Task Force (FATF) http://www.fatf-

gafi.org/

• European Directives on AML http://ec.europa.eu/eu_law/introduction/what_directive_en.htm

• The Wolfsberg AML Principles http://www.wolfsberg-principles.com/

• The Basel Committee on Banking Supervision http://www.bis.org/bcbs/

• Regional FATF Groups http://www.fatf-gafi.org/01/2014 28

What is FATF?

• FATF – independent inter-governmental body that develops and promotes policies to protect the global financial system against ML, TF and financing of WMD

• 36 member countries

• Headquartered in Paris

• Originally was the G-7 FATF

• Regional FATF-like organizations01/2014 29

Regional FATF Organizations

• Asia/Pacific Group

• Caribbean FATF

• South America Task Force

• Middle East/North Africa Task Force

• Eurasian Group

• Eastern & South African AML Group

01/2014 30

FATF Focus:

• Spreading AML message worldwide by publishing guidance and best practices (setting global standards) and

• Monitoring implementation of FATF 40 recommendations (self assessment and mutual evaluation procedure) and ensuring compliance

• Identifying ML trends, threats and countermeasures

01/2014 31

32

The FATF 40 Recommendations – Highlights:• Risk-based approach

• Designated categories of offenses to serve as ML predicates

• TF and financing of proliferation

• Knowledge & criminal liability

• CDD measures

• Suspicious transaction reporting

• Transparency and beneficial ownership

• Powers and responsibilities of competent authorities

• International cooperation

01/2014

33

The FATF 40 RecommendationsIssued in 1990

1996 – broadened scope beyond drug ML

After 2001 – added 9 recommendations on TF

2003 – stronger standard for ML predicate offenses, extended CDD and CIP, AML/CFT for nonfinancial businesses (casinos, real estate agents, dealers in precious metals/stones, lawyers, trust and company service providers, notaries, accountants (with some qualifiers); encouraged prohibition of shell banks; stronger safeguards for TF in the international space; expanded coverage to include TF

01/2014

34

The FATF 40 Recommendations 2012 Revisions:

• Combined the nine special recommendations for TF into the 40 recommendations

• Created recommendation on assessing risks and applying risk-based approach

• Created recommendation for targeted financial sanctions related to WMD

• Focused more attention on domestic PEPs

01/2014

35

European Union Directives on ML • There are three EU Directives

• Require EU member states to achieve (by amending national law if necessary) specified results

• EU can adopt measures that have the force of law even without the approval of the national parliaments of the various member states; European law prevails over national law in the case of directives

• Directives have more weight than say FATF voluntary standards

01/2014

36

European Union Directives on ML • First – adopted June 1991; required members to enact laws to prevent

their financial systems from being used for ML

• Second – adopted December 2001; amended 1st directive to require stricter ML controls across the continent

– Extended scope beyond drug-related crimes

– Expanded coverage to bureaux de change and money remitters

– States that knowledge of criminal conduct can be inferred from objective factual circumstances

– Provided more precise definition of ML

– Expanded types of businesses and professions that are covered

01/2014

3rd European Directive• Defines Money Laundering & Terrorist Financing as separate

crimes

• Emphasizes the Beneficial Owner

• Details risk-based approach to Customer Due Diligence

• Protects employees who report suspicious activity

• Requires statistics related to reporting of suspicious activity be maintained

01/2014 37

3rd European Directive

• Applies to :

– Financial & Credit Institutions

– Auditors & Accountants,

– Tax Advisors & Lawyers

– Casinos

– Realtors

– Dealers who trade in cash

01/2014 38

2ND Differs from 3rd Because:

• Specifically includes category of trust and company service providers

• Covers all dealers trading in goods who trade in cash over 15,000 Euros

• Definition of financial institution includes certain insurance intermediaries

01/2014 39

What is the Wolfsburg Group?

• An association of 11 global banks that aims to develop financial services industry standards and related products for Know Your Customer, anti-money laundering and counter terrorist financing policies

• Formed in 2000

• Named for Wolfsburg Castle in Switzerland

01/2014 40

Wolfsberg Group• Their issued guidance includes:

– Risk-Based Approach for Managing Money Laundering Risks

– Private Banking

– Correspondent Banking

– Financing of Terrorism

– Monitoring Screening and Searching

• Principles in guidance hold NO force of law

01/2014 41

What is the Basel Committee on Banking Supervision?

