bank secrecy act: de-risk or up your game?
Post on 01-Jul-2015
371 Views
Preview:
DESCRIPTION
TRANSCRIPT
Bank Secrecy Act:
De-Risk or Up Your Game?
Jay Postma, CAMS
President
Compliance Conference
September 24, 2014
Industry Participation
Objectives
BSA/AML compliance demands an effective risk-based
approach. FinCEN Director Jennifer Shasky-Calvary has noted
that de-risking is "both healthy and unhealthy at the same time."
Wise banks take corrective action when they have "taken on
more risk than they can control"; and, de-risking is problematic
when a bank "cuts with a machete rather than a scalpel."
Learn about the risks of and best practices for serving: foreign
customers; money services businesses (including those
involved in digital currencies such as bitcoin), and third party
payment processors.
The “4 Pillars”I. Development of Internal Policies, Procedures and Controls
Risk focused policies
Procedures for each area or function
Controls to Ensure Compliance
Monitoring and Reporting Systems
II. Designation of Compliance Officer
Sufficient time, resources and authority
III. Training Program
Content based on current procedures and systems
Relevant to specific audience position and responsibilities
Documentation
IV. Independent Testing
Sufficient scope and testing
Reporting to the Board of Directors
Timely action to address any concerns or weaknesses
Suspicious Activity
• Prevent
• Detect
• Report
• Assist
Human Trafficking
Elder Financial Abuse
Drug Trafficking
Fraud
Terrorist Financing
Sea Change
“As Director, I feel it is important that financial institutions take responsibility when
their actions violate the BSA. And by accepting responsibility, it is not just about admitting
to the facts alleged in FinCEN’s enforcement action. It is also about admitting a
violation of the law. Over the last year, we have changed our practice at FinCEN to one
in which our presumption is that a settlement of an enforcement action will include an
admission to the facts, as well as the violation of law. And, we have begun implementing
this practice in our enforcement actions against all sizes and types of financial institutions.
Integrity and transparency goes a long way. It is a great bestowal of trust that enables
financial institutions to be part of the U.S. financial system, to be part of the global financial
system. And that trust -- that privilege -- comes with obligations. One of those obligations
is a responsibility to put effective AML controls in place so criminals and terrorists are not
able to operate with impunity in the U.S. financial system.
As FinCEN’s recent enforcement actions show, FinCEN will act under such circumstances
to protect the integrity and transparency of the U.S. financial system.”
Jennifer Shasky Calvery, Director, FinCEN
FIBA, Anti-Money Laundering Conference
February 20, 2014
De-risking
De-risking is the purposeful rejection or termination of
financial relationships with groups of customers or lines
of business considered high risk under BSA/AML
standards.
Money Services Businesses (MSBs)
Third Party Payment Processors (TPPPs)
Embassies
Correspondent Banks
Foreign Persons
Medical Marijuana
Gambling / Casinos
Gun / ammo retailers
adult entertainment
Impact of De-Risking
• Reputation and Public Relations Compromised
• Lost Revenue and Profits
• Collateral Damage
• Transfer of Risk - Not Decreased Risk
• Broader financial concerns
AML Regulations NOT meant
to shut legitimate business out
of the financial system
“Recently, we have been hearing about instances of ‘de-risking,’ where money
services businesses (MSBs) are losing access to banking services because of
perceived risks with this category of customer and concerns about regulatory
scrutiny. Some financial institutions also state that the costs associated with
maintaining these accounts outweigh the benefits. But just because a particular
customer may be considered high risk does not mean that it is ‘unbankable’
and it certainly does not make an entire category of customer unbankable.
Banks and other financial institutions have the ability to manage high risk customer
relationships.
It is not the intention of the AML regulations to shut legitimate business out of
the financial system. I think we can all agree that it is not possible for financial
institutions to eliminate all risk. Rather, the goal is to provide banking services to
legitimate businesses by understanding the applicable risks and managing
them appropriately.”
