audit program bank secrecy act and anti-money laundering compliance... · audit program bank...

Audit Program Bank Secrecy Act and Anti-money Laundering

W/P REF.

DONE BY

DATE

Section A - Administration

Audit Objective Determine that the bank has developed, and administers and maintains a program that ensures and monitors compliance with the Bank Secrecy Act anti-money laundering regulations.

Audit Program

1. Determine that the bank has implemented a compliance program designed to assure and monitor compliance with the recordkeeping and reporting requirements of the Bank Secrecy Act (BSA) and its anti-money laundering (AML) regulations. Determine that program policies and procedures are:

Documented in writing.

Approved by the board of directors and noted in the board minutes.

Reaffirmed annually as required by policy.

Updated to reflect changes in the law and operations.

2. Obtain and review the BSA/AML compliance program and determine that the contents of the compliance program provide for the following:

System of internal controls to ensure ongoing compliance.

Independent compliance testing conducted by either bank personnel or an outside party.

Designation of a qualified individual(s) responsible for coordinating and monitoring day-to-day compliance.

Training for appropriate personnel.

3. Determine that the bank's AML policies address the following:

The various types of money laundering.

Compliance with BSA and related AML laws and regulations.

A "know your customer" program.

High-risk activities, businesses, and foreign countries commonly associated with money laundering.

4. Determine that the board of directors has appointed a BSA/AML officer.

Through discussions with the BSA/AML officer, determine and document the duties and responsibilities assigned to this position.

If responsibilities for compliance with various aspects of BSA/AML have been delegated to other individuals or departments, determine and document their role.


5. Determine that the bank provides periodic training for appropriate personnel regarding their responsibilities under BSA/AML. Training should include, but not be limited to, tellers, platform, lending personnel, trust personnel, wire room, and bookkeeping personnel.

Note dates of training session performed during the audit period and determine that the frequency of the training is adequate and that training is ongoing.

Review documentation relevant to the scope of training sessions and determine the adequacy of such training based upon the targeted audience.

6. Determine that the bank retains copies of the following records for a minimum of five years:

Cash Transaction Reports (Form 4789).

Exemption lists.

Designation of exempt persons.

Biennial filings.

Annual reviews.

Monetary instrument logs.

Report of International Transportation of Currency or Monetary Instruments (Form 4790).

NOTE: When a customer is removed from the exempt list, the request for exemption is to be maintained for five years after removal from the list.

7. Summarize results of testing and conclude as to whether the audit objective has been met.

Section B - Customer Identification Program and Foreign Banking Relationships

Audit Objectives

To determine compliance with Section 326 of the USA Patriot Act, requiring financial institutions to implement a customer identification program.

To determine compliance with foreign correspondent and private banking relationships and information sharing.

Audit Program

Customer Identification Program (CIP)

1. Determine whether the bank has developed and implemented a CIP for all new customers.

2. Obtain and review CIP policy/procedures. Verify compliance with the following requirements:

Program is documented.

Program is approved by the board of directors and is incorporated into the bank's BSA program.

Program includes identification and verification of new accounts


recordkeeping and comparison against government list of known or suspected terrorists.

USA Patriot Act

1. Determine whether the bank maintains correspondent account

relationships with foreign banks.

If so, ensure the bank prohibits foreign shell banks from maintaining a correspondent account.

If not, determine whether the bank's BSA/AML policy/procedures address this area.

2. Determine whether the bank maintains private banking accounts.

If not, determine whether the bank's BSA/AML policy/procedures address this area.


Section C Office of Foreign Assets Control

Audit Objective To determine that the bank complies with the Office of Foreign Assets Control (OFAC) regulations prohibiting specific transactions with targeted countries and individuals or entities that are known to be acting on behalf of targeted countries.

Audit Program

1. Determine that the bank has written policies and procedures for complying with OFAC laws and regulations.

2. Determine who has been delegated responsibility for compliance with OFAC and for overseeing blocked funds.

3. Determine and document the procedures for filtering transactions for possible OFAC violations as follows:

New deposit accounts.

Established deposit accounts.

New loans.

New trust relationships.

Wire transfers.

Letters of credit.

4. Determine and document procedures for maintaining a current list or database of blocked countries, entities, and individuals and disseminating such information throughout the bank.

Ensure the list/database is up-to-date with foreign countries that the United States has imposed economic sanctions.

Ensure the list/database contains specific sanctions by each individual foreign country, with a synopsis of the types of activities prohibited or severely limited.


Confirm the availability of the list/database to deposit, lending, wire, and operational personnel.

5. Verify the bank rejects funds transfers that are remitted (outgoing):

By or on behalf of a blocked entity or individual.

To or through a blocked entity.

In connection with a transaction in which a blocked entity or individual has an interest.

6. Verify that reports on rejected transactions are sent to OFAC within 10 days and include the following:

Name and address of the financial institution requesting the transfer.

Date and amount of transfer.

Photocopy of the transfer or payment.

Reason for rejection. Name and telephone number of compliance personnel at the bank who has knowledge of the transaction.

Name and address of the beneficiary bank.

7. Ensure bank procedures require the following when a payment order governed by OFAC is received (incoming):

The bank accepts the instruction.

Debits the customer's account.

Blocks the payment on the books.

NOTE: The bank may not reject the instructions and cannot accept a customer's cancellation of the original instructions. "Suspense" accounts should not be used. The only manner that the bank can process a transfer related to a targeted country is if the underlying transaction is authorized by general or specific license from OFAC.

8. Ensure that procedures require that transferred funds are blocked and placed in interest bearing accounts that the bank maintains an audit trail.

9. Verify that if the bank is holding blocked property, it reports to OFAC such property within 10 business days from the date that the property becomes blocked along with a copy of the transfer instructions.

10. Review any reports of blocked funds remitted during the audit period and verify the following has been provided:

Financial institution's name and address.

Identification of the property.

The owner of the account.

Property address and location.

Account number.

Value of the account.

Blocking data.

Photocopy of the transfer or payment instructions.


Confirmation that the funds have been deposited into a blocked account. The identity of the individual or entity subject to be blocking should be clearly identified.

Name and phone number of compliance personnel at the bank who has knowledge of the transaction.

Date of report.

11. If blocked property is maintained, determine that an annual report of blocked property held as of June 30 is filed with OFAC by September 30 using Form TDF 90-22.50.

12. Determine the bank releases funds from accounts that have been blocked only with specific authorization from the U.S. Treasury Department.

13. Determine that records relating to blocked property are retained for five years after the date property is unblocked and are made available to the U.S. Secretary of the Treasury upon request. All other records must be retained for five years after the date of the transaction.

14. Determine the bank is prepared to report to OFAC complete information relative to any transaction or property in which any foreign country or any foreign national has any interest in, including books of accounts, contracts, letters, or other papers connected with any such transaction.


Section D - Funds Transfers

Audit Objective To determine that procedures are in place to ensure compliance with recordkeeping requirements for funds transfers in the amount of U.S. $3000 or more.

Audit Program Suspicious Funds Transfer Monitoring

1 Determine and document the procedures in place to monitor for accounts with frequent cash deposits and subsequent wire transfers of funds to a larger institution or out of the country.

2. Determine and document the procedures in place to monitor funds transfer activity for unusual patterns that might not be consistent with the nature of the business or occupation of the customer. Ensure written procedures have been developed, and include the following in your review:

The method for capturing the data to be analyzed manual or automated.

The frequency at which the captured data is compiled and submitted to the BSA officer for review. Include the scope of the BSA officer's review and action taken when unusual patterns are identified that require additional research (e.g., additional research of customer activity, knowledge of


customers' business, involvement of account officer, or suspicious activity reporting.)

3. Determine that the wire transfer database used for analysis by the BSA officer is complete.

If the process is manual, select a sample of wire transfers (incoming and outgoing) from the wire transfer request forms and ensure the wires were properly entered into the manual database.

If the process is automated, select a sample of wire transfers (incoming and outgoing) to ensure system interfaces are working properly.

4. Review the BSA officer's periodic analysis of wire transfer activity. Discuss with the BSA officer the nature of the analysis performed, and ensure it considers, at a minimum, the following red flags:

A high volume of international wire activity processed by the bank.

Customers sending/receiving high volumes of wires, both domestic and international.

Customers sending/receiving wires from foreign/unregulated money exchange houses.

Customers sending/receiving wires from non-cooperative countries.

Noncustomer activity, including pay-upon-proper-IDs.

Unusual wire activity, such as customers receiving small dollar wires followed by large outgoing wires.

High volume of wires for whole dollar amounts.

5. Review the results of the BSA officer's monitoring procedures and ensure monitoring is adequately documented and contains evidence of appropriate research. In addition, ensure that conclusions are well documented and that SARs are filed, if appropriate.


Section E - Filing of Currency Transaction Reports (CTRs) and Currency and Monetary Instrument Reports

Audit Objective To determine that adequate procedures are in place to ensure the identification and reporting of currency transactions greater than U.S. $10,000 to the U.S. Internal Revenue Service (IRS).

Audit Program

1. Determine if the bank has received a U.S. Treasury Department targeting order. If it has, consider scope modifications.

2. Document the process followed to ensure all reportable transactions are identified, being sure to include the following information:


How tellers process cash transactions to ensure transactions >$10,000 are captured by the system as reportable transactions.

Determine whether currency/coin exchanges are processed to ensure these amounts are captured and aggregated with other cash-in and cash-outs of the customer (i.e., customer deposits to an account and obtains a coin order.)

The various BSA reports with an explanation of how each report is used. NOTE: Determine whether exception reports are available and whether they are being used and reviewed regularly.

The process management uses to ensure a properly completed CTR is filed on time.

The process for correcting currency transaction report errors before filing with the IRS, including procedures for tracking errors by branch/employee, and action taken to address training issues.

3. From the applicable system reports used by management to identify reportable transactions, randomly select 20 cash transactions greater than $10,000 from the most recent six-month period. Ensure that CTR forms were filed for all reportable transactions, or that reasons for not filing a CTR are documented and are reasonable (i.e., exempt transaction; not a cash transaction.) In addition, ensure CTRs are completed in accordance with the guidelines.

4. Review the CTRs selected in Step 3 above and select 10 additional CTRS filed by the bank in the most recent 6 month period. Include different types of reportable transactions and CTRs originated from various sources. Ensure that:

The most recent version of the IRS form is in use.

All applicable areas of the CTR form were properly completed.

Each CTR was signed and dated by the preparer and reviewer.

The CTR was filed within 15 calendar days following the date of the transaction.

5. Review all correspondence from the IRS or Treasury regarding incorrect or incomplete CTRs returned for corrective action since the last audit. Ensure the bank has implemented appropriate corrective action and filed the report within 20 calendar days.

6. Determine whether the bank has physically transported currency or monetary instruments totaling more than $10,000, on its own behalf, into or out of the United States. If so, verify that a Currency and Monetary Instruments Report - Form 4790 was filed with the U.S. Customs Service as follows: (31 CFR 103.25)

The bank filed Form 4790 with the Commissioner of Customs at the time currency or other monetary instruments exceeding $10,000 was transported, mailed, or shipped from the United


States to any place outside the United States, or into the United States from any place outside the United States.

The bank filed Form 4790 within 15 days after receipt when it received U.S. currency (or other monetary instruments) in an aggregate amount exceeding $10,000 on any one occasion, which was transported, mailed, or shipped to the bank from any place outside the United States, in which a form had not previously been filed.

7. Determine whether there is a procedure to identify and report suspicious transactions or pattern of activity to the BSA officer.

8. Determine whether the bank performs a periodic review of currency shipments to and from the Federal Reserve Bank, correspondent banks, and between branches over a period of time (at least 3 months) to determine that the volume appears reasonable.


Section F - Exemption List and Designation of Exempt Persons

Audit Objective To determine that exemption procedures are in compliance with the administrative exemption rules.

Audit Program

1. Determine whether the bank maintains a centralized list of customers who are exempt from CTR requirements.

2. Obtain and review the centralized list to ensure that only the following permitted exemptions are included:

Domestic banks.

Federal, state, and local government agencies and any entity exercising governmental authority (powers to tax, exercise the authority of eminent domain, or exercise police powers).

Any entity listed on the New York Stock Exchange, American Stock Exchange, or NASDAQ Stock Market (franchises are not included.)

Subsidiaries of a listed entity (provided the listed entity owns 51 percent.)

Non-listed businesses (includes franchises of a listed business.)

Businesses that make frequent cash withdrawals for payroll purposes.

3. Review the bank's "designation of exempt persons" procedures for adequacy.

4. Select a sample of 10 "exempt persons"

exempt since the prior audit

from the centralized list. Include each type and test for compliance with the exemption rules, as follows:


Domestic Banks, Government Agencies, Listed Businesses and Subsidiaries of Listed Businesses

Determine that the "designation of exempt persons" was made by filing a single CTR and the Designation of Exempt Persons form (TDF 90-22.53.)

The designation of exempt persons was filed no later than 30 days following the first transaction in excess of $10,000.

NOTE: All cash transactions are exempt and the entity need not have an account relationship.

Non-Listed Businesses and Payroll Customers

1. Determine that the designation of exempt persons was made by filing a Designation of Exempt Persons form (TDF 90-22.53) and the account holder has met the exemption criteria as follows:

Has maintained a transaction account for at least 12 months.

Had frequent currency transaction more than $10,000 or withdrawals in excess of $10,000 in currency to pay employees in the U.S., as applicable (eight times in a 12 month period).

Is incorporated or registered as an eligible business in the United States.

NOTE: In determining the qualification of a customer as an exempt person, a bank may treat all exemptible accounts as a single account. All accounts of the exempt person become exempt and only transactions conducted through an exempt account(s) are exempt from the reporting requirements.

NOTE: A sole proprietor may be treated as a non-listed business or payroll customer if it otherwise meets the requirements and the account(s) is used for business purposes.


Section G - Exempt Account Reviews, Biennial Renewals, and Monitoring System

Audit Objectives To determine that periodic reviews of exempt account holders are performed to ensure that only properly qualified account holders remain exempt and that there is a system in place to monitor accounts of exempt persons for suspicious activity.

Audit Program

1. Obtain and review the bank's policies and procedures for the annual review and biennial renewals of exempt persons.


2. Determine that the bank has established procedures to review and verify information supporting each designation of an exempt person at least once each year as follows:

Listed Businesses/Subsidiaries of Listed Businesses

Ensure that the parent company of a listed business remains listed on the stock exchanges.

Non-Listed Businesses and Payroll Customers

Ensure the account holder continues to meet the eligibility requirements for an exemption as follows:

Conducted frequent transactions > $10,000.

Is still duly incorporated or organized in accordance with eligibility requirements.

3. Determine and document the bank's procedures for monitoring all accounts of non-listed businesses and payroll customers for suspicious activity.

4. Determine that the bank submits a biennial filing with the U.S. Treasury to renew the exempt status of non-listed businesses and payroll customers (designation of exempt persons) as follows:

The designation is renewed beginning on March 15 of the second calendar year following the year in which the first designation of such customer as an exempt person is made, and every other March 15 thereafter.

The renewal includes a statement certifying that the bank's system of monitoring transactions in currency of an exempt person for suspicious activity has been applied as necessary, but at least annually, to the account of the exempt person to whom the biennial renewal applies.

The renewal includes information about any change in control of the exempt person involved of which the bank knows (or should know based on its records).

5. Select a sample of exempt account holders being sure to include each type and review the documentation used for the annual review and biennial renewal, as applicable:

Annual Review - Listed Business

Ensure the parent company remains listed on the stock exchange as outlined in Step 2.

Annual Review - Non-Listed Business and Payroll Customer

Ensure all accounts of the account holder have been monitored for continued eligibility and suspicious activity as outlined in Step 2.

Biennial Renewal - Non-Listed Business and Payroll Customer

Ensure a biennial renewal has been filed certifying the monitoring of accounts of the account holder for suspicious activity as outlined in Step 4.


6. Determine that the bank has established procedures to provide notice that an exemption has been revoked by filing Treasury form TDF 90-22.53 - designation of exempt persons.


Section H - Monetary Instrument Sales

Audit Objective To determine that adequate procedures are in place to maintain records of cash sales of monetary instruments for $3,000 to $10,000.

NOTE: Testing of monetary instrument logs/records may be completed during branch audits.

Audit Program

1. Obtain and review the bank's policies and procedures for the sale of monetary instruments and document the bank's policy for selling monetary instruments to both deposit and non-deposit account holders.

NOTE: Monetary instruments include bank checks, drafts, cashier's checks, money orders, and traveler's checks.

2. Determine whether the bank has elected to maintain the monetary instrument logs for cash sales of negotiable instruments in amounts from $3,000 to $10,000 inclusive or to comply with the requirement to obtain and maintain records of certain information (which may be kept in any format).

NOTE: Contemporaneous purchases totaling $3,000 or more must be treated as one purchase.

NOTE: Multiple purchases during one day totaling $3,000 or more must be treated as one purchase if the bank has knowledge of their occurrence.

3. Determine that there is a procedure in place to identify and report suspicious transactions or patterns of activity to the BSA or security officers.