• Committee of banking supervisors from around the globe that promote sound supervisory standards

• Associated with Basel, Switzerland

• Established in 1974

• Has issued white papers:

– Prevention of Criminal Use of the Banking System for the Purpose of ML

– Core Principles for Effective Banking Supervision

– Customer Due Diligence for Banks

01/2014 42

Basel Committee

• Also issued a document on the KYC process identifying four key elements of KYC including customer identification, risk management, customer acceptance and monitoring

• KYC guidance also emphasizes:

– Importance of KYC standards

– Elements of KYC standards

– Role of Supervisors

– Cross Border implementation of KYC01/2014 43

What is the Egmont Group?• A group of financial intelligence units (FIU) that

provide a forum to improve cooperation in the fight against ML among FIUs around the world

• Formed in 1996

• Member FIUs sign memoranda of understanding with each other to accommodate cooperation and sharing of information

• More than 100 members

01/2014 44

OFFICE OF FOREIGN ASSET CONTROL (OFAC)

01/2014 45

Office of Foreign Assets Control (OFAC) Certain economic trade and/or financial transactions are

prohibited against named individuals and entities. Assets must be blocked or frozen and reported to OFAC.

All U.S. persons must comply with OFAC regulations, (includes all U.S. citizens and permanent resident aliens regardless of where they are located, all persons and entities within the United States, all U.S. incorporated entities and their foreign branches).

To keep it simple, the United States does not do business with the enemy.

http://www.treasury.gov/resource-center/sanctions/Pages/default.aspx

01/2014 46

OFACFinancial Institutions rely on OFAC interdiction systems that utilizes a filter to perform name validation to comply with OFAC as follows:New Accounts (new clients and loan applicants)

Incoming/Outgoing wire transfers

All parties related to a loan

Credit card issuance to commercial card holders

Letter of credit applicants, foreign banks, beneficiaries and vessels

Payments to new vendors before signing contracts

New hires to the Bank

Non-Customers (Cash Advances, US Bond Redemptions & Monetary Instruments)

Entire customer database on a monthly basis against the most current OFAC list.

01/2014 47

Specially Designated Nationals and Blocked Persons

01/2014 48

The Four Pillars of AML/BSA Programs01/2014 49

The Four Pillars of AML/BSA Programs

Internal controls, policies and procedures for compliance programs

Independent testing, Audit and validation

Importance of targeted employee training

AML officer’s role and responsibilities

01/2014 50

Internal Controls Should… • Identify banking operations (i.e., products, services, customers,

entities, and geographic locations) more vulnerable to abuse by money launderers and criminals; provide for periodic updates to the bank’s risk profile; and provide for a BSA/AML compliance program tailored to manage risks.

• Inform the board of directors, Audit committee, and senior management,

– compliance initiatives

– identified compliance deficiencies and corrective action taken

– Notify directors and senior management of SARs filed.

• Identify a person or persons responsible for BSA/AML compliance.

01/2014 51

Internal Controls Should…• Provide for program continuity despite changes in management or employee

composition or structure.

• Meet all regulatory recordkeeping and reporting requirements, meet recommendations for BSA/AML compliance, and provide for timely updates in response to changes in regulations.33

• Implement risk-based CDD policies, procedures, and processes.

• Identify reportable transactions and accurately file all required reports including SARs, CTRs, and CTR exemptions. (Banks should consider centralizing the review and report-filing functions within the banking organization.)

• Provide for dual controls and the segregation of duties to the extent possible. For example, employees that complete the reporting forms (such as SARs, CTRs, and CTR exemptions) generally should not also be responsible for the decision to file the reports or grant the exemptions.

01/2014 52

Internal Controls Should…• Provide sufficient controls and systems for filing CTRs and CTR

exemptions.

• Provide sufficient controls and monitoring systems for timely detection and reporting of suspicious activity.

• Provide for adequate supervision of employees that handle currency transactions, complete reports, grant exemptions, monitor for suspicious activity, or engage in any other activity covered by the BSA and its implementing regulations.

• Incorporate BSA compliance into the job descriptions and performance evaluations of bank personnel, as appropriate.

• Train employees to be aware of their responsibilities under the BSA regulations and internal policy guidelines.

01/2014 53

AML Officer’s Role and Responsibilities • The bank’s board of directors must designate a qualified

individual to serve as the BSA compliance officer.

• The BSA compliance officer is responsible for coordinating and monitoring day-to-day BSA/AML compliance.

• The BSA compliance officer is also charged with managing all aspects of the BSA/AML compliance program and with managing the bank’s adherence to the BSA and its implementing regulations.

• The board of directors is ultimately responsible for the bank’s BSA/AML compliance.