Jennifer Shasky Calvery, Director, FinCENFIBA, Anti-Money Laundering Conference
February 20, 2014
Decisions of Board and
Senior Management“The fact is, when we look at the issues underlying BSA infractions,
they can almost always be traced back to decisions and actions of the
institution’s Board and senior management.”
Deficiencies fall into four (4) areas:
Culture of Compliance
Resources Committed to BSA compliance
Strength of Information Technology and monitoring processes
Quality of risk management
Thomas J. Curry
Comptroller of the CurrencyACAMS, March 17, 2014
Walk the Talk
Board and senior management must send right message AND also
“walk the talk”
by ensuring that there is an alignment between good compliance
practices and the bank’s system of compensation and incentives.
by providing increased resources
by increasing the authority and status of the BSA Officer within
the organization
by ensuring proper incentives are incorporated throughout the
organization
Thomas J. Curry
Comptroller of the CurrencyACAMS, March 17, 2014
IMPROVEMENT
desired over De-Risking
Improving is a trend we want to encourage
“And it’s clearly a better option than simply
abandoning customers in higher risk categories
because a lack of resources makes it difficult to manage
the risk.”
Thomas J. Curry
Comptroller of the CurrencyACAMS, March 17, 2014
Categories too risky to bank?
“Some argue that, in the current regulatory environment, there are whole categories of businesses that
are too risky to bank. I understand why you would want to be cautious – some types of businesses are
more risky than others and require a higher level of due diligence. And in all candor, BSA is an area of
intense scrutiny, by banking regulators and law enforcement. “
“However, that’s why we support a risk-based approach.”
“Even in areas that traditionally have been viewed as inherently risky, you should be able to
appropriately manage the risk.”
“You shouldn’t feel that you can’t bank a customer just because they fall into a category that on its face
appears to carry an elevated level of risk. Higher-risk categories of customers call for stronger risk
management and controls, not a strategy of total avoidance. “
“Obviously, if the risk posed by a business or an individual is too great to be managed successfully,
then you have to turn that customer away. But you should only make those decisions after appropriate
due diligence.”
Thomas J. Curry
Comptroller of the Currency
ACAMS, March 17, 2014
Step Up Our Game
“It’s clear that we all need to step up our game, both banks and Government
alike, because the challenges are growing by the day. In part, that’s because the
bad guys are stepping up their game. But it’s also because of the impact of
technology. Technology is not only changing the way we live, but it’s
reshaping the payments system, broadening the choices available to businesses
and consumers, and even allowing payment and clearing mechanisms to exist
outside the traditional banking and thrift industries.”
Thomas J. Curry
Comptroller of the CurrencyACAMS, March 17, 2014
Culture of Compliance
FinCEN’s recent Advisory does NOT say anything that you have not heard
before…
It is another tool you can use to influence your organization’s leadership…
to help them live and breathe BSA/AML the same way that you do.
“Based on the enforcement cases I have seen time and time again, both during
my time as a prosecutor at the U.S. Department of Justice and now as Director
of FinCEN, I can say without a doubt that a strong culture of compliance
could have made all the difference. If I were to find myself responsible for
BSA/AML compliance within any financial institution, my first order of business
would be to pay attention to these core, fundamental concepts. Because once
you have a strong culture in place, including the support of your institution’s
leadership, you have a firm foundation on which to build an effective program.”
Jennifer Shasky Calvery, Director, FinCENFIBA, Anti-Money Laundering Conference
February 20, 2014
Compliance - Defined
Fulfillment (n)
Observance
Conformity
Disobedience (antonym)
Obedience (n)
Acquiescence
Agreement
Falling in line
Submission
Resistance (antonym)
Compliance is: Doing it right the first time...Adhering to internal policies
and procedures… Maintaining a standard that is in accordance with laws
and regulations
What’s Your Culture?