Section I - Suspicious Activity Reports

Audit Objective To determine that procedures are in place for the identification and reporting of suspicious transactions relevant to a possible violation of law or regulation.

Audit Program

1. Determine and document the process established for reporting suspicious transactions relevant to a possible violation of law or


regulation including BSA.

2. Determine that the board of directors or a designated committee is promptly notified of all SAR filings. Review the division of responsibilities between the BSA officer and the Security officer.

3. Verify SARs are filed with Financial Crimes Enforcement Network (FinCEN) under the following circumstances:

Insider abuse involving any amount. NOTE: An insider is defined as any director, officer, employee, agent, or other bank-affiliated party.

Where the bank believes that it was an actual or potential victim of criminal violation, a series of violations, or that the bank was used to facilitate a criminal transaction, and the violation aggregates $5,000 or more and the bank can identify a suspect.

Where the bank believes that it was either an actual or potential victim of a criminal violation, a series of violations, or that the bank was used to facilitate a criminal transaction, and the violation aggregates $25,000 or more and the bank cannot identify a suspect.

Where the bank suspects or has reason to suspect currency transactions aggregating $5,000 or more that involves potential money laundering or violations of BSA as follows:

1. The transaction involves funds from illegal activities or is intended to hide or disguise funds from illegal activities.

2. The transaction is designed to evade any of the BSA regulations.

3. The transaction has no business or apparent lawful purpose or is not the type of transaction that the customer would normally conduct, and the transaction is for $5,000 or more.

NOTE: Transaction is defined as a deposit, withdrawal, transfer between accounts, exchange of currency, loan, extension of credit, purchase or sale of any stock, bond, certificate of deposit, or other monetary instrument or investment security, or any other payment, transfer, or delivery by, through, or to a financial institution, by whatever means.

4. Verify that SARs are filed within 30 calendar days of the date of initial detection of the facts that cause the bank to believe a suspicious activity has occurred.

NOTE: The bank may delay filing a SAR for an additional 30 calendar days to identify a suspect. However, the SAR filing cannot be delayed more than 60 calendar days after the date of initial detection of a reportable transaction, even if a suspect is not identified.

5. In situations involving violations that require immediate attention


(e.g., ongoing money laundering) verify that the bank immediately notifies an appropriate law enforcement authority and its primary regulator, in addition to filing a SAR.

6. Review a random sample of SARs that have been filed by the BSA officer since the last review. Verify that information reported is correct and forms are properly completed, as follows:

A. Timeliness of filing:

The report was filed within 30 calendar days of the date of initial detection of the facts that caused the bank to believe a suspicious activity has occurred.

If the report was not filed within 30 days, the filing delay (an additional 30 days) was in order to identify a suspect.

B. The appropriate law enforcement authority was notified by telephone in addition to the filing of the SAR if the suspicious activity required immediate attention.

C. The SAR was sent to FinCEN without supporting documentation.

D. A copy of the report was sent to state and local authorities, if appropriate. (This is not required, but banks are encouraged to do so.)

7. Determine that the bank maintain copies of all SAR filed and any supporting documentation for five years after the date of filing.


PREPARED BY THE STOCKBROKERAGE AND INVESTMENT BANKING COMMITTEE

(Updated as of July 1, 2010)

Preface

About AICPA Audit and Accounting Guides

This AICPA Audit and Accounting Guide has been developed by the AICPA Stockbrokerage and Investment Banking Committee to assist management in the preparation of their financial statements in conformity with U.S. generally accepted accounting principles (GAAP) and to assist auditors in auditing and reporting on such financial statements.

The financial accounting and reporting guidance contained in this guide, when developed by the original task force or committee, was approved by the affirmative vote of at least two-thirds of the members of the Accounting Standards Executive Committee, now the Financial Reporting Executive Committee (FinREC). FinREC is the senior technical body of the AICPA authorized to speak for the AICPA in the areas of financial accounting and reporting. Conforming updates made to the financial accounting and reporting guidance contained in this guide in years subsequent to the original development are reviewed by select FinREC members, among other reviewers where applicable.

This guide does the following:

• Identifies certain requirements set forth in Financial Accounting Standards Board (FASB) Accounting Standards Codification™ (ASC).

• Describes FinREC’s understanding of prevalent or sole industry practice concerning certain issues. In addition, this guide may indicate that FinREC

expresses a preference for the prevalent or sole industry practice, or it may indicate that FinREC expresses a preference for another practice that is not the prevalent or sole industry practice; alternatively, FinREC may express no view on the matter.

• Identifies certain other, but not necessarily all, industry practices concerning certain accounting issues without expressing FinREC’s views on them.

• Provides guidance that has been supported by FinREC on the accounting, reporting, or disclosure treatment of transactions or events that are not set forth in FASB ASC.

Accounting guidance for nongovernmental entities included in an AICPA Audit and Accounting Guide is a source of nonauthoritative accounting guidance. As discussed later in this preface, FASB ASC is the authoritative source of U.S. accounting and reporting standards for nongovernmental entities, in addition to guidance issued by the Securities and Exchange Commission (SEC). Accounting guidance for governmental entities included in an AICPA Audit and Accounting Guide is a source of authoritative accounting guidance described in category (b) of the hierarchy of GAAP for state and local governmental entities, and has been cleared by the Governmental Accounting Standards Board (GASB). AICPA members should be prepared to justify departures from GAAP as discussed in Rule 203, Accounting Principles (AICPA, Professional Standards, vol. 2, ET sec. 203 par. .01).

Auditing guidance included in an AICPA Audit and Accounting Guide is recognized as an interpretive publication pursuant to AU section 150, Generally Accepted Auditing Standards (AICPA, Professional Standards, vol. 1). Interpretive publications are recommendations on the application of Statements on Auditing Standards (SASs) in specific circumstances, including engagements for entities in specialized industries. An interpretive publication is issued under the authority of the Auditing Standards Board (ASB) after all ASB members have been provided an opportunity to consider and comment on whether the proposed interpretive publication is consistent with the SASs. The members of the ASB have found this guide to be consistent with existing SASs.

The auditor should be aware of and consider interpretive publications applicable to his or her audit. If an auditor does not apply the auditing guidance included in an applicable interpretive publication, the auditor should be prepared to explain how he or she complied with the SAS provisions addressed by such auditing guidance.

Recognition Jay D. Hanson, Chair Financial Reporting Executive Committee

Darrel R. Schubert, Chair Auditing Standards Board

• The broker-dealer has notified an accountant who was engaged to give an opinion covering the financial statements to be filed under paragraph (d) that the engagement has been terminated.

• An accountant has notified the broker-dealer that he or she would not continue under an engagement to give an opinion covering the financial statements to be filed under paragraph (d).

• A new accountant has been engaged to give an opinion covering the financial statements to be filed under paragraph (d) without any notice of termination having been given to or by the previously engaged accountant.

3.90 SEC Rule 17a-5 requires the notice to state the date of notification of the termination of the engagement (or notification of the engagement of the new accountant, as applicable) and to state the details of any problems that existed during the 24 months (or the period of the engagement, if less) preceding such termination or new engagement relating to any matter of accounting principles or practices, financial statement disclosure, auditing scope or procedure, or compliance with applicable SEC rules and that, if not resolved to the satisfaction of the former accountant, would have caused him or her to make reference to them in connection with his or her report on the subject matter of the problems. The problems required to be reported include both those resolved to the former accountant's satisfaction and those not resolved to the former accountant's satisfaction. Such problems would include those which occur at the decision-making level, that is, between the broker-dealer's principal financial officers and the accounting firm's personnel responsible for rendering its report.

3.91 The notice should state whether the accountant's report on the financial statements for any of the past two years contained an adverse opinion or a disclaimer of opinion or was qualified concerning uncertainties, audit scope, or accounting principles. The notice should also describe the nature of each such adverse opinion, disclaimer of opinion, or qualification. The broker-dealer should also request the former accountant to furnish the broker-dealer with a letter that is addressed to the SEC that states whether he or she agrees with the statements contained in the notice of the broker-dealer and, if not, states the respects in which he or she does not agree. The broker-dealer should file three copies of the notice and the accountant's letter, one copy of which should be manually signed by the sole proprietor (or a general partner or a duly authorized corporate officer, as appropriate) and by the accountant, respectively.

Antimoney Laundering Regulations fn 22 3.92 The Uniting and Strengthening America by Providing Appropriate Tools

Required to Intercept and Obstruct Terrorism Act of 2001 (the Patriot Act) requires broker-dealers to implement certain recordkeeping and reporting requirements. They should also establish an antimoney laundering (AML) program, which, at a minimum, contains the following components: (1) development of internal policies, procedures, and controls; (2) designation of a compliance officer; (3) an ongoing employee training program; and (4) an

kbossar

Highlight

independent audit function to test programs. 3.93 Broker-dealers are required to establish, document, and maintain a written

customer identification program (CIP). This program should be appropriate for the firm’s size and business, be part of the firm’s AML compliance program, and, at a minimum, should contain the following 4 elements: (1) establishing identity verification procedures; (2) maintaining records related to CIP; (3) determining whether a customer appears on any designated list of terrorists or terrorist organizations; and (4) providing customers with notice that information is being obtained to verify their identities. The CIP rule provides that, under certain defined circumstances, broker-dealers may rely on the performance of another financial institution to fulfill some or all of the requirements of the broker-dealer’s CIP.

3.94 Among other things, these rules require that firms independently test their AML programs. The independent tests should occur on an annual basis for most firms. Many broker-dealers are concerned about the independent testing requirement and its impact on their auditors’ independence. It would be proper for the auditor of the broker-dealer to perform testing of an AML program if it is done in accordance with attestation standards. It can be performed as an agreed upon procedure, or an attestation of management assertions. However, if performed as a consulting service, such as generating work papers, reports for FINRA or New York Stock Exchange (NYSE) to review, the SEC staff believes this would be considered a management function, and therefore would impair the auditor’s independence. Firms may use internal staff as long as they are independent from the AML program itself and have the knowledge they need to effectively evaluate a firm's AML system. However, some firms may find it more cost effective to use a qualified outside party. Training internal staff and establishing procedures to ensure their independence can be expensive. Some small firms have coordinated with other small firms to hire an outside auditor at a reduced group rate. fn ¦¦

Reporting Requirements 3.95 Each broker-dealer reports periodically to its designated examining authority in a

prescribed format, the FOCUS report. Under the rules, broker-dealers are required to file at the end of each calendar quarter a part II or IIA FOCUS report (although, many broker-dealers are required to file at the end of each month). The FOCUS report requires financial information that presents the financial position and results of operations in conformity with U.S. GAAP, fn ## as well as certain regulatory computations.

3.96 The FOCUS report (Form X-17A-5) is composed of the following parts:

• Part I. A monthly report of selected summarized financial and operational data, filed by broker-dealers that carry customer securities accounts or clear securities transactions. (Examining authorities may require other broker-dealers to file part I on a monthly basis.)

• Part II. A report of general-purpose financial information that presents the financial position and the results of operations, supplemental schedules,

kbossar

Highlight

fn 19 AU section 532, Restricting the Use of an Auditor's Report (AICPA, Professional Standards, vol. 1), provides guidance to auditors in determining whether an engagement requires a restricted use report and if so, the elements to include in that report. 46 (Popup - aag-brd3_fn27) fn 20 See footnote 19 in paragraph 3.81. 47 (Popup - aag-brd3_fn28) fn ‡‡ Although the Sarbanes-Oxley Act of 2002 is directed at issuers (as defined by the act) and their auditors, privately held broker-dealers also come under the scope of certain provisions of the act. This is because Section 205(c)(2) of the act amended Section 17 (Commerce and Trade, U.S. Code [USC] Title 15, Section 78q) of the Securities Exchange Act of 1934 to require all broker-dealers (both public and private) to be audited by a public accounting firm registered with the PCAOB. The SEC deferral of this requirement expired on December 31, 2008. Therefore, for fiscal years ending after December 31, 2008, financial statements of nonissuer broker-dealers must be certified by a PCAOB registered public accounting firm. This registration requirement does not change the auditor requirements outlined in Rule 17a-5(g), which requires that audits of nonissuer broker-dealers be performed in accordance with generally accepted auditing standards. See chapter 5, “Auditing Considerations,” for more information. See also footnote * at the chapter title for recent developments. 48 (Popup - aag-brd3_fn29) fn 21 In January 2003, the SEC adopted amendments to its requirements regarding auditor independence to enhance the independence of accountants who audit and review financial statements and prepare attestation reports filed with the SEC. Auditors of privately held broker-dealers are restricted from performing those services specifically excluded by the Sarbanes-Oxley Act of 2002 and are expected to comply with all other SEC independence rules, including those that prohibit bookkeeping and the preparation of financial statements for privately held broker-dealers. SEC answers to frequently asked questions regarding the independence rules can be found at www.sec.gov/info/accountants/ocafaqaudind121304.htm. 49 (Popup - aag-brd3_fn30) fn 22 The SEC has available on its website an antimoney laundering (AML) source tool. It is a compilation of key AML laws, rules, and guidance applicable to broker dealers. The tool organizes the key AML compliance materials and provides related source information. It can be accessed at www.sec.gov/about/offices/ocie/amlsourcetool.htm. 50 (Popup - aag-brd3_fn31) fn ¦¦

kbossar

Highlight

kbossar

Highlight

The SEC approved a FINRA proposed rule change to adopt FINRA Rule 3310, Anti-Money Laundering Compliance Program, on September 10, 2009. This rule, effective January 1, 2010, is substantially the same as the former NASD Rule 3011. However, the rule, as adopted, eliminates the independent testing exception that was in the related NASD rule. 51 (Popup - aag-brd3_fn32) fn ## FINRA Notice 10-12, Guidance on FAS 167 for FOCUS Reporting, provides information received from SEC staff regarding procedures for reporting adjustments on the FOCUS report resulting from an entity’s adoption of Financial Accounting Standards Board (FASB) Statement No. 167, Amendments to FASB Interpretation No. 46(R). The notice is available on the FINRA website at www.finra.org/Industry/Regulation/Notices/2010/P120953. 52 (Popup - aag-brd3_fn33) fn 23 Rule 17a-12, "Reports to Be Made by Certain OTC Derivatives Dealers," includes the requirements for audited annual financial statements of OTC derivatives dealers registered pursuant to Section 15 of the Securities Exchange Act of 1934 under a limited regulatory structure, as discussed in paragraph 3.147 of this guide. 53 (Popup - aag-brd3_fn34) fn 24 The NASD manual is now part of the FINRA transitional rulebook. See footnote 10 in paragraph 3.04. 54 (Popup - aag-brd3_fn35) fn 25 See footnote 19 in paragraph 3.81. 55 (Popup - aag-brd3_fn36) fn 26 See footnote 19 in paragraph 3.81. 56 (Popup - aag-brd3_fn37) fn 27 See the discussion at paragraph 1.47 for more information on Securities Investor Protection Corporation (SIPC). 57 (Popup - aag-brd3_fn38) fn *** The Dodd-Frank Act amended the Securities Investor Protection Act in several areas. Two areas pertain to the SIPC assessment imposed on broker-dealers. See the preface for more information on the SIPC amendments. Also see the SIPC website for the SIPC-7 form, as revised in July 2010 for the abovementioned amendments.

© 2010 FATF/OECD - 1

Financial Action Task Force Groupe d’action financière

FATF 40

Recommendations

October 2003

(incorporating all subsequent amendments until October 2004)

FATF Standards

FATF 40 Recommendations

2 - © 2010 FATF/OECD

INTRODUCTION

Money laundering methods and techniques change in response to developing counter-measures. In

recent years, the Financial Action Task Force (FATF) 1 has noted increasingly sophisticated

combinations of techniques, such as the increased use of legal persons to disguise the true ownership

and control of illegal proceeds, and an increased use of professionals to provide advice and assistance

in laundering criminal funds. These factors, combined with the experience gained through the FATF‟s

Non-Cooperative Countries and Territories process, and a number of national and international

initiatives, led the FATF to review and revise the Forty Recommendations into a new comprehensive

framework for combating money laundering and terrorist financing. The FATF now calls upon all

countries to take the necessary steps to bring their national systems for combating money laundering

and terrorist financing into compliance with the new FATF Recommendations, and to effectively

implement these measures.

The review process for revising the Forty Recommendations was an extensive one, open to FATF

members, non-members, observers, financial and other affected sectors and interested parties. This

consultation process provided a wide range of input, all of which was considered in the review

process.

The revised Forty Recommendations now apply not only to money laundering but also to terrorist

financing, and when combined with the Eight Special Recommendations on Terrorist Financing

provide an enhanced, comprehensive and consistent framework of measures for combating money

laundering and terrorist financing. The FATF recognises that countries have diverse legal and

financial systems and so all cannot take identical measures to achieve the common objective,

especially over matters of detail. The Recommendations therefore set minimum standards for action

for countries to implement the detail according to their particular circumstances and constitutional

frameworks. The Recommendations cover all the measures that national systems should have in place

within their criminal justice and regulatory systems; the preventive measures to be taken by financial

institutions and certain other businesses and professions; and international co-operation.