01/2014 54

55

Independent Testing, Audit and Validation • An evaluation of the overall adequacy and effectiveness of the BSA/AML

compliance program, including policies, procedures, and processes. Typically, this evaluation will include an explicit statement about the BSA/AML compliance program’s overall adequacy and effectiveness and compliance with applicable regulatory requirements. At the very least, the audit should contain sufficient information for the reviewer (e.g., an examiner, review auditor, or BSA officer) to reach a conclusion about the overall quality of the BSA/AML compliance program.

• A review of the bank’s risk assessment for reasonableness given the bank’s risk profile (products, services, customers, entities, and geographic locations).

• Appropriate risk-based transaction testing to verify the bank’s adherence to the BSA recordkeeping and reporting requirements (e.g., CIP, SARs, CTRs and CTR exemptions, and information sharing requests).

• An evaluation of management’s efforts to resolve violations and deficiencies noted in previous audits and regulatory examinations, including progress in addressing outstanding supervisory actions, if applicable.

01/2014

Independent Testing, Audit and Validation• A review of staff training for adequacy, accuracy, and completeness.

• A review of the effectiveness of the suspicious activity monitoring systems (manual, automated, or a combination) used for BSA/AML compliance. Related reports may include, but are not limited to:

– Suspicious activity monitoring reports.

– Large currency aggregation reports.

– Monetary instrument records.

– Funds transfer records.

– Nonsufficient funds (NSF) reports.

– Large balance fluctuation reports.

– Account relationship reports.

• An assessment of the overall process for identifying and reporting suspicious activity,

• Review of filed or prepared SARs to determine their accuracy, timeliness, completeness, and effectiveness of the bank’s policy.

• An assessment of the integrity and accuracy of MIS used in the BSA/AML compliance program. MIS includes reports used to identify large currency transactions, aggregate daily currency transactions, funds transfer transactions, monetary instrument sales transactions, and analytical and trend reports.

01/2014 56

Training Program

• Training must be provided to all personnel who require knowledge on BSA AML

• Training programs must be appropriately tailored and documented

• The Metrics, including attendance, must be available for exam review

01/2014 57

Culture of Compliance • Leadership should be engaged

– Players• Board of Directors • Senior and Executive Management • Owners and operators

– Commitment should be visible • To influence the attitudes of others within the organization

• Compliance should not be compromised by revenue interest – Compliance should be empowered with sufficient authority and

autonomy

• Information should be shared throughout the organization • Leadership should provide adequate human and technological

resources

Culture of Compliance • The program should be effective and tested by

an independent and competent party

• Leadership and staff should understand how their BSA reports are used – Serve as tips to initiate investigations

– Expand existing investigations

– Promote international information exchange

– Identify significant relationships, trends and patterns

Penalties for Non-Compliance• Criminal penalties for willful violations of the BSA and its implementing regulations under 31 USC 5322

and for structuring transactions to evade BSA reporting requirements under 31 USC 5324(d).

– For example, a person, including a bank employee, willfully violating the BSA or its implementing regulations is subject to a criminal fine of up to $250,000 or five years in prison, or both.

– A bank that violates certain BSA provisions, including 31 USC 5318(i) or (j), or special measures imposed under 31 USC 5318A, faces criminal money penalties up to the greater of $1 million or twice the value of the transaction.

• Pursuant to 12 USC 1818(i) and 1786(k), and 31 USC 5321, the federal banking agencies and FinCEN, respectively, can bring civil money penalty actions for violations of the BSA. I

– Individuals may be removed from banking pursuant to 12 USC 1818(e)(2) for a violation of the AML laws under Title 31 of the U.S. Code, as long as the violation was not inadvertent or unintentional.

• Any property involved in a transaction or traceable to the proceeds of the criminal activity, including property such as loan collateral, personal property, and, under certain conditions, entire bank accounts (even if some of the money in the account is legitimate), may be subject to forfeiture.

• Pursuant to various statutes, banks and individuals may incur criminal and civil liability for violating AML and terrorist financing laws.

• Banks risk losing their charters, and bank Teammates risk being removed and barred from banking.

• All of these actions are publicly available.