Signs of a lax, Non-Compliance Culture?
FinCEN’s Culture guidance – FIN-2014-A007
Advisory to U.S. Financial Institutions on
Promoting a Culture of Compliance
Have you shared the guidance with your Board
and senior management team?
6 Ways to Strengthen
Your ProgramA financial institution can strengthen its BSA/AML compliance program by ensuring:
1. Engaged Leadership
“its leadership actively supports and understands compliance efforts”
2. Compliance not compromised
“efforts to manage and mitigate BSA/AML deficiencies and risks are not
compromised by revenue interests”
3. Lines of Communication
“relevant information from the various departments within the organization is
shared with compliance staff to further BSA/AML efforts”
4. Human and Technological Resources
“the institution devotes adequate resources to its compliance function”
5. Competent Independent Testing
“the compliance program is effective by, among other things, ensuring that it is
tested by an independent and competent party”
6. Purpose
“its leadership and staff understand the purpose of its BSA/AML efforts and how
its reporting is used”
Hard Target
or Soft Pushover?
Do not compromise yourself with
lack of knowledge
lack of necessary information
lack of understanding
exceptions to policies and procedures
poor documentation
lack of focus or willpower
Will you be a wet noodle? A mouse?
Understand Your Markets
Stay on the Safe Side
• Recognize Danger
• Be Cautious and Think
• Staying Safe is the
reward for knowing what
to do and doing it
Money Services Businesses
“MSBs play a vital role in our economy and provide valuable financial services,
especially to individuals who may not have easy access to the formal banking
sector.”
“FinCEN is joined by the Federal Banking Agencies in continuing to support the
applicability of this guidance. Recently, officials from both the Federal Reserve Board
and Office of the Comptroller of the Currency underscored in Congressional
testimony that the joint guidance issued in 2005 remains in effect today. Scott
Alvarez, the Federal Reserve Board’s General Counsel, stated: ‘That [the]
guidance confirms that banking organizations may provide banking services
to MSBs that operate lawfully. The guidance is intended to assist banks in the
decision to open and maintain accounts for legitimate businesses by identifying the
programs and procedures they should have in place to perform customer due
diligence and monitoring of these customers for suspicious activity.’
Jennifer Shasky Calvery, Director, FinCENFIBA, Anti-Money Laundering Conference
February 20, 2014
WHY would someone
use an MSB?Convenience and Control
• Hours and locations
• Transaction based, immediacy, price transparency,
value
Funds Availability
• Immediate cash for checks; risk transference / no
NSFs
• Immediate / Guaranteed Prompt payment
Language and Culture
Accessibility
• Simple & easy to understand services
• No special skills required
Anonymity
Challenges faced by
MSBs
Bank service discontinuance; lack of in market services
Decreased transaction volumes and revenues
• minimal commercial checks
• increased check fraud risks- tax returns, mobile capture
Increasing competition for customers
High regulatory and banking compliance expectations
Common Issues identified
MSB Independent ReviewsIndependent Review
• Only performed when notified of impending IRS or GA DBF exam
• Only performed when specifically requested by bank
• Issues previously identified by independent review or regulators not
being corrected - repeat findings License, sign and/or pricing not
posted.
No employee background checks
FinCEN registration
• expired, needing late renewal
• re-registration not filed after change of ownership
Risk assessment not present or no evidence of ongoing review/updates
Compliance program inadequate, incomplete, generic, incorrect
• or no evidence of ongoing review/updating amid changes
Training - lack of documentation, or inadequate
CTRs and SARs - minor form completion errors; late
Bankers’ Concerns
in Serving MSBs
High Degree of Risk and Exposure Associated with MSBs
• Risky Business... unsophisticated, inadequate risk
management
• Tons of cash!