The original FATF Forty Recommendations were drawn up in 1990 as an initiative to combat the

misuse of financial systems by persons laundering drug money. In 1996 the Recommendations were

revised for the first time to reflect evolving money laundering typologies. The 1996 Forty

Recommendations have been endorsed by more than 130 countries and are the international anti-

money laundering standard.

In October 2001 the FATF expanded its mandate to deal with the issue of the financing of terrorism,

and took the important step of creating the Eight Special Recommendations on Terrorist Financing.

These Recommendations contain a set of measures aimed at combating the funding of terrorist acts

and terrorist organisations, and are complementary to the Forty Recommendations2.

A key element in the fight against money laundering and the financing of terrorism is the need for

countries systems to be monitored and evaluated, with respect to these international standards. The

mutual evaluations conducted by the FATF and FATF-style regional bodies, as well as the

assessments conducted by the IMF and World Bank, are a vital mechanism for ensuring that the

FATF Recommendations are effectively implemented by all countries.

1 The FATF is an inter-governmental body which sets standards, and develops and promotes policies to combat

money laundering and terrorist financing. It currently has 36 members: 34 countries and governments and two

international organisations; and more than 20 observers: five FATF-style regional bodies and more than 15 other

international organisations or bodies. A list of all members and observers can be found on the FATF website at

www.fatf-gafi.org. 2 The FATF Forty and Eight Special Recommendations have been recognised by the International Monetary Fund

and the World Bank as the international standards for combating money laundering and the financing of terrorism.



THE FORTY RECOMMENDATIONS

A. LEGAL SYSTEMS

Scope of the criminal offence of money laundering

1. Countries should criminalise money laundering on the basis of the United Nations Convention

against Illicit Traffic in Narcotic Drugs and Psychotropic Substances, 1988 (the Vienna

Convention) and the United Nations Convention against Transnational Organized Crime, 2000

(the Palermo Convention).

Countries should apply the crime of money laundering to all serious offences, with a view to

including the widest range of predicate offences. Predicate offences may be described by

reference to all offences, or to a threshold linked either to a category of serious offences or to

the penalty of imprisonment applicable to the predicate offence (threshold approach), or to a list

of predicate offences, or a combination of these approaches.

Where countries apply a threshold approach, predicate offences should at a minimum comprise

all offences that fall within the category of serious offences under their national law or should

include offences which are punishable by a maximum penalty of more than one year‟s

imprisonment or for those countries that have a minimum threshold for offences in their legal

system, predicate offences should comprise all offences, which are punished by a minimum

penalty of more than six months imprisonment.

Whichever approach is adopted, each country should at a minimum include a range of offences

within each of the designated categories of offences3.

Predicate offences for money laundering should extend to conduct that occurred in another

country, which constitutes an offence in that country, and which would have constituted a

predicate offence had it occurred domestically. Countries may provide that the only prerequisite

is that the conduct would have constituted a predicate offence had it occurred domestically.

Countries may provide that the offence of money laundering does not apply to persons who

committed the predicate offence, where this is required by fundamental principles of their

domestic law.

2. Countries should ensure that:

a) The intent and knowledge required to prove the offence of money laundering is

consistent with the standards set forth in the Vienna and Palermo Conventions, including

the concept that such mental state may be inferred from objective factual circumstances.

3 See the definition of “designated categories of offences” in the Glossary.



b) Criminal liability, and, where that is not possible, civil or administrative liability, should

apply to legal persons. This should not preclude parallel criminal, civil or administrative

proceedings with respect to legal persons in countries in which such forms of liability are

available. Legal persons should be subject to effective, proportionate and dissuasive

sanctions. Such measures should be without prejudice to the criminal liability of

individuals.

Provisonal measures and confiscation

3. Countries should adopt measures similar to those set forth in the Vienna and Palermo

Conventions, including legislative measures, to enable their competent authorities to confiscate

property laundered, proceeds from money laundering or predicate offences, instrumentalities

used in or intended for use in the commission of these offences, or property of corresponding

value, without prejudicing the rights of bona fide third parties.

Such measures should include the authority to: (a) identify, trace and evaluate property which is

subject to confiscation; (b) carry out provisional measures, such as freezing and seizing, to

prevent any dealing, transfer or disposal of such property; (c) take steps that will prevent or

void actions that prejudice the State‟s ability to recover property that is subject to confiscation;

and (d) take any appropriate investigative measures.

Countries may consider adopting measures that allow such proceeds or instrumentalities to be

confiscated without requiring a criminal conviction, or which require an offender to

demonstrate the lawful origin of the property alleged to be liable to confiscation, to the extent

that such a requirement is consistent with the principles of their domestic law.

B. MEASURES TO BE TAKEN BY FINANCIAL INSTITUTIONS AND NON-

FINANCIAL BUSINESSES AND PROFESSIONS TO PREVENT MONEY

LAUNDERING AND TERRORIST FINANCING

4. Countries should ensure that financial institution secrecy laws do not inhibit implementation of

the FATF Recommendations.

Customer due diligence and record-keeping

5.* Financial institutions should not keep anonymous accounts or accounts in obviously fictitious

names.

Financial institutions should undertake customer due diligence measures, including identifying

and verifying the identity of their customers, when:

establishing business relations;

carrying out occasional transactions: (i) above the applicable designated threshold; or (ii)

that are wire transfers in the circumstances covered by the Interpretative Note to Special

Recommendation VII;

there is a suspicion of money laundering or terrorist financing; or

the financial institution has doubts about the veracity or adequacy of previously obtained

customer identification data.



The customer due diligence (CDD) measures to be taken are as follows:

a) Identifying the customer and verifying that customer‟s identity using reliable, independent

source documents, data or information4.

b) Identifying the beneficial owner, and taking reasonable measures to verify the identity of the

beneficial owner such that the financial institution is satisfied that it knows who the

beneficial owner is. For legal persons and arrangements this should include financial

institutions taking reasonable measures to understand the ownership and control structure of

the customer.

c) Obtaining information on the purpose and intended nature of the business relationship.

d) Conducting ongoing due diligence on the business relationship and scrutiny of transactions

undertaken throughout the course of that relationship to ensure that the transactions being

conducted are consistent with the institution‟s knowledge of the customer, their business and

risk profile, including, where necessary, the source of funds.

Financial institutions should apply each of the CDD measures under (a) to (d) above, but may

determine the extent of such measures on a risk sensitive basis depending on the type of

customer, business relationship or transaction. The measures that are taken should be consistent

with any guidelines issued by competent authorities. For higher risk categories, financial

institutions should perform enhanced due diligence. In certain circumstances, where there are

low risks, countries may decide that financial institutions can apply reduced or simplified

measures.

Financial institutions should verify the identity of the customer and beneficial owner before or

during the course of establishing a business relationship or conducting transactions for

occasional customers. Countries may permit financial institutions to complete the verification

as soon as reasonably practicable following the establishment of the relationship, where the

money laundering risks are effectively managed and where this is essential not to interrupt the

normal conduct of business.

Where the financial institution is unable to comply with paragraphs (a) to (c) above, it should

not open the account, commence business relations or perform the transaction; or should

terminate the business relationship; and should consider making a suspicious transactions report

in relation to the customer.

These requirements should apply to all new customers, though financial institutions should also

apply this Recommendation to existing customers on the basis of materiality and risk, and

should conduct due diligence on such existing relationships at appropriate times.

6.* Financial institutions should, in relation to politically exposed persons, in addition to performing

normal due diligence measures:

a) Have appropriate risk management systems to determine whether the customer is a

politically exposed person.

4 Reliable, independent source documents, data or information will hereafter be referred to as “identification

data”.

* Recommendations marked with an asterisk should be read in conjunction with their Interpretative Note.



b) Obtain senior management approval for establishing business relationships with such

customers.

c) Take reasonable measures to establish the source of wealth and source of funds.

d) Conduct enhanced ongoing monitoring of the business relationship.

7. Financial institutions should, in relation to cross-border correspondent banking and other

similar relationships, in addition to performing normal due diligence measures:

a) Gather sufficient information about a respondent institution to understand fully the nature

of the respondent‟s business and to determine from publicly available information the

reputation of the institution and the quality of supervision, including whether it has been

subject to a money laundering or terrorist financing investigation or regulatory action.

b) Assess the respondent institution‟s anti-money laundering and terrorist financing

controls.

c) Obtain approval from senior management before establishing new correspondent

relationships.

d) Document the respective responsibilities of each institution.

e) With respect to “payable-through accounts”, be satisfied that the respondent bank has

verified the identity of and performed on-going due diligence on the customers having

direct access to accounts of the correspondent and that it is able to provide relevant

customer identification data upon request to the correspondent bank.

8. Financial institutions should pay special attention to any money laundering threats that may

arise from new or developing technologies that might favour anonymity, and take measures, if

needed, to prevent their use in money laundering schemes. In particular, financial institutions

should have policies and procedures in place to address any specific risks associated with non-

face to face business relationships or transactions.

9.* Countries may permit financial institutions to rely on intermediaries or other third parties to

perform elements (a) – (c) of the CDD process or to introduce business, provided that the

criteria set out below are met. Where such reliance is permitted, the ultimate responsibility for

customer identification and verification remains with the financial institution relying on the

third party.

The criteria that should be met are as follows:

a) A financial institution relying upon a third party should immediately obtain the necessary

information concerning elements (a) – (c) of the CDD process. Financial institutions

should take adequate steps to satisfy themselves that copies of identification data and

other relevant documentation relating to the CDD requirements will be made available

from the third party upon request without delay.

b) The financial institution should satisfy itself that the third party is regulated and

supervised for, and has measures in place to comply with CDD requirements in line with

Recommendations 5 and 10.



It is left to each country to determine in which countries the third party that meets the

conditions can be based, having regard to information available on countries that do not or do

not adequately apply the FATF Recommendations.

10.* Financial institutions should maintain, for at least five years, all necessary records on

transactions, both domestic or international, to enable them to comply swiftly with information

requests from the competent authorities. Such records must be sufficient to permit

reconstruction of individual transactions (including the amounts and types of currency involved

if any) so as to provide, if necessary, evidence for prosecution of criminal activity.

Financial institutions should keep records on the identification data obtained through the

customer due diligence process (e.g. copies or records of official identification documents like

passports, identity cards, driving licenses or similar documents), account files and business

correspondence for at least five years after the business relationship is ended.

The identification data and transaction records should be available to domestic competent

authorities upon appropriate authority.

11.* Financial institutions should pay special attention to all complex, unusual large transactions,

and all unusual patterns of transactions, which have no apparent economic or visible lawful

purpose. The background and purpose of such transactions should, as far as possible, be

examined, the findings established in writing, and be available to help competent authorities

and auditors.

12.* The customer due diligence and record-keeping requirements set out in Recommendations 5, 6,

and 8 to 11 apply to designated non-financial businesses and professions in the following

situations:

a) Casinos – when customers engage in financial transactions equal to or above the

applicable designated threshold.

b) Real estate agents - when they are involved in transactions for their client concerning the

buying and selling of real estate.

c) Dealers in precious metals and dealers in precious stones - when they engage in any cash

transaction with a customer equal to or above the applicable designated threshold.

d) Lawyers, notaries, other independent legal professionals and accountants when they

prepare for or carry out transactions for their client concerning the following activities:

buying and selling of real estate;

managing of client money, securities or other assets;

management of bank, savings or securities accounts;

organisation of contributions for the creation, operation or management of

companies;

creation, operation or management of legal persons or arrangements, and buying and

selling of business entities.

e) Trust and company service providers when they prepare for or carry out transactions for

a client concerning the activities listed in the definition in the Glossary.



Reporting of suspicious transactions and compliance

13.* If a financial institution suspects or has reasonable grounds to suspect that funds are the

proceeds of a criminal activity, or are related to terrorist financing, it should be required,

directly by law or regulation, to report promptly its suspicions to the financial intelligence unit

(FIU).

14.* Financial institutions, their directors, officers and employees should be:

a) Protected by legal provisions from criminal and civil liability for breach of any

restriction on disclosure of information imposed by contract or by any legislative,

regulatory or administrative provision, if they report their suspicions in good faith to the

FIU, even if they did not know precisely what the underlying criminal activity was, and

regardless of whether illegal activity actually occurred.

b) Prohibited by law from disclosing the fact that a suspicious transaction report (STR) or

related information is being reported to the FIU.

15.* Financial institutions should develop programmes against money laundering and terrorist

financing. These programmes should include:

a) The development of internal policies, procedures and controls, including appropriate

compliance management arrangements, and adequate screening procedures to ensure

high standards when hiring employees.

b) An ongoing employee training programme.

c) An audit function to test the system.

16.* The requirements set out in Recommendations 13 to 15, and 21 apply to all designated non-

financial businesses and professions, subject to the following qualifications:

a) Lawyers, notaries, other independent legal professionals and accountants should be

required to report suspicious transactions when, on behalf of or for a client, they engage

in a financial transaction in relation to the activities described in Recommendation 12(d).

Countries are strongly encouraged to extend the reporting requirement to the rest of the

professional activities of accountants, including auditing.

b) Dealers in precious metals and dealers in precious stones should be required to report

suspicious transactions when they engage in any cash transaction with a customer equal

to or above the applicable designated threshold.

c) Trust and company service providers should be required to report suspicious transactions

for a client when, on behalf of or for a client, they engage in a transaction in relation to

the activities referred to Recommendation 12(e).

Lawyers, notaries, other independent legal professionals, and accountants acting as independent

legal professionals, are not required to report their suspicions if the relevant information was

obtained in circumstances where they are subject to professional secrecy or legal professional

privilege.



Other measures to deter money laundering and terrorist financing

17. Countries should ensure that effective, proportionate and dissuasive sanctions, whether

criminal, civil or administrative, are available to deal with natural or legal persons covered by

these Recommendations that fail to comply with anti-money laundering or terrorist financing

requirements.

18. Countries should not approve the establishment or accept the continued operation of shell

banks. Financial institutions should refuse to enter into, or continue, a correspondent banking

relationship with shell banks. Financial institutions should also guard against establishing

relations with respondent foreign financial institutions that permit their accounts to be used by

shell banks.

19. Countries should consider the feasibility and utility of a system where banks and other financial

institutions and intermediaries would report all domestic and international currency transactions

above a fixed amount, to a national central agency with a computerised data base, available to

competent authorities for use in money laundering or terrorist financing cases, subject to strict

safeguards to ensure proper use of the information.

20. Countries should consider applying the FATF Recommendations to businesses and professions,

other than designated non-financial businesses and professions, that pose a money laundering

or terrorist financing risk.

Countries should further encourage the development of modern and secure techniques of

money management that are less vulnerable to money laundering.

Measures to be taken with respect to countries that do not or insufficiently comply with the FATF

Recommendations

21. Financial institutions should give special attention to business relationships and transactions

with persons, including companies and financial institutions, from countries which do not or

insufficiently apply the FATF Recommendations. Whenever these transactions have no

apparent economic or visible lawful purpose, their background and purpose should, as far as

possible, be examined, the findings established in writing, and be available to help competent

authorities. Where such a country continues not to apply or insufficiently applies the FATF

Recommendations, countries should be able to apply appropriate countermeasures.

22. Financial institutions should ensure that the principles applicable to financial institutions, which

are mentioned above are also applied to branches and majority owned subsidiaries located

abroad, especially in countries which do not or insufficiently apply the FATF

Recommendations, to the extent that local applicable laws and regulations permit. When local

applicable laws and regulations prohibit this implementation, competent authorities in the

country of the parent institution should be informed by the financial institutions that they

cannot apply the FATF Recommendations.

Regulation and supervision

23.* Countries should ensure that financial institutions are subject to adequate regulation and

supervision and are effectively implementing the FATF Recommendations. Competent


10 - © 2010 FATF/OECD

authorities should take the necessary legal or regulatory measures to prevent criminals or their

associates from holding or being the beneficial owner of a significant or controlling interest or

holding a management function in a financial institution.

For financial institutions subject to the Core Principles, the regulatory and supervisory

measures that apply for prudential purposes and which are also relevant to money laundering,

should apply in a similar manner for anti-money laundering and terrorist financing purposes.

Other financial institutions should be licensed or registered and appropriately regulated, and

subject to supervision or oversight for anti-money laundering purposes, having regard to the

risk of money laundering or terrorist financing in that sector. At a minimum, businesses

providing a service of money or value transfer, or of money or currency changing should be

licensed or registered, and subject to effective systems for monitoring and ensuring compliance

with national requirements to combat money laundering and terrorist financing.

24. Designated non-financial businesses and professions should be subject to regulatory and

supervisory measures as set out below.

a) Casinos should be subject to a comprehensive regulatory and supervisory regime that

ensures that they have effectively implemented the necessary anti-money laundering and

terrorist-financing measures. At a minimum:

casinos should be licensed;

competent authorities should take the necessary legal or regulatory measures to

prevent criminals or their associates from holding or being the beneficial owner of a

significant or controlling interest, holding a management function in, or being an

operator of a casino

competent authorities should ensure that casinos are effectively supervised for

compliance with requirements to combat money laundering and terrorist financing.

b) Countries should ensure that the other categories of designated non-financial businesses

and professions are subject to effective systems for monitoring and ensuring their

compliance with requirements to combat money laundering and terrorist financing. This

should be performed on a risk-sensitive basis. This may be performed by a government

authority or by an appropriate self-regulatory organisation, provided that such an

organisation can ensure that its members comply with their obligations to combat money

laundering and terrorist financing.