01/2014 60

PROTECTING THE BANK FROM ENFORCEMENT ACTIONS

Internal Controls

01/2014 61

Testing and Reviews

• Testing staff on their comprehension of the training

– BSA AML Review

– Target Training to those who need it

• Know Your Employee

– Accountability for errors

– Assessing Risk

• Used in the employees incentive program01/2014 62

What is Tested and Reviewed• Customer Identification Program

• Customer Due Diligence Program (CDD)

• OFAC Compliance

• Currency Transaction Reporting

• Negotiable Instrument Log Tracking

• Data Validity

• Suspicious Activity monitoring

• Fraud monitoring

01/2014 63

Know Your Employee (KYE)• Accountability for errors

– When reviewing for errors by branch staff be sure to document who made the errors to track certain employees that need more training

• Assessing Risk

– Assess the risk of employees that may be overlooking certain regulations, use the opportunity to help coach them to understand the regulations

• Target Training for staff

– KYE gives the BSA Team the opportunity to give specialized training to areas of BSA that staff may need to be coached in further

01/2014 64

Effects of BSA Errors

• When reporting the errors to management it is important to point out certain factors

– What section of the BSA program is the error

– What is the exact BSA error

– What are the possible effects of the BSA errors on the Bank

– What can be done to resolve the errors going forward

01/2014 65

Summary

• Assess the risk of your institution being used as a conduit to launder funds though

• Review and test key BSA / AML functions to determine how employees perform

• Document information from investigations

• Use analytics to look for patterns and trends of the branch staffs compliance with BSA / AML functions

01/2014 66

Laying a Solid Foundation for your AML Operation with an Effective Risk Assessment Program

01/2014 67

Laying a Solid Foundation for your AML Operation with an Effective Risk Assessment

Program • Defining AML risk and understanding how to measure your

institution’s inherent risk

• Learning to identify the gaps in your AML operations and implementing effective risk mitigation controls and understand your residual risk

• Outlining the core components of the risk assessment you provide to examiners

• Communicating your institution’s risk vulnerabilities to senior management

01/2014 68

FFIEC BSA/AML Exam Manual (04/2010)http://www.ffiec.gov/bsa_aml_infobase/default.htm

01/2014 69

Parameters of Risk Assessment

INHERENT RISK

• Identify the risk exposure (list each risk) before any controls are in place as it applies to AML/BSA/OFAC in the various categories:

– Customer Base

– Products and Services

– Geography

• Identify the consequences of each risk

01/2014 70

Parameters of Risk Assessment

MITIGATED RISK

What controls are in place to reduce the risk exposure?

• Policies and Procedures

• Train staff

• Products and Services performed for customers only. Non-customer activity not allowed

• Certifications

• Independent Audits01/2014 71

Parameters of Risk Assessment

QUALITY OF RISK vs. QUANTITY OF RISK

• QUALITY of Risk = Residual Risk Exposure• Low• Moderate• High

• QUANTITY of Risk = Controls• Weak• Fair• Satisfactory

• NOTE: Larger institutions with dedicated business lines, should also have a Risk Assessment performed on each area that impacts your BSA program (i.e., Electronic Banking, Central Operations, International Division, Loan Operations, etc.)

01/2014 72

Parameters of Risk Assessment

IDENTIFY and MEASURE RISK

Aggregate your risk; summary judgment about the overall level of risk in these areas and as a whole:

– Products

– Services

– Customers

– Geographic Locations

01/2014 73

Parameters of Risk Assessment

DIRECTION OF RISK

A prospective assessment of the probable movement in aggregate risk over the next 12 months:

• Stable

• Decreasing

• Increasing

01/2014 74

Parameters of Risk Assessment

Results after Mitigants = Risk Based BSA Program

1. Internal Controls

2. BSA Compliance Officer

3. Training

4. Audit

The Four Pillars of a BSA/AML Program

01/2014 75

Risk Assessment Case Study A (handout)• Bank Maximus Bank

• Location Springfield, Illinois

• Number of Branches 90

• Summary:

– Headquartered in Springfield, Illinois, Maximus Bank, which has 90 branches and more than 150 ATMs throughout Illinois. Non-bank affiliates of the holding company include: Maximus Investment Services, Inc., which provides full brokerage services; Maximus Mortgage Group, Inc., which provides a full line of mortgage products. Maximus Bank

01/2014 76

77

Risk Assessment Case Study B (handout)• Bank Big Little Bank

• Location Miami, Florida

• Number of Branches 7

• Summary:

– Headquartered in Miami, Florida, Big Little Bank, which has 7 branches and more than 40 ATMs throughout Miami, the Florida Keys and one bank in the Bahamas. Non-bank affiliates of the holding company include: Big Little Investment Services, Inc., which provides full brokerage services; Big Little Mortgage Group, Inc., which provides a full line of mortgage products; and Big Little Insurance Group, LLC, which offers various lines of insurance products. Big Little Bank offers the following products and services and has a breakdown of the below customer base.