• Unknown, Vague, Shady source of cash
• Criminals can abuse MSBs
• Difficult to understand, monitor and manage the MSB
relationships
Negative Perceptions
Law Enforcement and Banking Regulators often perceive MSBs as
…
• being used by either criminals, shady/bad people, or by
uneducated, uninformed or foolish consumers who would be
better served by a bank
• “The Un-banked” - “The Under-Banked” - “The Self-Banked”
• being insufficiently regulated
• being subject to insufficient examination
• being irresponsible, incompetent, inattentive, reckless...
Challenging / Difficult
• Regulatory rules and issues can be complex
• Bank may not sufficiently understand customer
business or risks
• May result in gaps with bank compliance and risk
management
• May result in bank compliance issues, regulatory risks
Regulatory Expectations
for the Bank
• Effective supervision/monitoring of MSB relationships
• Reasonable understanding of MSB risks
• Meaningful additional action on higher potential risks
Interagency guidance since 2005, FFIEC BSA/AML
Exam manual, and best practices...
• Low Risk? - registration and licensing
• High Risk? - expanded due diligence
• Price appropriately
• Recourse and collateral considerations
• Security considerations
• Ongoing monitoring
Risk of MSBs
• Principal Money Transmitter (high risk areas)
• Principal Money Transmitter (lower risk areas)
• Full Service MSB / Principal Check Casher, multi-store, high dollar, non-natural
persons
• Full Service MSB / Principal Check Casher, multi-store, high dollar
• MSB Agent, money transfer services limited to high risk areas
• Full Service MSB/ Principal Check Casher, multi-store, low dollar
• Full Service MSB/ Principal Check Casher, one store
• Offers MSB services including check cashing, low dollar, limited scope (e.g.
payroll)
• Offers MSB services - agent only, not dedicated to serving high risk areas
Note that higher potential risk MSBs can be lower risk due to mitigation efforts.
Bank Requirements for
Higher Risk MSBs
• Initial & ongoing site visit, inspection, staff interviews
• Negative news monitoring
• Independent Review
• Scope. Reviewer. Reporting. Management
responses.
• 3rd Party review on behalf of bank
• Assessment of foreign government oversight
Core needs of the bank
• Meaningful, complete background - CIP & CDD
• Confirm FinCEN registration
• Confirm State licensing
• Confirm Agent status
• Ability to assess risks
• Ability to monitor
• Address Credit Risk / Exposure
Bank Pricing of MSB Accounts
• Analysis
• Compliance Surcharge
• Set cash limits / require
armored courier service
• Consider additional
collateral
Bank monitoring
of MSBs
• Verify FinCEN registration, state licensing
• Ongoing Extended Due Diligence on higher risk
MSBs
• Independent Reviews
• 3rd party review on behalf of bank
• Large fluctuations / change in volume - reasonable?
• Check cashing concentration, non-natural persons
• Out of market deposits
Reasonable Considerations for
MSBs wanting to keep and establish
banking relationships
• Communication, transparency, responsiveness
• Don’t assume your bank understands what you
do and want makes sense
• Help the bank accurately understand risks
• Provide documented evidence of compliance
• Be sure your relationship is beneficial to the
bank
• Maintain sound credit and security practices
Common Bank Issues
re MSBs• Not understanding MSB customers and that each have different risks
• Failure to reasonably risk rate MSBs, distinguish between higher and lower risk MSB customers, identify changes in risk exposure over time
• Poorly defined policies and procedures regarding MSB relationships
• Incorrectly identifying all MSBs as high risk then not following FinCEN guidance or Board approved policies regarding monitoring
• Not setting and maintaining reasonable standards for performance
• Not extending bank culture of compliance to MSB relationships
• Not charging MSBs appropriately for services rendered
• Missing security implications of large cash deposits or withdrawals
• Not considering credit risks of MSB relationships
• Accepting poor quality independent reviews
• Lack of documented customer visitation
• Lack of 3rd party review on behalf of bank for high risk entities
Third Party Payment Processors
Money Transmitter
moves money on behalf of sender to receiver
Third Party Payment Processor
moves money on behalf of receiver from sender for settlement of
a transaction other than the funds transfer itself
• NOT currently directly subject to Bank Secrecy Act
compliance
• provides gateway to banking system
• State money transmitter licensing may be required
• subject to examination by state(s) where licensed
• 3rd party review on behalf of servicing bank(s)
TPPP Overview
• A bank’s business customer that uses its deposit
relationship to process payments on behalf of other
businesses.