25.* The competent authorities should establish guidelines, and provide feedback which will assist

financial institutions and designated non-financial businesses and professions in applying

national measures to combat money laundering and terrorist financing, and in particular, in

detecting and reporting suspicious transactions.

C. INSTITUTIONAL AND OTHER MEASURES NECESSARY IN SYSTEMS FOR

COMBATING MONEY LAUNDERING AND TERRORIST FINANCING

Competent authorities, their powers and resources

26.* Countries should establish a FIU that serves as a national centre for the receiving (and, as

permitted, requesting), analysis and dissemination of STR and other information regarding


© 2010 FATF/OECD - 11

potential money laundering or terrorist financing. The FIU should have access, directly or

indirectly, on a timely basis to the financial, administrative and law enforcement information

that it requires to properly undertake its functions, including the analysis of STR.

27.* Countries should ensure that designated law enforcement authorities have responsibility for

money laundering and terrorist financing investigations. Countries are encouraged to support

and develop, as far as possible, special investigative techniques suitable for the investigation of

money laundering, such as controlled delivery, undercover operations and other relevant

techniques. Countries are also encouraged to use other effective mechanisms such as the use of

permanent or temporary groups specialised in asset investigation, and co-operative

investigations with appropriate competent authorities in other countries.

28. When conducting investigations of money laundering and underlying predicate offences,

competent authorities should be able to obtain documents and information for use in those

investigations, and in prosecutions and related actions. This should include powers to use

compulsory measures for the production of records held by financial institutions and other

persons, for the search of persons and premises, and for the seizure and obtaining of evidence.

29. Supervisors should have adequate powers to monitor and ensure compliance by financial

institutions with requirements to combat money laundering and terrorist financing, including

the authority to conduct inspections. They should be authorised to compel production of any

information from financial institutions that is relevant to monitoring such compliance, and to

impose adequate administrative sanctions for failure to comply with such requirements.

30. Countries should provide their competent authorities involved in combating money laundering

and terrorist financing with adequate financial, human and technical resources. Countries

should have in place processes to ensure that the staff of those authorities are of high integrity.

31. Countries should ensure that policy makers, the FIU, law enforcement and supervisors have

effective mechanisms in place which enable them to co-operate, and where appropriate co-

ordinate domestically with each other concerning the development and implementation of

policies and activities to combat money laundering and terrorist financing.

32. Countries should ensure that their competent authorities can review the effectiveness of their

systems to combat money laundering and terrorist financing systems by maintaining

comprehensive statistics on matters relevant to the effectiveness and efficiency of such systems.

This should include statistics on the STR received and disseminated; on money laundering and

terrorist financing investigations, prosecutions and convictions; on property frozen, seized and

confiscated; and on mutual legal assistance or other international requests for co-operation.

Transparency of legal persons and arrangements

33. Countries should take measures to prevent the unlawful use of legal persons by money

launderers. Countries should ensure that there is adequate, accurate and timely information on

the beneficial ownership and control of legal persons that can be obtained or accessed in a

timely fashion by competent authorities. In particular, countries that have legal persons that

are able to issue bearer shares should take appropriate measures to ensure that they are not

misused for money laundering and be able to demonstrate the adequacy of those measures.


12 - © 2010 FATF/OECD

Countries could consider measures to facilitate access to beneficial ownership and control

information to financial institutions undertaking the requirements set out in Recommendation 5.

34. Countries should take measures to prevent the unlawful use of legal arrangements by money

launderers. In particular, countries should ensure that there is adequate, accurate and timely

information on express trusts, including information on the settlor, trustee and beneficiaries,

that can be obtained or accessed in a timely fashion by competent authorities. Countries could

consider measures to facilitate access to beneficial ownership and control information to

financial institutions undertaking the requirements set out in Recommendation 5.

D. INTERNATIONAL CO-OPERATION

35. Countries should take immediate steps to become party to and implement fully the Vienna

Convention, the Palermo Convention, and the 1999 United Nations International Convention

for the Suppression of the Financing of Terrorism. Countries are also encouraged to ratify and

implement other relevant international conventions, such as the 1990 Council of Europe

Convention on Laundering, Search, Seizure and Confiscation of the Proceeds from Crime and

the 2002 Inter-American Convention against Terrorism.

Mutual legal assistance and extradition

36. Countries should rapidly, constructively and effectively provide the widest possible range of

mutual legal assistance in relation to money laundering and terrorist financing investigations,

prosecutions, and related proceedings. In particular, countries should:

a) Not prohibit or place unreasonable or unduly restrictive conditions on the provision of

mutual legal assistance.

b) Ensure that they have clear and efficient processes for the execution of mutual legal

assistance requests.

c) Not refuse to execute a request for mutual legal assistance on the sole ground that the

offence is also considered to involve fiscal matters.

d) Not refuse to execute a request for mutual legal assistance on the grounds that laws

require financial institutions to maintain secrecy or confidentiality.

Countries should ensure that the powers of their competent authorities required under

Recommendation 28 are also available for use in response to requests for mutual legal

assistance, and if consistent with their domestic framework, in response to direct requests from

foreign judicial or law enforcement authorities to domestic counterparts.

To avoid conflicts of jurisdiction, consideration should be given to devising and applying

mechanisms for determining the best venue for prosecution of defendants in the interests of

justice in cases that are subject to prosecution in more than one country.

37. Countries should, to the greatest extent possible, render mutual legal assistance notwithstanding

the absence of dual criminality.

Where dual criminality is required for mutual legal assistance or extradition, that requirement

should be deemed to be satisfied regardless of whether both countries place the offence within


© 2010 FATF/OECD - 13

the same category of offence or denominate the offence by the same terminology, provided that

both countries criminalise the conduct underlying the offence.

38.* There should be authority to take expeditious action in response to requests by foreign countries

to identify, freeze, seize and confiscate property laundered, proceeds from money laundering or

predicate offences, instrumentalities used in or intended for use in the commission of these

offences, or property of corresponding value. There should also be arrangements for co-

ordinating seizure and confiscation proceedings, which may include the sharing of confiscated

assets.

39. Countries should recognise money laundering as an extraditable offence. Each country should

either extradite its own nationals, or where a country does not do so solely on the grounds of

nationality, that country should, at the request of the country seeking extradition, submit the

case without undue delay to its competent authorities for the purpose of prosecution of the

offences set forth in the request. Those authorities should take their decision and conduct their

proceedings in the same manner as in the case of any other offence of a serious nature under the

domestic law of that country. The countries concerned should cooperate with each other, in

particular on procedural and evidentiary aspects, to ensure the efficiency of such prosecutions.

Subject to their legal frameworks, countries may consider simplifying extradition by allowing

direct transmission of extradition requests between appropriate ministries, extraditing persons

based only on warrants of arrests or judgements, and/or introducing a simplified extradition of

consenting persons who waive formal extradition proceedings.

Other forms of co-operation

40.* Countries should ensure that their competent authorities provide the widest possible range of

international co-operation to their foreign counterparts. There should be clear and effective

gateways to facilitate the prompt and constructive exchange directly between counterparts,

either spontaneously or upon request, of information relating to both money laundering and the

underlying predicate offences. Exchanges should be permitted without unduly restrictive

conditions. In particular:

a) Competent authorities should not refuse a request for assistance on the sole ground that

the request is also considered to involve fiscal matters.

b) Countries should not invoke laws that require financial institutions to maintain secrecy or

confidentiality as a ground for refusing to provide co-operation.

c) Competent authorities should be able to conduct inquiries; and where possible,

investigations; on behalf of foreign counterparts.

Where the ability to obtain information sought by a foreign competent authority is not within

the mandate of its counterpart, countries are also encouraged to permit a prompt and

constructive exchange of information with non-counterparts. Co-operation with foreign

authorities other than counterparts could occur directly or indirectly. When uncertain about the

appropriate avenue to follow, competent authorities should first contact their foreign

counterparts for assistance.


14 - © 2010 FATF/OECD

Countries should establish controls and safeguards to ensure that information exchanged by

competent authorities is used only in an authorised manner, consistent with their obligations

concerning privacy and data protection.


© 2010 FATF/OECD - 15

GLOSSARY

In these Recommendations the following abbreviations and references are used:

“Beneficial owner” refers to the natural person(s) who ultimately owns or controls a customer and/or

the person on whose behalf a transaction is being conducted. It also incorporates those persons who

exercise ultimate effective control over a legal person or arrangement.

“Core Principles” refers to the Core Principles for Effective Banking Supervision issued by the Basel

Committee on Banking Supervision, the Objectives and Principles for Securities Regulation issued by

the International Organization of Securities Commissions, and the Insurance Supervisory Principles

issued by the International Association of Insurance Supervisors.

“Designated categories of offences” means:

participation in an organised criminal group and racketeering;

terrorism, including terrorist financing;

trafficking in human beings and migrant smuggling;

sexual exploitation, including sexual exploitation of children;

illicit trafficking in narcotic drugs and psychotropic substances;

illicit arms trafficking;

illicit trafficking in stolen and other goods;

corruption and bribery;

fraud;

counterfeiting currency;

counterfeiting and piracy of products;

environmental crime;

murder, grievous bodily injury;

kidnapping, illegal restraint and hostage-taking;

robbery or theft;

smuggling;

extortion;

forgery;

piracy; and

insider trading and market manipulation.

When deciding on the range of offences to be covered as predicate offences under each of the

categories listed above, each country may decide, in accordance with its domestic law, how it will

define those offences and the nature of any particular elements of those offences that make them

serious offences.

“Designated non-financial businesses and professions” means:

a) Casinos (which also includes internet casinos).


16 - © 2010 FATF/OECD

b) Real estate agents.

c) Dealers in precious metals.

d) Dealers in precious stones.

e) Lawyers, notaries, other independent legal professionals and accountants – this refers to sole

practitioners, partners or employed professionals within professional firms. It is not meant to

refer to „internal‟ professionals that are employees of other types of businesses, nor to

professionals working for government agencies, who may already be subject to measures that

would combat money laundering.

f) Trust and Company Service Providers refers to all persons or businesses that are not covered

elsewhere under these Recommendations, and which as a business, provide any of the

following services to third parties:

acting as a formation agent of legal persons;

acting as (or arranging for another person to act as) a director or secretary of a company,

a partner of a partnership, or a similar position in relation to other legal persons;

providing a registered office; business address or accommodation, correspondence or

administrative address for a company, a partnership or any other legal person or

arrangement;

acting as (or arranging for another person to act as) a trustee of an express trust;

acting as (or arranging for another person to act as) a nominee shareholder for another

person.

“Designated threshold” refers to the amount set out in the Interpretative Notes.

“Financial institutions” means any person or entity who conducts as a business one or more of the

following activities or operations for or on behalf of a customer:

1. Acceptance of deposits and other repayable funds from the public.5

2. Lending.6

3. Financial leasing.7

4. The transfer of money or value.8

5. Issuing and managing means of payment (e.g. credit and debit cards, cheques, traveller's

cheques, money orders and bankers' drafts, electronic money).

6. Financial guarantees and commitments.

7. Trading in:

(a) money market instruments (cheques, bills, CDs, derivatives etc.);

(b) foreign exchange;

5 This also captures private banking.

6 This includes inter alia: consumer credit; mortgage credit; factoring, with or without recourse; and finance of

commercial transactions (including forfaiting).

7 This does not extend to financial leasing arrangements in relation to consumer products.

8 This applies to financial activity in both the formal or informal sector e.g. alternative remittance activity. See

the Interpretative Note to Special Recommendation VI. It does not apply to any natural or legal person that

provides financial institutions solely with message or other support systems for transmitting funds. See the

Interpretative Note to Special Recommendation VII.


© 2010 FATF/OECD - 17

(c) exchange, interest rate and index instruments;

(d) transferable securities;

(e) commodity futures trading.

8. Participation in securities issues and the provision of financial services related to such

issues.

9. Individual and collective portfolio management.

10. Safekeeping and administration of cash or liquid securities on behalf of other persons.

11. Otherwise investing, administering or managing funds or money on behalf of other persons.

12. Underwriting and placement of life insurance and other investment related insurance9.

13. Money and currency changing.

When a financial activity is carried out by a person or entity on an occasional or very limited basis

(having regard to quantitative and absolute criteria) such that there is little risk of money

laundering activity occurring, a country may decide that the application of anti-money laundering

measures is not necessary, either fully or partially.

In strictly limited and justified circumstances, and based on a proven low risk of money

laundering, a country may decide not to apply some or all of the Forty Recommendations to some

of the financial activities stated above.

“FIU” means financial intelligence unit.

“Legal arrangements” refers to express trusts or other similar legal arrangements.

“Legal persons” refers to bodies corporate, foundations, anstalt, partnerships, or associations, or any

similar bodies that can establish a permanent customer relationship with a financial institution or

otherwise own property.

“Payable-through accounts” refers to correspondent accounts that are used directly by third parties

to transact business on their own behalf.

“Politically Exposed Persons” (PEPs) are individuals who are or have been entrusted with prominent

public functions in a foreign country, for example Heads of State or of government, senior politicians,

senior government, judicial or military officials, senior executives of state owned corporations,

important political party officials. Business relationships with family members or close associates of

PEPs involve reputational risks similar to those with PEPs themselves. The definition is not intended

to cover middle ranking or more junior individuals in the foregoing categories.

“Shell bank” means a bank incorporated in a jurisdiction in which it has no physical presence and

which is unaffiliated with a regulated financial group.

“STR” refers to suspicious transaction reports.

“Supervisors” refers to the designated competent authorities responsible for ensuring compliance by

financial institutions with requirements to combat money laundering and terrorist financing.

“the FATF Recommendations” refers to these Recommendations and to the FATF Special

Recommendations on Terrorist Financing.

9 This applies both to insurance undertakings and to insurance intermediaries (agents and brokers).


18 - © 2010 FATF/OECD

INTERPRETATIVE NOTES

General

1. Reference in this document to “countries” should be taken to apply equally to “territories” or

“jurisdictions”.

2. Recommendations 5-16 and 21-22 state that financial institutions or designated non-financial

businesses and professions should take certain actions. These references require countries to

take measures that will oblige financial institutions or designated non-financial businesses and

professions to comply with each Recommendation. The basic obligations under

Recommendations 5, 10 and 13 should be set out in law or regulation, while more detailed

elements in those Recommendations, as well as obligations under other Recommendations,

could be required either by law or regulation or by other enforceable means issued by a

competent authority.

3. Where reference is made to a financial institution being satisfied as to a matter, that institution

must be able to justify its assessment to competent authorities.

4. To comply with Recommendations 12 and 16, countries do not need to issue laws or

regulations that relate exclusively to lawyers, notaries, accountants and the other designated

non-financial businesses and professions so long as these businesses or professions are included

in laws or regulations covering the underlying activities.

5. The Interpretative Notes that apply to financial institutions are also relevant to designated non-

financial businesses and professions, where applicable.

Recommendations 5, 12 and 16

The designated thresholds for transactions (under Recommendations 5 and 12) are as follows:

Financial institutions (for occasional customers under Recommendation 5) -

USD/EUR 15 000.

Casinos, including internet casinos (under Recommendation 12) - USD/EUR 3 000

For dealers in precious metals and dealers in precious stones when engaged in any cash

transaction (under Recommendations 12 and 16) - USD/EUR 15 000.

Financial transactions above a designated threshold include situations where the transaction is carried

out in a single operation or in several operations that appear to be linked.


© 2010 FATF/OECD - 19

Recommendation 5

Customer due diligence and tipping off

1. If, during the establishment or course of the customer relationship, or when conducting

occasional transactions, a financial institution suspects that transactions relate to money

laundering or terrorist financing, then the institution should:

a) Normally seek to identify and verify the identity of the customer and the beneficial

owner, whether permanent or occasional, and irrespective of any exemption or any

designated threshold that might otherwise apply.

b) Make a STR to the FIU in accordance with Recommendation 13.

2. Recommendation 14 prohibits financial institutions, their directors, officers and employees

from disclosing the fact that an STR or related information is being reported to the FIU. A risk

exists that customers could be unintentionally tipped off when the financial institution is

seeking to perform its customer due diligence (CDD) obligations in these circumstances. The

customer‟s awareness of a possible STR or investigation could compromise future efforts to

investigate the suspected money laundering or terrorist financing operation.

3. Therefore, if financial institutions form a suspicion that transactions relate to money laundering

or terrorist financing, they should take into account the risk of tipping off when performing the

customer due diligence process. If the institution reasonably believes that performing the CDD

process will tip-off the customer or potential customer, it may choose not to pursue that

process, and should file an STR. Institutions should ensure that their employees are aware of

and sensitive to these issues when conducting CDD.