01/2014

Analyzing Key Elements of a Robust AML Program

01/2014 78

• Money Launderers can be everyday people

• Walter White is a bad bad man

• How using a cash intensive business can help launder funds

• How lawyers can be used by launderers to gain access to financial system

– Using lawyers to hide beneficial ownership

• How Casinos can be used to launder funds

• How investments can be used to hide the source of funds

• The intricacies of the scheme

• The three stages of Money Laundering

– Placement

– Layering

– Integration

• Criminals are aware of the money laundering regulation and work at ways to avoid reporting requirements

• Use of Safety Deposit Boxes to launder funds

Things We Learned

From Breaking Bad

About Money

Laundering…

01/2014 79

Things we learned from Homeland about Terrorist Financing How Shell Companies are used to hide funds

The use of OFAC to stop terrorist financing

How Terrorist Financing is a global affair

Utilizing companies to “wash their cash”

Using the soccer teams concessions and ticket sales to wash illicit funds through

Hiding the beneficial ownership of the company leading to hiding the true owner of the funds

01/2014 80

Analyzing Key Elements of a Robust AML Program

• Developing effective Know Your Customer (KYC) procedures, including customer identification programs (CIP), enhanced due diligence (EDD) processes and identifying Politically Exposed Persons (PEPs)

• Understanding your obligations under the Office of Foreign Assets Control (OFAC) and other international sanctions regimes

• Identifying the specific types of transactions that must be monitored to identify suspicious activity

• Addressing the many facets of suspicious activity reporting (SAR) requirements

01/2014 81

Know Your Customer (KYC)• From The Basel Committee on Banking Supervision

(CDD for banks paper)

– Without due diligence, banks can become subject to reputation, Operational, legal and concentration risk, which can result in significant financial cost

– Sound KYC policies and procedures are critical in protecting the safety and soundness of the banks and the integrity of the banking system

KEEP THE DIRTY MONEY OUT

01/2014 82

Know Your Customer (KYC)• Money Laundering continues to be a key issue for many banks and

businesses due to recent developments in the middle East and other areas of the world.

• Appropriate level of Due Diligence is risk-based to determine beneficial owners for example:

– Domestic versus Foreign

– Cash Intensive versus electronic transactions

– Volume of Activity

– Type of business (bakery versus manufacturer of machine parts)

• Determine types of business/clientele the Bank prohibits due to Bank’s risk tolerance.

01/2014 83

Know Your Customer (KYC)• Collect information on the client’s expected activity. This

information is used to compare activity that is inconsistent or out of pattern with “normal” business transactions.

• Information provided is utilized to review and assess the clients activity conducted through their accounts. (historical comparison)

– Helpful to know the occupation, business type, products/services client produces, client’s customer base, detail on volume of activity unique to client’s industry, etc.

– Ongoing process to keep client information updated: Should not have “stale” data on client.

01/2014 84

CDD Requirements • Key Elements

– Identifying and verifying the identity of customers• Already required

– Identifying and verifying the identity of beneficial owners of legal entity customers

– Understand the nature and purpose of the customer relationship

– Conducting ongoing monitoring to maintain and update customer information and to identify and report suspicious activity

Importance of CDD• Enhance availability of information to law

enforcement

• Identify assets and accounts of terrorist, money launderers, drug kingpins and other national security threats

• Help Financial institutions assess and mitigate risk

• Facilitate reporting and investigations in support of tax compliance

• Consistency in implementing and enforcing CDD regulatory expectations

Enhance availability of information to law enforcement

• Combat the use of shell companies used to launder illicit proceeds

• Combat the use of front companies

The Tale of Two Businesses

01/2014 88

Joe’s Pizza Smoe’s Pizza

• Mom and Pop pizza restaurant / sports bar located in a collage town

• Restaurant charges $10 for a large cheese pizza and $2 per topping

• Limited variety of beer on tap • Restaurant has a TV at each

table along with 30 Flat screen TVs on the walls and 2 inch TVs at each end of the restaurant

• Locally owned Pizza restaurant sports bar located in a collage town

• Restaurant charges $7 for a large cheese pizza and $1 per topping

• Multiple varieties of beer on tap • Restaurant has a TV at each

table along with 30 Flat screen TVs on the walls and 2 inch TVs at each end of the restaurant

Tale of Two Business Income Statements

01/2014 89

Joe’s Pizza Bank Records

01/2014 90

Smoe’s Pizza Bank Records

01/2014 91

Consider the Customer

01/2014 92

Low Risk Customer • Established existing

customer in good standing

• Predictable behavior

High Risk Customer • Type of business (Money

Service Business, Pawn Shop, Jewelry store etc.)