• Bank provides channel for clearing and settlement a
variety of payment types: ACH, checks, payment cards,
digital currencies, etc.
• May include electronic checks created through
Remote Deposit Capture, or
• Remotely Created Checks (RCCs) that never existed
in paper form.
• Differs from traditional business banking relationships
where payment transactions (e.g., ACH, checks, etc.)
are made on behalf of the business customer.
TPPP Merchant Clients
• What type of merchants? Risk level?
• How are merchants qualified and accepted?
• Who is served under what conditions?
• How and when are merchant relationships
terminated?
Higher Potential Risk
Merchants / Activities
Ammunition Sales
“As Seen on TV”
Coin Dealers
Credit Card Schemes
Credit Repair Services
Dating Services
Drug Paraphernalia
Escort Services
Firearms/Fireworks Sales
Gambling
Get Rich Quick Products
Government Grants
Home Based Charities/Businesses
Life Time Guarantees
Membership/Purchasing Clubs
Pyramid Type Sales
Pay Day Loans
Pharmaceutical Sales
Pornography
Ponzi Schemes
Racist materials
Raffles/Sweepstakes
Surveillance equipment
Telemarketing
Tobacco Sales
Travel Clubs
TPPP Red Flags
• Significant Consumer Complaints
• unauthorized, misrepresented, intimidated,
threatened into providing account information
• High level of unauthorized returns/charge-backs
• Unverifiable merchant information (e.g., website,
business registration, etc.)
• Unexpected volume/value activity or change
• Prior civil, criminal and regulatory actions against
processor or its principals
• Law enforcement inquiries
Bank’s Minimum
Responsibilities• Comprehensive Policies and Procedures
• Assess risk of TPPPs (including review of merchant clients)
• Review Contracts with Processors and Sub-Processors
• Establish sound and enforceable contractual requirements for
all parties
• In-Depth Enhanced Due Diligence
• Evaluate Due Diligence Performed by Processors on Merchants
they work with
• Perform Ongoing Monitoring
• Consumer complaints
• High rates of returns or charge backs
• Establish and Maintain Adequate Reserve Accounts
• Ongoing Training- staff can effectively monitor/identify problems
Reliance on TPPPs
• Banks must not rely entirely on TPPP systems
for merchant approval and monitoring.
• Cursory merchant reviews without ensuring
appropriate ongoing monitoring of the TPPP and
transaction activity is inappropriate.
• Any reliance placed on TPPP for initial or
ongoing tasks need to be verified periodically by
external and/or bank review of TPPP policies,
procedures, and processes
TPPP Best Practices
• Require TPPP to provide documented analysis /
legal opinion regarding potential state licensing
issues
• Require TPPP to have written risk-based BSA/AML
program
• independent review; 3rd party review
• Periodic bank review and/or 3rd party examination
• Negative news monitoring of TPPP, merchant
clients
Remember!
• Bank retains ultimate responsibility for all
transactions flowing through the bank.
• Must file SARs on unusual or suspicious activities
• Bank must have sufficient understanding of each
TPPP and its merchant processing to identify
unusual activity.
Questions?
Jay Postma, CAMS
President
MSB Compliance Inc.
Jay.Postma@MSBComplianceInc.com
(678) 389-9068
www.LinkedIn.com/in/jaypostma
www.MSBComplianceInc.com
www.Twitter.com/MSBCompliance
Weekly newsletter:paper.MSBComplianceInc.com
top related