CDD for legal persons and arrangements

4. When performing elements (a) and (b) of the CDD process in relation to legal persons or

arrangements, financial institutions should:

a) Verify that any person purporting to act on behalf of the customer is so authorised, and

identify that person.

b) Identify the customer and verify its identity - the types of measures that would be

normally needed to satisfactorily perform this function would require obtaining proof of

incorporation or similar evidence of the legal status of the legal person or arrangement,

as well as information concerning the customer‟s name, the names of trustees, legal

form, address, directors, and provisions regulating the power to bind the legal person or

arrangement.

c) Identify the beneficial owners, including forming an understanding of the ownership and

control structure, and take reasonable measures to verify the identity of such persons.

The types of measures that would be normally needed to satisfactorily perform this

function would require identifying the natural persons with a controlling interest and

identifying the natural persons who comprise the mind and management of the legal

person or arrangement. Where the customer or the owner of the controlling interest is a

public company that is subject to regulatory disclosure requirements, it is not necessary

to seek to identify and verify the identity of any shareholder of that company.


20 - © 2010 FATF/OECD

The relevant information or data may be obtained from a public register, from the customer or

from other reliable sources.

Reliance on identification and verification already performed

5. The CDD measures set out in Recommendation 5 do not imply that financial institutions have

to repeatedly identify and verify the identity of each customer every time that a customer

conducts a transaction. An institution is entitled to rely on the identification and verification

steps that it has already undertaken unless it has doubts about the veracity of that information.

Examples of situations that might lead an institution to have such doubts could be where there

is a suspicion of money laundering in relation to that customer, or where there is a material

change in the way that the customer‟s account is operated which is not consistent with the

customer‟s business profile.

Timing of verification

6. Examples of the types of circumstances where it would be permissible for verification to be

completed after the establishment of the business relationship, because it would be essential not

to interrupt the normal conduct of business include:

Non face-to-face business.

Securities transactions. In the securities industry, companies and intermediaries may be

required to perform transactions very rapidly, according to the market conditions at the

time the customer is contacting them, and the performance of the transaction may be

required before verification of identity is completed.

Life insurance business. In relation to life insurance business, countries may permit the

identification and verification of the beneficiary under the policy to take place after having

established the business relationship with the policyholder. However, in all such cases,

identification and verification should occur at or before the time of payout or the time

where the beneficiary intends to exercise vested rights under the policy.

7. Financial institutions will also need to adopt risk management procedures with respect to the

conditions under which a customer may utilise the business relationship prior to verification.

These procedures should include a set of measures such as a limitation of the number, types

and/or amount of transactions that can be performed and the monitoring of large or complex

transactions being carried out outside of expected norms for that type of relationship. Financial

institutions should refer to the Basel CDD paper10

(section 2.2.6.) for specific guidance on

examples of risk management measures for non-face to face business.

Requirement to identify existing customers

8. The principles set out in the Basel CDD paper concerning the identification of existing

customers should serve as guidance when applying customer due diligence processes to

institutions engaged in banking activity, and could apply to other financial institutions where

relevant.

10

“Basel CDD paper” refers to the guidance paper on Customer Due Diligence for Banks issued by the Basel

Committee on Banking Supervision in October 2001.


© 2010 FATF/OECD - 21

Simplified or reduced CDD measures

9. The general rule is that customers must be subject to the full range of CDD measures, including

the requirement to identify the beneficial owner. Nevertheless there are circumstances where

the risk of money laundering or terrorist financing is lower, where information on the identity

of the customer and the beneficial owner of a customer is publicly available, or where adequate

checks and controls exist elsewhere in national systems. In such circumstances it could be

reasonable for a country to allow its financial institutions to apply simplified or reduced CDD

measures when identifying and verifying the identity of the customer and the beneficial owner.

10. Examples of customers where simplified or reduced CDD measures could apply are:

Financial institutions – where they are subject to requirements to combat money

laundering and terrorist financing consistent with the FATF Recommendations and are

supervised for compliance with those controls.

Public companies that are subject to regulatory disclosure requirements.

Government administrations or enterprises.

11. Simplified or reduced CDD measures could also apply to the beneficial owners of pooled

accounts held by designated non financial businesses or professions provided that those

businesses or professions are subject to requirements to combat money laundering and terrorist

financing consistent with the FATF Recommendations and are subject to effective systems for

monitoring and ensuring their compliance with those requirements. Banks should also refer to

the Basel CDD paper (section 2.2.4.), which provides specific guidance concerning situations

where an account holding institution may rely on a customer that is a professional financial

intermediary to perform the customer due diligence on his or its own customers (i.e. the

beneficial owners of the bank account). Where relevant, the CDD Paper could also provide

guidance in relation to similar accounts held by other types of financial institutions.

12. Simplified CDD or reduced measures could also be acceptable for various types of products or

transactions such as (examples only):

Life insurance policies where the annual premium is no more than USD/EUR 1 000 or a

single premium of no more than USD/EUR 2 500.

Insurance policies for pension schemes if there is no surrender clause and the policy

cannot be used as collateral.

A pension, superannuation or similar scheme that provides retirement benefits to

employees, where contributions are made by way of deduction from wages and the scheme

rules do not permit the assignment of a member‟s interest under the scheme.

13. Countries could also decide whether financial institutions could apply these simplified

measures only to customers in its own jurisdiction or allow them to do for customers from any

other jurisdiction that the original country is satisfied is in compliance with and has effectively

implemented the FATF Recommendations.

Simplified CDD measures are not acceptable whenever there is suspicion of money laundering

or terrorist financing or specific higher risk scenarios apply.


22 - © 2010 FATF/OECD

Recommendation 6

Countries are encouraged to extend the requirements of Recommendation 6 to individuals who hold

prominent public functions in their own country.

Recommendation 9

This Recommendation does not apply to outsourcing or agency relationships.

This Recommendation also does not apply to relationships, accounts or transactions between financial

institutions for their clients. Those relationships are addressed by Recommendations 5 and 7.

Recommendations 10 and 11

In relation to insurance business, the word “transactions” should be understood to refer to the

insurance product itself, the premium payment and the benefits.

Recommendation 13

1. The reference to criminal activity in Recommendation 13 refers to:

a) all criminal acts that would constitute a predicate offence for money laundering in the

jurisdiction; or

b) at a minimum to those offences that would constitute a predicate offence as required by

Recommendation 1.

Countries are strongly encouraged to adopt alternative (a). All suspicious transactions,

including attempted transactions, should be reported regardless of the amount of the

transaction.

2. In implementing Recommendation 13, suspicious transactions should be reported by financial

institutions regardless of whether they are also thought to involve tax matters. Countries should

take into account that, in order to deter financial institutions from reporting a suspicious

transaction, money launderers may seek to state inter alia that their transactions relate to tax

matters.

Recommendation 14 (tipping off)

Where lawyers, notaries, other independent legal professionals and accountants acting as independent

legal professionals seek to dissuade a client from engaging in illegal activity, this does not amount to

tipping off.

Recommendation 15

The type and extent of measures to be taken for each of the requirements set out in the

Recommendation should be appropriate having regard to the risk of money laundering and terrorist

financing and the size of the business.

For financial institutions, compliance management arrangements should include the appointment of a

compliance officer at the management level.


© 2010 FATF/OECD - 23

Recommendation 16

1. It is for each jurisdiction to determine the matters that would fall under legal professional

privilege or professional secrecy. This would normally cover information lawyers, notaries or

other independent legal professionals receive from or obtain through one of their clients: (a) in

the course of ascertaining the legal position of their client, or (b) in performing their task of

defending or representing that client in, or concerning judicial, administrative, arbitration or

mediation proceedings. Where accountants are subject to the same obligations of secrecy or

privilege, then they are also not required to report suspicious transactions.

2. Countries may allow lawyers, notaries, other independent legal professionals and accountants

to send their STR to their appropriate self-regulatory organisations, provided that there are

appropriate forms of co-operation between these organisations and the FIU.

Recommendation 23

Recommendation 23 should not be read as to require the introduction of a system of regular review of

licensing of controlling interests in financial institutions merely for anti-money laundering purposes,

but as to stress the desirability of suitability review for controlling shareholders in financial

institutions (banks and non-banks in particular) from a FATF point of view. Hence, where

shareholder suitability (or “fit and proper”) tests exist, the attention of supervisors should be drawn to

their relevance for anti-money laundering purposes.

Recommendation 25

When considering the feedback that should be provided, countries should have regard to the FATF

Best Practice Guidelines on Providing Feedback to Reporting Financial Institutions and Other

Persons.

Recommendation 26

Where a country has created an FIU, it should consider applying for membership in the Egmont

Group. Countries should have regard to the Egmont Group Statement of Purpose, and its Principles

for Information Exchange Between Financial Intelligence Units for Money Laundering Cases. These

documents set out important guidance concerning the role and functions of FIUs, and the mechanisms

for exchanging information between FIU.

Recommendation 27

Countries should consider taking measures, including legislative ones, at the national level, to allow

their competent authorities investigating money laundering cases to postpone or waive the arrest of

suspected persons and/or the seizure of the money for the purpose of identifying persons involved in

such activities or for evidence gathering. Without such measures the use of procedures such as

controlled deliveries and undercover operations are precluded.


24 - © 2010 FATF/OECD

Recommendation 38

Countries should consider:

a) Establishing an asset forfeiture fund in its respective country into which all or a portion of

confiscated property will be deposited for law enforcement, health, education, or other

appropriate purposes.

b) Taking such measures as may be necessary to enable it to share among or between other

countries confiscated property, in particular, when confiscation is directly or indirectly a result

of co-ordinated law enforcement actions.

Recommendation 40

1. For the purposes of this Recommendation:

“Counterparts” refers to authorities that exercise similar responsibilities and functions.

“Competent authority” refers to all administrative and law enforcement authorities

concerned with combating money laundering and terrorist financing, including the FIU

and supervisors.

2. Depending on the type of competent authority involved and the nature and purpose of the co-

operation, different channels can be appropriate for the exchange of information. Examples of

mechanisms or channels that are used to exchange information include: bilateral or multilateral

agreements or arrangements, memoranda of understanding, exchanges on the basis of

reciprocity, or through appropriate international or regional organisations. However, this

Recommendation is not intended to cover co-operation in relation to mutual legal assistance or

extradition.

3. The reference to indirect exchange of information with foreign authorities other than

counterparts covers the situation where the requested information passes from the foreign

authority through one or more domestic or foreign authorities before being received by the

requesting authority. The competent authority that requests the information should always make

it clear for what purpose and on whose behalf the request is made.

4. FIUs should be able to make inquiries on behalf of foreign counterparts where this could be

relevant to an analysis of financial transactions. At a minimum, inquiries should include:

Searching its own databases, which would include information related to suspicious

transaction reports.

Searching other databases to which it may have direct or indirect access, including law

enforcement databases, public databases, administrative databases and commercially

available databases.

Where permitted to do so, FIUs should also contact other competent authorities and financial

institutions in order to obtain relevant information.


Financial Action Task Force Groupe d’action financière

FATF IX Special Recommendations October 2001 (incorporating all subsequent amendments until February 2008)

FATF Standards

FATF IX Special Recommendations


FATF Special Recommendations on Terrorist Financing

Recognising the vital importance of taking action to combat the financing of terrorism, the FATF has agreed these Recommendations, which, when combined with the FATF Forty Recommendations on money laundering, set out the basic framework to detect, prevent and suppress the financing of terrorism and terrorist acts.

I. Ratification and implementation of UN instruments

Each country should take immediate steps to ratify and to implement fully the 1999 United Nations International Convention for the Suppression of the Financing of Terrorism.

Countries should also immediately implement the United Nations resolutions relating to the prevention and suppression of the financing of terrorist acts, particularly United Nations Security Council Resolution 1373.

II. Criminalising the financing of terrorism and associated money laundering

Each country should criminalise the financing of terrorism, terrorist acts and terrorist organisations. Countries should ensure that such offences are designated as money laundering predicate offences.

III. Freezing and confiscating terrorist assets

Each country should implement measures to freeze without delay funds or other assets of terrorists, those who finance terrorism and terrorist organisations in accordance with the United Nations resolutions relating to the prevention and suppression of the financing of terrorist acts.

Each country should also adopt and implement measures, including legislative ones, which would enable the competent authorities to seize and confiscate property that is the proceeds of, or used in, or intended or allocated for use in, the financing of terrorism, terrorist acts or terrorist organisations.

IV. Reporting suspicious transactions related to terrorism

If financial institutions, or other businesses or entities subject to anti-money laundering obligations, suspect or have reasonable grounds to suspect that funds are linked or related to, or are to be used for terrorism, terrorist acts or by terrorist organisations, they should be required to report promptly their suspicions to the competent authorities.

V. International Co-operation

Each country should afford another country, on the basis of a treaty, arrangement or other mechanism for mutual legal assistance or information exchange, the greatest possible measure of assistance in connection with criminal, civil enforcement, and administrative investigations, inquiries and proceedings relating to the financing of terrorism, terrorist acts and terrorist organisations.

Countries should also take all possible measures to ensure that they do not provide safe havens for individuals charged with the financing of terrorism, terrorist acts or terrorist organisations, and should have procedures in place to extradite, where possible, such individuals.



VI. Alternative Remittance

Each country should take measures to ensure that persons or legal entities, including agents, that provide a service for the transmission of money or value, including transmission through an informal money or value transfer system or network, should be licensed or registered and subject to all the FATF Recommendations that apply to banks and non-bank financial institutions. Each country should ensure that persons or legal entities that carry out this service illegally are subject to administrative, civil or criminal sanctions.

VII. Wire transfers

Countries should take measures to require financial institutions, including money remitters, to include accurate and meaningful originator information (name, address and account number) on funds transfers and related messages that are sent, and the information should remain with the transfer or related message through the payment chain.

Countries should take measures to ensure that financial institutions, including money remitters, conduct enhanced scrutiny of and monitor for suspicious activity funds transfers which do not contain complete originator information (name, address and account number).

VIII. Non-profit organisations

Countries should review the adequacy of laws and regulations that relate to entities that can be abused for the financing of terrorism. Non-profit organisations are particularly vulnerable, and countries should ensure that they cannot be misused:

(i) by terrorist organisations posing as legitimate entities;

(ii) to exploit legitimate entities as conduits for terrorist financing, including for the purpose of escaping asset freezing measures; and

(iii) to conceal or obscure the clandestine diversion of funds intended for legitimate purposes to terrorist organisations.

IX. Cash Couriers

Countries should have measures in place to detect the physical cross-border transportation of currency and bearer negotiable instruments, including a declaration system or other disclosure obligation.

Countries should ensure that their competent authorities have the legal authority to stop or restrain currency or bearer negotiable instruments that are suspected to be related to terrorist financing or money laundering, or that are falsely declared or disclosed.

Countries should ensure that effective, proportionate and dissuasive sanctions are available to deal with persons who make false declaration(s) or disclosure(s). In cases where the currency or bearer negotiable instruments are related to terrorist financing or money laundering, countries should also adopt measures, including legislative ones consistent with Recommendation 3 and Special Recommendation III, which would enable the confiscation of such currency or instruments.



Interpretative Notes

Interpretative Note to

Special Recommendation II: Criminalising the financing of terrorism and associated money laundering

Objective

1. Special Recommendation II (SR II) was developed with the objective of ensuring that countries have the legal capacity to prosecute and apply criminal sanctions to persons that finance terrorism. Given the close connection between international terrorism and inter alia money laundering, another objective of SR II is to emphasise this link by obligating countries to include terrorist financing offences as predicate offences for money laundering. The basis for criminalising terrorist financing should be the United Nations International Convention for the Suppression of the Financing of Terrorism, 1999.1

Definitions

2. For the purposes of SR II and this Interpretative Note, the following definitions apply:

a) The term funds refers to assets of every kind, whether tangible or intangible, movable or immovable, however acquired, and legal documents or instruments in any form, including electronic or digital, evidencing title to, or interest in, such assets, including, but not limited to, bank credits, travellers cheques, bank cheques, money orders, shares, securities, bonds, drafts, letters of credit.

b) The term terrorist refers to any natural person who: (i) commits, or attempts to commit, terrorist acts by any means, directly or indirectly, unlawfully and wilfully; (ii) participates as an accomplice in terrorist acts; (iii) organises or directs others to commit terrorist acts; or (iv) contributes to the commission of terrorist acts by a group of persons acting with a common purpose where the contribution is made intentionally and with the aim of furthering the terrorist act or with the knowledge of the intention of the group to commit a terrorist act.