• Uses many of the banks products and services including wires and online banking

• New customer to the bank• “Cash intensive” customers

(enhanced reporting, additional monitoring)

93

Consider the Transaction• Low Risk Transactions

– Face to Face

– Domestic

– Typical (trends, patterns, etc.)

• High Risk Transactions

– Not Face to Face

– Foreign

– Atypical (trends, patterns, etc.)

– New customer relationship/account less than 90 days

01/2014

High Risk Accounts• Enhanced Due Diligence needed

• Cost / Benefit of having the account

– Does your bank want this type of account (Ex. Money Service Business / Cash Intensive)

– Will it benefit the institution

– What are the RISK

• Business Codes

– Utilized for monitoring purposes

– Utilized for Risk Ranking

01/2014 94

More Types High Risk Customers • Politically Exposed Persons (PEP)

– Senior Foreign Political Figure• Nonresident alien (NRA)

– an NRA is a non-U.S. citizen who: is not a lawful permanent resident of the United States during the calendar year and who does not meet the substantial presence test, or has not been issued an alien registration receipt card

• Cash-intensive businesses – Gas Station, Convenience Store

• Non-governmental organizations and charities (foreign and domestic) • Professional service providers

– Lawyers, Doctors, Accountants• Non-bank financial institutions

– Money Service Businesses

01/2014 95

Inconsistent Transactions • Nature of Business

– Does the transactions fit the business / Occupation of the customer.

• Similar situated businesses / members– Compare similar businesses in the same area to see if the transactions

fit.

• Between related relationships– Frequent internal transactions between like accounts (business to

Personal and vise versa)

• Avoidance of reporting or recordkeeping requirements– Structuring Transactions

• Deposit followed promptly by funds transferred

01/2014 96

EDD Tools

• Stay Current on AML issues and hot topics

• Review of Government Request: Subpoena and Search Warrants

• Visit to Businesses

• Visit to Branches

• Negative News

• Training

• Web Searches (refer to handout – Investigative Tools)01/2014 97

Identify Suspicious Activity

01/2014 98

Hot Topics in BSA • Regulatory pressures

• Increase number of penalties and fines

• 3rd party payment processors

• Remote Deposit Capture: – Business

– Consumer

• Money Service Businesses

• Virtual Currency / Bitcoin

01/2014 99

Fraud Hot Topics• Elder Abuse

• Small Businesses at Greater Fraud Risk

• DDoS: Distributed Denial of service attacks

• Malware

• Mobile Attacks

• Account Takeover

• POS and Retail Breaches

• Anti-Fraud Investments

01/2014 100

• Customer Deposits $8,000 in cash once a week

– What are your next steps in investigations

01/2014 101

• Customer receives wires in from an eastern European country

• The funds from the wire go to purchase cashiers checks payable to car dealerships• What are your next steps in investigations

01/2014 102

• Customer Deposits a total of $15,000 a week in cash non of the cash ins are over $3,000.

• In the cash deposits there are also money orders purchased at a local MSB – What are your next steps in investigations

01/2014 103

Example 1:

Smurfing

• Involves the use of multiple individuals and/or multiple transactions for making cash deposits, buying monetary instruments or bank drafts in amounts under the reporting threshold.

01/2014 104

Securities Broker-Dealers• Its international nature.

• The speed of the transactions.

• The ease of conversion of holdings to cash without significant loss of principal.

• The routine use of wire transfers from, to or through multiple jurisdictions.

• The competitive, commission-driven environment, which, like private banking, provides ample incentive to disregard the source of client funds.

• The practice of brokerage firms of maintaining securities accounts as nominees or trustees, thus permitting concealment of the identities of the

true beneficiaries.

10/2014 105

01/2014 106

Securities Broker-Dealers Example• Josh opens a securities account at two brokerage firms with

money that he made through drug trafficking.

• One account, he takes a long position for a Eurodollar futures contract

• The other account, he takes a short position for a Eurodollar futures contract.

• Whatever the market does, the losses and profits will offset each other, and he can request the proceeds of his activity in the form of a check from a reputable brokerage firm.

• Money Laundering Money Service Business’

01/2014 107

Insurance Policies

• Colombian drug cartels were laundering large sums of money through the purchase of life insurance policies in Europe, the United States and offshore jurisdictions.