1 Although the UN Convention had not yet come into force at the time that SR II was originally issued in October 2001 – and thus is not cited in the SR itself – the intent of the FATF has been from the issuance of SR II to reiterate and reinforce the criminalisation standard as set forth in the Convention (in particular, Article 2). The Convention came into force in April 2003.



c) The term terrorist act includes:

i) An act which constitutes an offence within the scope of, and as defined in one of the following treaties: Convention for the Suppression of Unlawful Seizure of Aircraft (1970), Convention for the Suppression of Unlawful Acts against the Safety of Civil Aviation (1971), Convention on the Prevention and Punishment of Crimes against Internationally Protected Persons, including Diplomatic Agents (1973), International Convention against the Taking of Hostages (1979), Convention on the Physical Protection of Nuclear Material (1980), Protocol for the Suppression of Unlawful Acts of Violence at Airports Serving International Civil Aviation, supplementary to the Convention for the Suppression of Unlawful Acts against the Safety of Civil Aviation (1988), Convention for the Suppression of Unlawful Acts against the Safety of Maritime Navigation (1988), Protocol for the Suppression of Unlawful Acts against the Safety of Fixed Platforms located on the Continental Shelf (1988), and the International Convention for the Suppression of Terrorist Bombings (1997); and

ii) Any other act intended to cause death or serious bodily injury to a civilian, or to any other person not taking an active part in the hostilities in a situation of armed conflict, when the purpose of such act, by its nature or context, is to intimidate a population, or to compel a Government or an international organisation to do or to abstain from doing any act.

d) The term terrorist financing includes the financing of terrorist acts, and of terrorists and terrorist organisations.

e) The term terrorist organisation refers to any group of terrorists that: (i) commits, or attempts to commit, terrorist acts by any means, directly or indirectly, unlawfully and wilfully; (ii) participates as an accomplice in terrorist acts; (iii) organises or directs others to commit terrorist acts; or (iv) contributes to the commission of terrorist acts by a group of persons acting with a common purpose where the contribution is made intentionally and with the aim of furthering the terrorist act or with the knowledge of the intention of the group to commit a terrorist act.

Characteristics of the Terrorist Financing Offence

3. Terrorist financing offences should extend to any person who wilfully provides or collects funds by any means, directly or indirectly, with the unlawful intention that they should be used or in the knowledge that they are to be used, in full or in part: (a) to carry out a terrorist act(s); (b) by a terrorist organisation; or (c) by an individual terrorist.

4. Criminalising terrorist financing solely on the basis of aiding and abetting, attempt, or conspiracy does not comply with this Recommendation.

5. Terrorist financing offences should extend to any funds whether from a legitimate or illegitimate source.

6. Terrorist financing offences should not require that the funds: (a) were actually used to carry out or attempt a terrorist act(s); or (b) be linked to a specific terrorist act(s).

7. It should also be an offence to attempt to commit the offence of terrorist financing.



8. It should also be an offence to engage in any of the following types of conduct:

a) Participating as an accomplice in an offence as set forth in paragraphs 3 or 7 of this Interpretative Note;

b) Organising or directing others to commit an offence as set forth in paragraphs 3 or 7 of this Interpretative Note;

c) Contributing to the commission of one or more offence(s) as set forth in paragraphs 3 or 7 of this Interpretative Note by a group of persons acting with a common purpose. Such contribution shall be intentional and shall either: (i) be made with the aim of furthering the criminal activity or criminal purpose of the group, where such activity or purpose involves the commission of a terrorist financing offence; or (ii) be made in the knowledge of the intention of the group to commit a terrorist financing offence.

9. Terrorist financing offences should be predicate offences for money laundering.

10. Terrorist financing offences should apply, regardless of whether the person alleged to have committed the offence(s) is in the same country or a different country from the one in which the terrorist(s)/terrorist organisation(s) is located or the terrorist act(s) occurred/will occur.

11. The law should permit the intentional element of the terrorist financing offence to be inferred from objective factual circumstances.

12. Criminal liability for terrorist financing should extend to legal persons. Where that is not possible (i.e. due to fundamental principles of domestic law), civil or administrative liability should apply.

13. Making legal persons subject to criminal liability for terrorist financing should not preclude the possibility of parallel criminal, civil or administrative proceedings in countries in which more than one form of liability is available.

14. Natural and legal persons should be subject to effective, proportionate and dissuasive criminal, civil or administrative sanctions for terrorist financing.




Special Recommendation III: Freezing and Confiscating Terrorist Assets

Objectives

1. FATF Special Recommendation III consists of two obligations. The first requires jurisdictions to implement measures that will freeze or, if appropriate, seize terrorist-related funds or other assets without delay in accordance with relevant United Nations resolutions. The second obligation of Special Recommendation III is to have measures in place that permit a jurisdiction to seize or confiscate terrorist funds or other assets on the basis of an order or mechanism issued by a competent authority or a court.

2. The objective of the first requirement is to freeze terrorist-related funds or other assets based on reasonable grounds, or a reasonable basis, to suspect or believe that such funds or other assets could be used to finance terrorist activity. The objective of the second requirement is to deprive terrorists of these funds or other assets if and when links have been adequately established between the funds or other assets and terrorists or terrorist activity. The intent of the first objective is preventative, while the intent of the second objective is mainly preventative and punitive. Both requirements are necessary to deprive terrorists and terrorist networks of the means to conduct future terrorist activity and maintain their infrastructure and operations.

Scope

3. Special Recommendation III is intended, with regard to its first requirement, to complement the obligations in the context of the United Nations Security Council (UNSC) resolutions relating to the prevention and suppression of the financing of terrorist acts—S/RES/1267(1999) and its successor resolutions,1 S/RES/1373(2001) and any prospective resolutions related to the freezing, or if appropriate seizure, of terrorist assets. It should be stressed that none of the obligations in Special Recommendation III is intended to replace other measures or obligations that may already be in place for dealing with funds or other assets in the context of a criminal, civil or administrative investigation or proceeding.2 The focus of Special Recommendation III instead is on the preventative measures that

1 When issued, S/RES/1267(1999) had a time limit of one year. A series of resolutions have been issued by the United Nations Security Council (UNSC) to extend and further refine provisions of S/RES/1267(1999). By successor resolutions are meant those resolutions that extend and are directly related to the original resolution S/RES/1267(1999). At the time of issue of this Interpretative Note, these resolutions included S/RES/1333(2000), S/RES/1363(2001), S/RES/1390(2002) and S/RES/1455(2003). In this Interpretative Note, the term S/RES/1267(1999) refers to S/RES/1267(1999) and its successor resolutions.

2 For instance, both the UN Convention against Illicit Traffic in Narcotic Drugs and Psychotropic Substances (1988) and UN Convention against Transnational Organised Crime (2000) contain obligations regarding freezing, seizure and confiscation in the context of combating transnational crime. Those obligations exist separately and apart from obligations that are set forth in S/RES/1267(1999), S/RES/1373(2001) and Special Recommendation III.



are necessary and unique in the context of stopping the flow or use of funds or other assets to terrorist groups.

4. S/RES/1267(1999) and S/RES/1373(2001) differ in the persons and entities whose funds or other assets are to be frozen, the authorities responsible for making these designations, and the effect of these designations.

5. S/RES/1267(1999) and its successor resolutions obligate jurisdictions to freeze without delay the funds or other assets owned or controlled by Al-Qaida, the Taliban, Usama bin Laden, or persons and entities associated with them as designated by the United Nations Al-Qaida and Taliban Sanctions Committee established pursuant to United Nations Security Council Resolution 1267 (the Al-Qaida and Taliban Sanctions Committee), including funds derived from funds or other assets owned or controlled, directly or indirectly, by them or by persons acting on their behalf or at their direction, and ensure that neither these nor any other funds or other assets are made available, directly or indirectly, for such persons’ benefit, by their nationals or by any person within their territory. The Al-Qaida and Taliban Sanctions Committee is the authority responsible for designating the persons and entities that should have their funds or other assets frozen under S/RES/1267(1999). All jurisdictions that are members of the United Nations are obligated by S/RES/1267(1999) to freeze the assets of persons and entities so designated by the Al-Qaida and Taliban Sanctions Committee.3

6. S/RES/1373(2001) obligates jurisdictions4 to freeze without delay the funds or other assets of persons who commit, or attempt to commit, terrorist acts or participate in or facilitate the commission of terrorist acts; of entities owned or controlled directly or indirectly by such persons; and of persons and entities acting on behalf of, or at the direction of such persons and entities, including funds or other assets derived or generated from property owned or controlled, directly or indirectly, by such persons and associated persons and entities. Each individual jurisdiction has the authority to designate the persons and entities that should have their funds or other assets frozen. Additionally, to ensure that effective co-operation is developed among jurisdictions, jurisdictions should examine and give effect to, if appropriate, the actions initiated under the freezing mechanisms of other jurisdictions. When (i) a specific notification or communication is sent and (ii) the jurisdiction receiving the request is satisfied, according to applicable legal principles, that a requested designation is supported by reasonable grounds, or a reasonable basis, to suspect or believe that the proposed designee is a terrorist, one who finances terrorism or a terrorist organisation, the jurisdiction receiving the request must ensure that the funds or other assets of the designated person are frozen without delay.

Definitions

7. For the purposes of Special Recommendation III and this Interpretive Note, the following definitions apply:

a) The term freeze means to prohibit the transfer, conversion, disposition or movement of funds or other assets on the basis of, and for the duration of the validity of, an action initiated by a competent authority or a court under a freezing mechanism. The frozen funds or other assets

3 When the UNSC acts under Chapter VII of the UN Charter, the resolutions it issues are mandatory for all UN members.

4 The UNSC was acting under Chapter VII of the UN Charter in issuing S/RES/1373(2001) (see previous footnote).



remain the property of the person(s) or entity(ies) that held an interest in the specified funds or other assets at the time of the freezing and may continue to be administered by the financial institution or other arrangements designated by such person(s) or entity(ies) prior to the initiation of an action under a freezing mechanism.

b) The term seize means to prohibit the transfer, conversion, disposition or movement of funds or other assets on the basis of an action initiated by a competent authority or a court under a freezing mechanism. However, unlike a freezing action, a seizure is effected by a mechanism that allows the competent authority or court to take control of specified funds or other assets. The seized funds or other assets remain the property of the person(s) or entity(ies) that held an interest in the specified funds or other assets at the time of the seizure, although the competent authority or court will often take over possession, administration or management of the seized funds or other assets.

c) The term confiscate, which includes forfeiture where applicable, means the permanent deprivation of funds or other assets by order of a competent authority or a court. Confiscation or forfeiture takes place through a judicial or administrative procedure that transfers the ownership of specified funds or other assets to be transferred to the State. In this case, the person(s) or entity(ies) that held an interest in the specified funds or other assets at the time of the confiscation or forfeiture loses all rights, in principle, to the confiscated or forfeited funds or other assets.5

d) The term funds or other assets means financial assets, property of every kind, whether tangible or intangible, movable or immovable, however acquired, and legal documents or instruments in any form, including electronic or digital, evidencing title to, or interest in, such funds or other assets, including, but not limited to, bank credits, travellers cheques, bank cheques, money orders, shares, securities, bonds, drafts, or letters of credit, and any interest, dividends or other income on or value accruing from or generated by such funds or other assets.

e) The term terrorist refers to any natural person who: (i) commits, or attempts to commit, terrorist acts6 by any means, directly or indirectly, unlawfully and wilfully; (ii) participates as an accomplice in terrorist acts or terrorist financing; (iii) organises or directs others to commit terrorist acts or terrorist financing; or (iv) contributes to the commission of terrorist acts or terrorist financing by a group of persons acting with a common purpose where the

5 Confiscation or forfeiture orders are usually linked to a criminal conviction or a court decision whereby the confiscated or forfeited property is determined to have been derived from or intended for use in a violation of the law.

6 A terrorist act includes an act which constitutes an offence within the scope of, and as defined in one of the following treaties: Convention for the Suppression of Unlawful Seizure of Aircraft, Convention for the Suppression of Unlawful Acts against the Safety of Civil Aviation, Convention on the Prevention and Punishment of Crimes against Internationally Protected Persons, including Diplomatic Agents, International Convention against the Taking of Hostages, Convention on the Physical Protection of Nuclear Material, Protocol for the Suppression of Unlawful Acts of Violence at Airports Serving International Civil Aviation, supplementary to the Convention for the Suppression of Unlawful Acts against the Safety of Civil Aviation, Convention for the Suppression of Unlawful Acts against the Safety of Maritime Navigation, Protocol for the Suppression of Unlawful Acts against the Safety of Fixed Platforms located on the Continental Shelf, International Convention for the Suppression of Terrorist Bombings, and the International Convention for the Suppression of the Financing of Terrorism (1999).


10 - © 2010 FATF/OECD

contribution is made intentionally and with the aim of furthering the terrorist act or terrorist financing or with the knowledge of the intention of the group to commit a terrorist act or terrorist financing.

f) The phrase those who finance terrorism refers to any person, group, undertaking or other entity that provides or collects, by any means, directly or indirectly, funds or other assets that may be used, in full or in part, to facilitate the commission of terrorist acts, or to any persons or entities acting on behalf of, or at the direction of such persons, groups, undertakings or other entities. This includes those who provide or collect funds or other assets with the intention that they should be used or in the knowledge that they are to be used, in full or in part, in order to carry out terrorist acts.

g) The term terrorist organisation refers to any legal person, group, undertaking or other entity owned or controlled directly or indirectly by a terrorist(s).

h) The term designated persons refers to those persons or entities designated by the Al-Qaida and Taliban Sanctions Committee pursuant to S/RES/1267(1999) or those persons or entities designated and accepted, as appropriate, by jurisdictions pursuant to S/RES/1373(2001).

i) The phrase without delay, for the purposes of S/RES/1267(1999), means, ideally, within a matter of hours of a designation by the Al-Qaida and Taliban Sanctions Committee. For the purposes of S/RES/1373(2001), the phrase without delay means upon having reasonable grounds, or a reasonable basis, to suspect or believe that a person or entity is a terrorist, one who finances terrorism or a terrorist organisation. The phrase without delay should be interpreted in the context of the need to prevent the flight or dissipation of terrorist-linked funds or other assets, and the need for global, concerted action to interdict and disrupt their flow swiftly.

Freezing without delay terrorist-related funds or other assets

8. In order to fulfil the preventive intent of Special Recommendation III, jurisdictions should establish the necessary authority and adopt the following standards and procedures to freeze the funds or other assets of terrorists, those who finance terrorism and terrorist organisations in accordance with both S/RES/1267(1999) and S/RES/1373(2001):

a) Authority to freeze, unfreeze and prohibit dealing in funds or other assets of designated persons. Jurisdictions should prohibit by enforceable means the transfer, conversion, disposition or movement of funds or other assets. Options for providing the authority to freeze and unfreeze terrorist funds or other assets include:

i) empowering or designating a competent authority or a court to issue, administer and enforce freezing and unfreezing actions under relevant mechanisms, or

ii) enacting legislation that places responsibility for freezing the funds or other assets of designated persons publicly identified by a competent authority or a court on the person or entity holding the funds or other assets and subjecting them to sanctions for non-compliance.

The authority to freeze and unfreeze funds or other assets should also extend to funds or other assets derived or generated from funds or other assets owned or


© 2010 FATF/OECD - 11

controlled directly or indirectly by such terrorists, those who finance terrorism, or terrorist organisations.

Whatever option is chosen there should be clearly identifiable competent authorities responsible for enforcing the measures.

The competent authorities shall ensure that their nationals or any persons and entities within their territories are prohibited from making any funds or other assets, economic resources or financial or other related services available, directly or indirectly, wholly or jointly, for the benefit of: designated persons, terrorists; those who finance terrorism; terrorist organisations; entities owned or controlled, directly or indirectly, by such persons or entities; and persons and entities acting on behalf of or at the direction of such persons or entities.

b) Freezing procedures. Jurisdictions should develop and implement procedures to freeze the funds or other assets specified in paragraph (c) below without delay and without giving prior notice to the persons or entities concerned. Persons or entities holding such funds or other assets should be required by law to freeze them and should furthermore be subject to sanctions for non-compliance with this requirement. Any delay between the official receipt of information provided in support of a designation and the actual freezing of the funds or other assets of designated persons undermines the effectiveness of designation by affording designated persons time to remove funds or other assets from identifiable accounts and places. Consequently, these procedures must ensure (i) the prompt determination whether reasonable grounds or a reasonable basis exists to initiate an action under a freezing mechanism and (ii) the subsequent freezing of funds or other assets without delay upon determination that such grounds or basis for freezing exist. Jurisdictions should develop efficient and effective systems for communicating actions taken under their freezing mechanisms to the financial sector immediately upon taking such action. As well, they should provide clear guidance, particularly financial institutions and other persons or entities that may be holding targeted funds or other assets on obligations in taking action under freezing mechanisms.

c) Funds or other assets to be frozen or, if appropriate, seized. Under Special Recommendation III, funds or other assets to be frozen include those subject to freezing under S/RES/1267(1999) and S/RES/1373(2001). Such funds or other assets would also include those wholly or jointly owned or controlled, directly or indirectly, by designated persons. In accordance with their obligations under the United Nations International Convention for the Suppression of the Financing of Terrorism (1999) (the Terrorist Financing Convention (1999)), jurisdictions should be able to freeze or, if appropriate, seize any funds or other assets that they identify, detect, and verify, in accordance with applicable legal principles, as being used by, allocated for, or being made available to terrorists, those who finance terrorists or terrorist organisations. Freezing or seizing under the Terrorist Financing Convention (1999) may be conducted by freezing or seizing in the context of a criminal investigation or proceeding. Freezing action taken under Special Recommendation III shall be without prejudice to the rights of third parties acting in good faith.

d) De-listing and unfreezing procedures. Jurisdictions should develop and implement publicly known procedures to consider de-listing requests upon satisfaction of certain criteria consistent with international obligations and applicable legal principles, and to unfreeze the funds or other assets of de-listed persons or entities in a timely manner. For persons and entities designated under S/RES/1267(1999), such procedures and criteria should be in


12 - © 2010 FATF/OECD

accordance with procedures adopted by the Al-Qaida and Taliban Sanctions Committee under S/RES/1267(1999).

e) Unfreezing upon verification of identity. For persons or entities with the same or similar name as designated persons, who are inadvertently affected by a freezing mechanism, jurisdictions should develop and implement publicly known procedures to unfreeze the funds or other assets of such persons or entities in a timely manner upon verification that the person or entity involved is not a designated person.

f) Providing access to frozen funds or other assets in certain circumstances. Where jurisdictions have determined that funds or other assets, which are otherwise subject to freezing pursuant to the obligations under S/RES/1267(1999), are necessary for basic expenses; for the payment of certain types of fees, expenses and service charges, or for extraordinary expenses,7 jurisdictions should authorise access to such funds or other assets in accordance with the procedures set out in S/RES/1452(2002) and subject to approval of the Al-Qaida and Taliban Sanctions Committee. On the same grounds, jurisdictions may authorise access to funds or other assets, if freezing measures are applied pursuant to S/RES/1373(2001).

g) Remedies. Jurisdictions should provide for a mechanism through which a person or an entity that is the target of a freezing mechanism in the context of terrorist financing can challenge that measure with a view to having it reviewed by a competent authority or a court.

h) Sanctions. Jurisdictions should adopt appropriate measures to monitor effectively the compliance with relevant legislation, rules or regulations governing freezing mechanisms by financial institutions and other persons or entities that may be holding funds or other assets as indicated in paragraph 8(c) above. Failure to comply with such legislation, rules or regulations should be subject to civil, administrative or criminal sanctions.

Seizure and Confiscation

9. Consistent with FATF Recommendation 3, jurisdictions should adopt measures similar to those set forth in Article V of the United Nations Convention against Illicit Traffic in Narcotic Drugs and Psychotropic Substances (1988), Articles 12 to 14 of the United Nations Convention on Transnational Organised Crime (2000), and Article 8 of the Terrorist Financing Convention (1999), including legislative measures, to enable their courts or competent authorities to seize and confiscate terrorist funds or other assets.

7 See Article 1, S/RES/1452(2002) for the specific types of expenses that are covered.


© 2010 FATF/OECD - 13


Special Recommendation VI: Alternative Remittance

General

1. Money or value transfer systems have shown themselves vulnerable to misuse for money laundering and terrorist financing purposes. The objective of Special Recommendation VI is to increase the transparency of payment flows by ensuring that jurisdictions impose consistent anti-money laundering and counter-terrorist financing measures on all forms of money/value transfer systems, particularly those traditionally operating outside the conventional financial sector and not currently subject to the FATF Recommendations. This Recommendation and Interpretative Note underscore the need to bring all money or value transfer services, whether formal or informal, within the ambit of certain minimum legal and regulatory requirements in accordance with the relevant FATF Recommendations.

2. Special Recommendation VI consists of three core elements:

a) Jurisdictions should require licensing or registration of persons (natural or legal) that provide money/value transfer services, including through informal systems;

b) Jurisdictions should ensure that money/value transmission services, including informal systems (as described in paragraph 5 below), are subject to applicable FATF Forty Recommendations (2003) (in particular, Recommendations 4-16 and 21-25)1 and the Eight Special Recommendations (in particular SR VII); and

c) Jurisdictions should be able to impose sanctions on money/value transfer services, including informal systems, that operate without a license or registration and that fail to comply with relevant FATF Recommendations.

Scope and Application

3. For the purposes of this Recommendation, the following definitions are used.

4. Money or value transfer service refers to a financial service that accepts cash, cheques, other monetary instruments or other stores of value in one location and pays a corresponding sum in cash or other form to a beneficiary in another location by means of a communication, message, transfer or through a clearing network to which the money/value transfer service belongs. Transactions performed by such services can involve one or more intermediaries and a third party final payment.

5. A money or value transfer service may be provided by persons (natural or legal) formally through the regulated financial system or informally through non-bank financial institutions or other 1 When this Interpretative Note was originally issued, these references were to the 1996 FATF Forty Recommendations. Subsequent to the publication of the revised FATF Forty Recommendations in June 2003, this text was updated accordingly. All references are now to the 2003 FATF Forty Recommendations.


14 - © 2010 FATF/OECD

business entities or any other mechanism either through the regulated financial system (for example, use of bank accounts) or through a network or mechanism that operates outside the regulated system. In some jurisdictions, informal systems are frequently referred to as alternative remittance services or underground (or parallel) banking systems. Often these systems have ties to particular geographic regions and are therefore described using a variety of specific terms. Some examples of these terms include hawala, hundi, fei-chien, and the black market peso exchange.2

6. Licensing means a requirement to obtain permission from a designated competent authority in order to operate a money/value transfer service legally.

7. Registration in this Recommendation means a requirement to register with or declare to a designated competent authority the existence of a money/value transfer service in order for the business to operate legally.

8. The obligation of licensing or registration applies to agents. At a minimum, the principal business must maintain a current list of agents which must be made available to the designated competent authority. An agent is any person who provides money or value transfer service under the direction of or by contract with a legally registered or licensed remitter (for example, licensees, franchisees, concessionaires).

Applicability of Special Recommendation VI

9. Special Recommendation VI should apply to all persons (natural or legal), which conduct for or on behalf of another person (natural or legal) the types of activity described in paragraphs 4 and 5 above as a primary or substantial part of their business or when such activity is undertaken on a regular or recurring basis, including as an ancillary part of a separate business enterprise.

10. Jurisdictions need not impose a separate licensing / registration system or designate another competent authority in respect to persons (natural or legal) already licensed or registered as financial institutions (as defined by the FATF Forty Recommendations (2003)) within a particular jurisdiction, which under such license or registration are permitted to perform activities indicated in paragraphs 4 and 5 above and which are already subject to the full range of applicable obligations under the FATF Forty Recommendations (2003) (in particular, Recommendations 4-16 and 21-25) and the Eight Special Recommendations (in particular SR VII).

Licensing or Registration and Compliance

11. Jurisdictions should designate an authority to grant licences and/or carry out registration and ensure that the requirement is observed. There should be an authority responsible for ensuring compliance by money/value transfer services with the FATF Recommendations (including the Eight Special Recommendations). There should also be effective systems in place for monitoring and ensuring such compliance. This interpretation of Special Recommendation VI (i.e., the need for designation of competent authorities) is consistent with FATF Recommendation 23.

2 The inclusion of these examples does not suggest that such systems are legal in any particular jurisdiction.


© 2010 FATF/OECD - 15

Sanctions

12. Persons providing money/value transfer services without a license or registration should be subject to appropriate administrative, civil or criminal sanctions.3 Licensed or registered money/value transfer services which fail to comply fully with the relevant measures called for in the FATF Forty Recommendations (2003) or the Eight Special Recommendations should also be subject to appropriate sanctions.

3 Jurisdictions may authorise temporary or provisional operation of money / value transfer services that are already in existence at the time of implementing this Special Recommendation to permit such services to obtain a license or to register.


16 - © 2010 FATF/OECD

Revised1 Interpretative Note to

Special Recommendation VII: Wire Transfers2

Objective

1. Special Recommendation VII (SR VII) was developed with the objective of preventing terrorists and other criminals from having unfettered access to wire transfers for moving their funds and for detecting such misuse when it occurs. Specifically, it aims to ensure that basic information on the originator of wire transfers is immediately available (1) to appropriate law enforcement and/or prosecutorial authorities to assist them in detecting, investigating, prosecuting terrorists or other criminals and tracing the assets of terrorists or other criminals, (2) to financial intelligence units for analysing suspicious or unusual activity and disseminating it as necessary, and (3) to beneficiary financial institutions to facilitate the identification and reporting of suspicious transactions. Due to the potential terrorist financing threat posed by small wire transfers, countries should aim for the ability to trace all wire transfers and should minimise thresholds taking into account the risk of driving transactions underground. It is not the intention of the FATF to impose rigid standards or to mandate a single operating process that would negatively affect the payment system. The FATF will continue to monitor the impact of Special Recommendation VII and conduct an assessment of its operation within three years of full implementation.

Definitions

2. For the purposes of this interpretative note, the following definitions apply.

a) The terms wire transfer and funds transfer refer to any transaction carried out on behalf of an originator person (both natural and legal) through a financial institution by electronic means with a view to making an amount of money available to a beneficiary person at another financial institution. The originator and the beneficiary may be the same person.

b) Cross-border transfer means any wire transfer where the originator and beneficiary institutions are located in different countries. This term also refers to any chain of wire transfers that has at least one cross-border element.

c) Domestic transfer means any wire transfer where the originator and beneficiary institutions are located in the same country. This term therefore refers to any chain of wire transfers that takes place entirely within the borders of a single country, even though the system used to

1 This revision of the Interpretative Note to Special Recommendation VII was issued on 29 February 2008.

2 It is recognised that countries will need time to make relevant legislative or regulatory changes and to allow financial institutions to make necessary adaptations to their systems and procedures. This period should not extend beyond December 2006.


© 2010 FATF/OECD - 17

effect the wire transfer may be located in another country. The term also refers to any chain of wire transfers that takes place entirely within the borders of the European Union3.

d) The term financial institution is as defined by the FATF Forty Recommendations (2003).4 The term does not apply to any persons or entities that provide financial institutions solely with message or other support systems for transmitting funds5.

e) The originator is the account holder, or where there is no account, the person (natural or legal) that places the order with the financial institution to perform the wire transfer.

Scope

3. SR VII applies, under the conditions set out below, to cross-border and domestic transfers between financial institutions.

Cross-border wire transfers

4. Cross-border wire transfers should be accompanied by accurate and meaningful originator information. However, countries may adopt a de minimus threshold (no higher than USD or EUR 1 000). For cross-border transfers below this threshold:

a) Countries are not obligated to require ordering financial institutions to identify, verify record, or transmit originator information.

b) Countries may nevertheless require that incoming cross-border wire transfers contain full and accurate originator information.

5. Information accompanying qualifying cross-border wire transfers6 must always contain the name of the originator and where an account exists, the number of that account. In the absence of an account, a unique reference number must be included.

3 Having regard to the fact that:

The European Union constitutes an autonomous entity with its own sovereign rights and a legal order independent of the Member States, to which both the Member States themselves and their nationals are subject, within the European Union’s areas of competence;

The European Union has enacted legislation binding upon its Member States, subject to control by a court of justice, which provides for the integration of payment services within an internal market in accordance with the principles of the free movement of capital and free provision of services; and

This legislation notably provides for the implementation of Special Recommendation VII as a single jurisdiction and requires that full information on the payer is made readily available, where appropriate upon request, to the beneficiary financial institution and relevant competent authorities. It is further noted that the European internal market and corresponding legal framework is extended to the members of the European Economic Area.

4 When this Interpretative Note was originally issued, these references were to the 1996 FATF Forty Recommendations. Subsequent to the publication of the revised FATF Forty Recommendations in June 2003, this text was updated accordingly. All references are now to the 2003 FATF Forty Recommendations.

5 However, these systems do have a role in providing the necessary means for the financial institutions to fulfil their obligations under SR VII and, in particular, in preserving the integrity of the information transmitted with a wire transfer.


18 - © 2010 FATF/OECD

6. Information accompanying qualifying wire transfers should also contain the address of the originator. However, countries may permit financial institutions to substitute the address with a national identity number, customer identification number, or date and place of birth.

7. Where several individual transfers from a single originator are bundled in a batch file for transmission to beneficiaries in another country, they shall be exempted from including full originator information, provided they include the originator’s account number or unique reference number (as described in paragraph 8), and the batch file contains full originator information that is fully traceable within the recipient country.

Domestic wire transfers

8. Information accompanying domestic wire transfers must also include originator information as indicated for cross-border wire transfers, unless full originator information can be made available to the beneficiary financial institution and appropriate authorities by other means. In this latter case, financial institutions need only include the account number or a unique identifier provided that this number or identifier will permit the transaction to be traced back to the originator.

9. The information must be made available by the ordering financial institution within three business days of receiving the request either from the beneficiary financial institution or from appropriate authorities. Law enforcement authorities should be able to compel immediate production of such information.

Exemptions from SR VII

10. SR VII is not intended to cover the following types of payments:

a) Any transfer that flows from a transaction carried out using a credit or debit card so long as the credit or debit card number accompanies all transfers flowing from the transaction. However, when credit or debit cards are used as a payment system to effect a money transfer, they are covered by SR VII, and the necessary information should be included in the message.

b) Financial institution-to-financial institution transfers and settlements where both the originator person and the beneficiary person are financial institutions acting on their own behalf.

Role of ordering, intermediary and beneficiary financial institutions

Ordering financial institution

11. The ordering financial institution must ensure that qualifying wire transfers contain complete originator information. The ordering financial institution must also verify this information for accuracy and maintain this information in accordance with the standards set out in the FATF Forty Recommendations (2003)7.

6 Throughout this Interpretative Note, the phrase “qualifying cross-border wire transfers” means those cross-border wire transfers above any applicable threshold as described in paragraph 4.

7 See note 4.


© 2010 FATF/OECD - 19

Intermediary financial institution

12. For both cross-border and domestic wire transfers, financial institutions processing an intermediary element of such chains of wire transfers must ensure that all originator information that accompanies a wire transfer is retained with the transfer.

13. Where technical limitations prevent the full originator information accompanying a cross-border wire transfer from remaining with a related domestic wire transfer (during the necessary time to adapt payment systems), a record must be kept for five years by the receiving intermediary financial institution of all the information received from the ordering financial institution.

Beneficiary financial institution

14. Beneficiary financial institutions should have effective risk-based procedures in place to identify wire transfers lacking complete originator information. The lack of complete originator information may be considered as a factor in assessing whether a wire transfer or related transactions are suspicious and, as appropriate, whether they are thus required to be reported to the financial intelligence unit or other competent authorities. In some cases, the beneficiary financial institution should consider restricting or even terminating its business relationship with financial institutions that fail to meet SRVII standards.

Enforcement mechanisms for financial institutions that do not comply with wire transfer rules and regulations

15. Countries should adopt appropriate measures to monitor effectively the compliance of financial institutions with rules and regulations governing wire transfers. Financial institutions that fail to comply with such rules and regulations should be subject to civil, administrative or criminal sanctions.


20 - © 2010 FATF/OECD


Special Recommendation VIII: Non-Profit Organisations

Introduction

1. Non-profit organisations (NPOs) play a vital role in the world economy and in many national economies and social systems. Their efforts complement the activity of the governmental and business sectors in providing essential services, comfort and hope to those in need around the world. The ongoing international campaign against terrorist financing has unfortunately demonstrated however that terrorists and terrorist organisations exploit the NPO sector to raise and move funds, provide logistical support, encourage terrorist recruitment or otherwise support terrorist organisations and operations. This misuse not only facilitates terrorist activity but also undermines donor confidence and jeopardises the very integrity of NPOs. Therefore, protecting the NPO sector from terrorist abuse is both a critical component of the global fight against terrorism and a necessary step to preserve the integrity of NPOs.

2. NPOs may be vulnerable to abuse by terrorists for a variety of reasons. NPOs enjoy the public trust, have access to considerable sources of funds, and are often cash-intensive. Furthermore, some NPOs have a global presence that provides a framework for national and international operations and financial transactions, often within or near those areas that are most exposed to terrorist activity. Depending on the legal form of the NPO and the country, NPOs may often be subject to little or no governmental oversight (for example, registration, record keeping, reporting and monitoring), or few formalities may be required for their creation (for example, there may be no skills or starting capital required, no background checks necessary for employees). Terrorist organisations have taken advantage of these characteristics of NPOs to infiltrate the sector and misuse NPO funds and operations to cover for or support terrorist activity.