• The policies were purchased with drug proceeds sent to the insurance companies via wire transfers and checks by third parties around the globe.

• The cartel purchase at least 250 life insurance policies and launder some $80 million in drug proceeds.

10/2014 108

Money Laundering Insurance Companies• Borrowing against the cash surrender value of permanent life insurance

policies.

• Selling units in investment-linked products (such as annuities).

• Using insurance proceeds from an early policy surrender to purchase other financial assets.

• Buying policies that allow the transfer of beneficial interests without the knowledge and consent of the issuer (e.g., secondhand endowment and bearer insurance policies).215

• Purchasing insurance products through unusual methods such as currency or currency equivalents.

• Buying products with insurance termination features without concern for the product’s investment performance.

01/2014 109

Is This Suspicious? (handout)

01/2014 110

Unemployed homemaker receives round dollar ACH credits from PayPal aggregating to 25,000 per month. She withdraws $4,000 - $5,000 in cash every other Friday.

Client who owns a liquor store starts depositing large amounts of 3rd party checks. Some are payroll checks written to individuals, the largest one you see is for $1657.00.

Client queries about amounts of currency that can be deposited without a CTR being filed. He is never observed making cash transactions at the branch where he inquired.

Retired librarian deposits $66,000 in $100 bills.

Contractor deposits checks made payable to his business and always takes $8,500 in cash back. He states that it is to pay his subcontractors.

“Unemployed Student” opens an account with $100 cash. Account is dormant for 3 months and then 4 wires for $9965 USD are received from the same originating bank in the Bahamas over a 10 day period. The originating parties are all different individuals. All the funds are then wired to a 5th individual in the Czech Republic.

01/2014 111

Is This Suspicious? (handout)Pharmacist withdraws $7,000 to $9,000 in cash every 2 weeks from the business account for his pharmacy and states that it is his payroll. He has a direct deposit to his personal account from “Automatic Payroll Solutions” for $3,452.86 every 1st and 15th of the month.

Client requests $4,000 in $100 bills to refill the ATM machine at his liquor store.

Client requests to send a wire to “Iran Shadowy Company” in Germany.

Client deposits $14,000-15,000 in cash every month and states that it is rental income.

$50,000 Escrow check deposited. Withdrawals made in $7,000 increments over 2 weeks. Total withdrawn $49,000. Client states he is remodeling his home.

Employees of a business are purchasing cashier’s checks with cash payable to owner of business. Type of business not known to be cash intensive.

NBA player deposits $100,000 in cash.

HOW WOULD YOU LAUNDER THE MONEY???

If you were given $100,000 in cash a week, how would you launder the funds to hide the source?

01/2014 112

113

Getting the Point Across• Customer opens a business account for $500,000.00 (type of

business is a small mom and pop convenience store)

• The activity on the account shows cash ins from 6,000.00 –10,000.00 on a daily basis. Customer sends ACH transactions via western union on a daily basis. The Cash into the account = the ACH out of the account almost exactly

• The customer is investigated for possible structuring cash ins to avoid the CTR.

• After a few months law enforcement looks into the reports filed and decides to seize the funds of the customer, they seize the amount of the funds suspected of structuring (around $460,000.00

01/2014

Getting the Point Across

01/2014 114

• Lets take the same scenario below and add in the information to the right

• Customer opens a business account for $500,000.00 (type of business is a small mom and pop convenience store)

• The activity on the account shows cash ins from 6,000.00 – 10,000.00 on a daily basis. Customer structuring (around $460,000.00) sends ACH transactions via western union on a daily basis. The Cash into the account = the ACH out of the account almost exactly

• The customer is investigated for possible structuring cash ins to avoid the CTR.

• After a few months law enforcement looks into the reports filed and decides to seize the funds of the customer, they seize the amount of the funds suspected of suspected of structuring (around $460,000.00)

• When account first opened customer obtained a business credit card with a $10,000.00 limit

• Customer also had a mortgage on their home for $250,000.00

• Law enforcement finds the customer was illegally selling prescription drugs out of their store

• Law enforcement seizes all assets of the customer and the customer’s are charged

• The customer has a balance on their credit card of $8,500.00

• Customer owes $247,000.00 on their mortgage

• Possible loss to the bank $255,500.00

Getting the Point Across• Customer opens a business account for $1,000,000.00 (type of

business is a Farm with a produce stand)

• The activity on the account shows cash ins from 4,000.00 –8,000.00 on a daily basis. It is noticed that the cash ins during the off season drop but do not stop, CTRs are completed on the customer, however they are split cash ins performed at different branches on the same business day

• The customer is investigated for possible structuring cash ins to avoid the CTR.

• After a few months law enforcement looks into the reports filed and decides to seize the funds of the customer, they seize the amount of the funds suspected of structuring (around $780,000.00)

01/2014 115

Getting the Point Across

01/2014 116

• Lets take the same scenario below and add in the information to the right

• Customer opens a business account for $1,000,000.00 (type of business is a Farm with a produce stand)

• The activity on the account shows cash ins from 4,000.00 – 8,000.00 on a daily basis. It is noticed that the cash ins during the off season drop but do not stop, CTRs are completed on the customer, however they are split cash ins performed at different branches on the same business day

• The customer is investigated for possible structuring cash ins to avoid the CTR.

• After a few months law enforcement looks into the reports filed and decides to seize the funds of the customer, they seize the amount of the funds suspected of structuring (around $780,000.00)

• When account first opened customer obtained a business credit card with a $15,000.00 limit

• Customer also had a real estate loan on the farm land for $1,500,000.00

• Law enforcement finds the customer was growing POT and had a drug prep area on the farm

• Law enforcement seizes all assets of the customer and the customer’s are charged

• The customer has a balance on their credit card of $12,000.00

• Customer owes $1,450,000.00. on their mortgage

• Possible loss to the bank $1,462,000.00

Suspicious Activity Reporting (SAR) Requirements

• Electronic Filing of BSA Reports as of 4/1/2013

• Addressing the many facets of money laundering and fraud

• Prepare a narrative that provides enough detail for law enforcement to take notice: Who, What, Where, When and How

• File within 30-days of detecting suspicious activity

• Repetitive SARs, have up to 120-days to file additional SAR

• Safe Harbor protection from civil liability suits when SAR filed

• Provide law enforcement with backup SAR documentation when requested without a subpoena

01/2014 117

Suspicious Activity Reporting Requirements• Law Enforcement can request documents that support a SAR

filing, all other information requires a subpoena.

• SAR Decision Making:– Have a process (policy, procedures, training) to refer and identify

suspicious activity

– Who is the decision maker to file a SAR? Individual or Committee

– Process to NOT file a SAR (document decision and include documentation to justify decision)

• Notify Board of Directors of SAR filings

• Protect confidentiality of SAR information

01/2014 118

SARs By The Numbers 2012 SARs By The Numbers 2013

01/2014 119

Filings by Affiliation or Relationship by Depository Institutions

01/2014 120

Suspicious Activity Reporting (SAR)SAR BY THE NUMBERS (by FinCEN): 2013 National Totals

01/2014 121

Number of SAR Filings2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013

January 23,535 22,705 39,475 39,895 56,378 52,160 56,170 50,481 59,110 65,574 12,232

February 23,472 28,501 37,437 45,197 56,750 57,731 60,944 52,875 56,594 67,010 21,088

March 24,597 31,051 43,469 52,414 58,356 57,791 74,987 65,431 70,611 66,336 45,719

April 22,688 29,350 42,185 46,792 51,525 64,184 65,360 61,344 67,871 69,213 67,278

May 21,454 29,788 43,866 50,800 50,277 57,707 58,816 54,780 69,247 76,060 72,255

June 21,821 31,028 44,660 50,706 51,407 58,490 59,741 58,961 66,322 66,085 63,579

July 22,335 32,413 40,193 45,079 56,971 61,520 58,893 57,415 65,591 70,160 70,857

August 23,183 35,480 46,278 50,352 53,925 65,982 56,510 61,469 70,373 75,843 74,312

September 25,549 31,162 46,132 44,208 49,957 60,820 56,530 57,708 64,871 65,870 68,751

October 27,959 34,949 44,135 49,517 58,652 72,215 58,546 57,511 65,888 72,339 79,201

November 25,066 36,983 51,248 48,821 52,569 63,025 54,530 58,906 64,835 65,823 69,631

December 26,684 38,261 43,577 43,299 52,409 60,938 59,282 60,486 77,375 100,545 69,027

Subtotal 288,343 381,671 522,655 567,080 649,176 732,563 720,309 697,367 798,688 860,858 713,930

Total Filings 6,932,640

01/2014 122

Questions?

01/2014 123

Joe Soniat, CAMS, CFE, BCPBSA/AML OfficerUnion Bancshares Corporationrobert.soniat@bankatunion.com

Ed Beemer APR, CAMSPrincipalComplianceCommefb@compliancecomm.com

01/2014 124