Objectives and General Principles

3. The objective of Special Recommendation VIII (SR VIII) is to ensure that NPOs are not misused by terrorist organisations: (i) to pose as legitimate entities; (ii) to exploit legitimate entities as conduits for terrorist financing, including for the purpose of escaping asset freezing measures; or (iii) to conceal or obscure the clandestine diversion of funds intended for legitimate purposes but diverted for terrorist purposes. In this Interpretative Note, the approach taken to achieve this objective is based on the following general principles:

a) Past and ongoing abuse of the NPO sector by terrorists and terrorist organisations requires countries to adopt measures both: (i) to protect the sector against such abuse, and (ii) to identify and take effective action against those NPOs that either are exploited by or actively support terrorists or terrorist organizations.

b) Measures adopted by countries to protect the NPO sector from terrorist abuse should not disrupt or discourage legitimate charitable activities. Rather, such measures should promote transparency and engender greater confidence in the sector, across the donor community and


© 2010 FATF/OECD - 21

with the general public that charitable funds and services reach intended legitimate beneficiaries. Systems that promote achieving a high degree of transparency, integrity and public confidence in the management and functioning of all NPOs are integral to ensuring the sector cannot be misused for terrorist financing.

c) Measures adopted by countries to identify and take effective action against NPOs that either are exploited by or actively support terrorists or terrorist organisations should aim to prevent and prosecute as appropriate terrorist financing and other forms of terrorist support. Where NPOs suspected of or implicated in terrorist financing or other forms of terrorist support are identified, the first priority of countries must be to investigate and halt such terrorist financing or support. Actions taken for this purpose should to the extent reasonably possible avoid any negative impact on innocent and legitimate beneficiaries of charitable activity. However, this interest cannot excuse the need to undertake immediate and effective actions to advance the immediate interest of halting terrorist financing or other forms of terrorist support provided by NPOs.

d) Developing co-operative relationships among the public, private and NPO sector is critical to raising awareness and fostering capabilities to combat terrorist abuse within the sector. Countries should encourage the development of academic research on and information sharing in the NPO sector to address terrorist financing related issues.

e) A targeted approach in dealing with the terrorist threat to the NPO sector is essential given the diversity within individual national sectors, the differing degrees to which parts of each sector may be vulnerable to misuse by terrorists, the need to ensure that legitimate charitable activity continues to flourish and the limited resources and authorities available to combat terrorist financing in each jurisdiction.

f) Flexibility in developing a national response to terrorist financing in the NPO sector is also essential in order to allow it to evolve over time as it faces the changing nature of the terrorist financing threat.

Definitions

4. For the purposes of SR VIII and this interpretative note, the following definitions apply:

a) The term non-profit organisation or NPO refers to a legal entity or organisation that primarily engages in raising or disbursing funds for purposes such as charitable, religious, cultural, educational, social or fraternal purposes, or for the carrying out of other types of “good works”.

b) The terms FIU, legal arrangement and legal person are as defined by the FATF Forty Recommendations (2003) (the FATF Recommendations).

c) The term funds is as defined by the Interpretative Note to FATF Special Recommendation II.

d) The terms freezing, terrorist and terrorist organisation are as defined by the Interpretative Note to FATF Special Recommendation III.

e) The term appropriate authorities refers to competent authorities, self-regulatory bodies, accrediting institutions and other administrative authorities.


22 - © 2010 FATF/OECD

f) The term beneficiaries refers to those natural persons, or groups of natural persons who receive charitable, humanitarian or other types of assistance through the services of the NPO.

Measures

5. Countries should undertake domestic reviews of their NPO sector or have the capacity to obtain timely information on its activities, size and other relevant features. In undertaking these assessments, countries should use all available sources of information in order to identify features and types of NPOs, which by virtue of their activities or characteristics, are at risk of being misused for terrorist financing.1 Countries should also periodically reassess the sector by reviewing new information on the sector’s potential vulnerabilities to terrorist activities.

6. There is a diverse range of approaches in identifying, preventing and combating terrorist misuse of NPOs. An effective approach, however, is one that involves all four of the following elements: (a) Outreach to the sector, (b) Supervision or monitoring, (c) Effective investigation and information gathering and (d) Effective mechanisms for international co-operation. The following measures represent specific actions that countries should take with respect to each of these elements in order to protect their NPO sector from terrorist financing abuse.

a. Outreach to the NPO sector concerning terrorist financing issues

(i) Countries should have clear policies to promote transparency, integrity and public confidence in the administration and management of all NPOs.

(ii) Countries should encourage or undertake outreach programmes to raise awareness in the NPO sector about the vulnerabilities of NPOs to terrorist abuse and terrorist financing risks, and the measures that NPOs can take to protect themselves against such abuse.

(iii) Countries should work with the NPO sector to develop and refine best practices to address terrorist financing risks and vulnerabilities and thus protect the sector from terrorist abuse.2

(iv) Countries should encourage NPOs to conduct transactions via regulated financial channels, wherever feasible, keeping in mind the varying capacities of financial sectors in different countries and in different areas of urgent charitable and humanitarian concerns.

b. Supervision or monitoring of the NPO sector

Countries should take steps to promote effective supervision or monitoring of their NPO sector. In practice, countries should be able to demonstrate that the following standards apply to NPOs which account for (1) a significant portion of the financial resources under control of the sector; and (2) a substantial share of the sector’s international activities.

(i) NPOs should maintain information on: (1) the purpose and objectives of their stated activities; and (2) the identity of the person(s) who own, control or direct their activities, including senior officers, board members and trustees. This information should be publicly available either directly from the NPO or through appropriate authorities. 1 For example, such information could be provided by regulators, tax authorities, FIUs, donor organisations or law enforcement and intelligence authorities.

2 The FATF’s Combating the Abuse of Non-Profit Organisations: International Best Practices provides a useful reference document for such exercises.


© 2010 FATF/OECD - 23

(ii) NPOs should issue annual financial statements that provide detailed breakdowns of incomes and expenditures.

(iii) NPOs should be licensed or registered. This information should be available to competent authorities.3

(iv) NPOs should have appropriate controls in place to ensure that all funds are fully accounted for and are spent in a manner that is consistent with the purpose and objectives of the NPO’s stated activities.

(v) NPOs should follow a “know your beneficiaries and associate NPOs4” rule, which means that the NPO should make best efforts to confirm the identity, credentials and good standing of their beneficiaries and associate NPOs. NPOs should also undertake best efforts to document the identity of their significant donors and to respect donor confidentiality.

(vi) NPOs should maintain, for a period of at least five years, and make available to appropriate authorities, records of domestic and international transactions that are sufficiently detailed to verify that funds have been spent in a manner consistent with the purpose and objectives of the organisation. This also applies to information mentioned in paragraphs (i) and (ii) above.

(vii) Appropriate authorities should monitor the compliance of NPOs with applicable rules and regulations.5 Appropriate authorities should be able to properly sanction relevant violations by NPOs or persons acting on behalf of these NPOs.6

c. Effective information gathering and investigation

(i) Countries should ensure effective co-operation, co-ordination and information sharing to the extent possible among all levels of appropriate authorities or organisations that hold relevant information on NPOs.

(ii) Countries should have investigative expertise and capability to examine those NPOs suspected of either being exploited by or actively supporting terrorist activity or terrorist organisations.

(iii) Countries should ensure that full access to information on the administration and management of a particular NPO (including financial and programmatic information) may be obtained during the course of an investigation.

3 Specific licensing or registration requirements for counter terrorist financing purposes are not necessary. For example, in some countries, NPOs are already registered with tax authorities and monitored in the context of qualifying for favourable tax treatment (such as tax credits or tax exemptions).

4 The term associate NPOs includes foreign branches of international NPOs.

5 In this context, rules and regulations may include rules and standards applied by self regulatory bodies and accrediting institutions.

6 The range of such sanctions might include freezing of accounts, removal of trustees, fines, de-certification, de-licensing and de-registration. This should not preclude parallel civil, administrative or criminal proceedings with respect to NPOs or persons acting on their behalf where appropriate.


24 - © 2010 FATF/OECD

(iv) Countries should establish appropriate mechanisms to ensure that when there is suspicion or reasonable grounds to suspect that a particular NPO: (1) is a front for fundraising by a terrorist organisation; (2) is being exploited as a conduit for terrorist financing, including for the purpose of escaping asset freezing measures; or (3) is concealing or obscuring the clandestine diversion of funds intended for legitimate purposes, but redirected for the benefit of terrorists or terrorist organisations, this information is promptly shared with all relevant competent authorities in order to take preventative or investigative action.

d. Effective capacity to respond to international requests for information about an NPO of concern

Consistent with Special Recommendation V, countries should identify appropriate points of contact and procedures to respond to international requests for information regarding particular NPOs suspected of terrorist financing or other forms of terrorist support.


© 2010 FATF/OECD - 25


Special Recommendation IX: Cash Couriers

Objectives

1. FATF Special Recommendation IX was developed with the objective of ensuring that terrorists and other criminals cannot finance their activities or launder the proceeds of their crimes through the physical cross-border transportation of currency and bearer negotiable instruments. Specifically, it aims to ensure that countries have measures 1) to detect the physical cross-border transportation of currency and bearer negotiable instruments, 2) to stop or restrain currency and bearer negotiable instruments that are suspected to be related to terrorist financing or money laundering, 3) to stop or restrain currency or bearer negotiable instruments that are falsely declared or disclosed, 4) to apply appropriate sanctions for making a false declaration or disclosure, and 5) to enable confiscation of currency or bearer negotiable instruments that are related to terrorist financing or money laundering. Countries should implement Special Recommendation IX subject to strict safeguards to ensure proper use of information and without restricting either: (i) trade payments between countries for goods and services; or (ii) the freedom of capital movements in any way.

Definitions

2. For the purposes of Special Recommendation IX and this Interpretative Note, the following definitions apply.

3. The term bearer negotiable instruments includes monetary instruments in bearer form such as: travellers cheques; negotiable instruments (including cheques, promissory notes and money orders) that are either in bearer form, endorsed without restriction, made out to a fictitious payee, or otherwise in such form that title thereto passes upon delivery; incomplete instruments (including cheques, promissory notes and money orders) signed, but with the payee’s name omitted.1

4. The term currency refers to banknotes and coins that are in circulation as a medium of exchange.

5. The term physical cross-border transportation refers to any in-bound or out-bound physical transportation of currency or bearer negotiable instruments from one country to another country. The term includes the following modes of transportation: (1) physical transportation by a natural person,

1 For the purposes of this Interpretative Note, gold, precious metals and precious stones are not included despite their high liquidity and use in certain situations as a means of exchange or transmitting value. These items may be otherwise covered under customs laws and regulations. If a country discovers an unusual cross-border movement of gold, precious metals or precious stones, it should consider notifying, as appropriate, the Customs Service or other competent authorities of the countries from which these items originated and/or to which they are destined, and should co-operate with a view toward establishing the source, destination, and purpose of the movement of such items and toward the taking of appropriate action.


26 - © 2010 FATF/OECD

or in that person’s accompanying luggage or vehicle; (2) shipment of currency through containerised cargo or (3) the mailing of currency or bearer negotiable instruments by a natural or legal person.

6. The term false declaration refers to a misrepresentation of the value of currency or bearer negotiable instruments being transported, or a misrepresentation of other relevant data which is asked for in the declaration or otherwise requested by the authorities. This includes failing to make a declaration as required.

7. The term false disclosure refers to a misrepresentation of the value of currency or bearer negotiable instruments being transported, or a misrepresentation of other relevant data which is asked for in the disclosure or otherwise requested by the authorities. This includes failing to make a disclosure as required.

8. When the term related to terrorist financing or money laundering is used to describe currency or bearer negotiable instruments, it refers to currency or bearer negotiable instruments that are: (i) the proceeds of, or used in, or intended or allocated for use in, the financing of terrorism, terrorist acts or terrorist organisations; or (ii) laundered, proceeds from money laundering or predicate offences, or instrumentalities used in or intended for use in the commission of these offences.

The types of systems that may be implemented to address the issue of cash couriers

9. Countries may meet their obligations under Special Recommendation IX and this Interpretative Note by implementing one of the following types of systems; however, countries do not have to use the same type of system for incoming and outgoing cross-border transportation of currency or bearer negotiable instruments:

a) Declaration system: The key characteristics of a declaration system are as follows. All persons making a physical cross-border transportation of currency or bearer negotiable instruments, which are of a value exceeding a pre-set, maximum threshold of EUR/USD 15,000, are required to submit a truthful declaration to the designated competent authorities. Countries that implement a declaration system should ensure that the pre-set threshold is sufficiently low to meet the objectives of Special Recommendation IX.

b) Disclosure system: The key characteristics of a disclosure system are as follows. All persons making a physical cross-border transportation of currency or bearer negotiable instruments are required to make a truthful disclosure to the designated competent authorities upon request. Countries that implement a disclosure system should ensure that the designated competent authorities can make their inquiries on a targeted basis, based on intelligence or suspicion, or on a random basis.

Additional elements applicable to both systems

10. Whichever system is implemented, countries should ensure that their system incorporates the following elements:

a) The declaration/disclosure system should apply to both incoming and outgoing transportation of currency and bearer negotiable instruments.

b) Upon discovery of a false declaration/disclosure of currency or bearer negotiable instruments or a failure to declare/disclose them, designated competent authorities should have the authority to request and obtain further information from the carrier with regard to the origin of the currency or bearer negotiable instruments and their intended use.


© 2010 FATF/OECD - 27

c) Information obtained through the declaration/disclosure process should be available to the financial intelligence unit (FIU) either through a system whereby the FIU is notified about suspicious cross-border transportation incidents or by making the declaration/disclosure information directly available to the FIU in some other way.

d) At the domestic level, countries should ensure that there is adequate co-ordination among customs, immigration and other related authorities on issues related to the implementation of Special Recommendation IX.

e) In the following two cases, competent authorities should be able to stop or restrain cash or bearer negotiable instruments for a reasonable time in order to ascertain whether evidence of money laundering or terrorist financing may be found: (i) where there is a suspicion of money laundering or terrorist financing; or (ii) where there is a false declaration or false disclosure.

f) The declaration/disclosure system should allow for the greatest possible measure of international co-operation and assistance in accordance with Special Recommendation V and Recommendations 35 to 40. To facilitate such co-operation, in instances when: (i) a declaration or disclosure which exceeds the maximum threshold of EUR/USD 15,000 is made, or (ii) where there is a false declaration or false disclosure, or (iii) where there is a suspicion of money laundering or terrorist financing, this information shall be retained for use by the appropriate authorities. At a minimum, this information will cover: (i) the amount of currency or bearer negotiable instruments declared / disclosed or otherwise detected; and (ii) the identification data of the bearer(s).

Sanctions

11. Persons who make a false declaration or disclosure should be subject to effective, proportionate and dissuasive sanctions, whether criminal civil or administrative. Persons who are carrying out a physical cross-border transportation of currency or bearer negotiable instruments that are related to terrorist financing or money laundering should also be subject to effective, proportionate and dissuasive sanctions, whether criminal, civil or administrative, and should be subject to measures, including legislative ones consistent with Recommendation 3 and Special Recommendation III, which would enable the confiscation of such currency or bearer negotiable instruments.

Basel Committee on Banking Supervision

Compliance and the compliance function in banks

April 2005


Table of contents

Task Force on Accounting Issues of the Basel Committee on Banking Supervision ..............5 Introduction...............................................................................................................................7 Responsibilities of the board of directors for compliance .........................................................9

Principle 1........................................................................................................................9 Responsibilities of senior management for compliance............................................................9

Principle 2........................................................................................................................9 Principle 3........................................................................................................................9 Principle 4......................................................................................................................10

Compliance function principles ...............................................................................................10 Principle 5: Independence .............................................................................................10

Status ...................................................................................................................11 Head of Compliance.............................................................................................11 Conflicts of interest...............................................................................................12 Access to information and personnel ...................................................................12

Principle 6: Resources ..................................................................................................13 Principle 7: Compliance function responsibilities ..........................................................13

Advice ..................................................................................................................13 Guidance and education ......................................................................................13 Identification, measurement and assessment of compliance risk ........................14 Monitoring, testing and reporting..........................................................................14 Statutory responsibilities and liaison ....................................................................14 Compliance programme.......................................................................................14

Principle 8: Relationship with Internal Audit ..................................................................15 Other matters..........................................................................................................................15

Principle 9: Cross-border issues ...................................................................................15 Principle 10: Outsourcing ..............................................................................................15


Task Force on Accounting Issues of the Basel Committee on Banking Supervision

Chairman: Prof Dr Arnold Schilder,

The Netherlands Bank, Amsterdam

Banking, Finance and Insurance Commission, Brussels Mr Marc Pickeur

Office of the Superintendent of Financial Institutions Canada, Toronto

Ms Karen Stothers

Banking Commission, Paris Ms Sylvie Matherat

Deutsche Bundesbank, Frankfurt am Main Mr Karl-Heinz Hillen

Federal Financial Supervisory Authority (BAFin), Bonn Mr Ludger Hanenberg

Bank of Italy, Rome Dr Carlo Calandrini

Bank of Japan, Tokyo Mr Keiji Fukuzawa

Financial Services Agency, Tokyo Mr Kenji Oki

Surveillance Commission for the Financial Sector, Luxembourg

Mr Guy Haas

The Netherlands Bank, Amsterdam Mr Michael Dobbyn

Bank of Spain, Madrid Mr Anselmo Diaz Fernandez

Finansinspektionen, Stockholm Mr Percy Bargholtz

Swiss Federal Banking Commission, Berne Mr Stephan Rieder

Bank of England, London Mr Ian Michael

Financial Services Authority, London Ms Caroline Morgan

Board of Governors of the Federal Reserve System, Washington, DC

Mr Gerald Edwards, Jr

Federal Reserve Bank of New York Mr Arthur Angulo

Office of the Comptroller of the Currency, Washington, DC Mr Zane Blackburn

Federal Deposit Insurance Corporation, Washington, DC Mr Robert Storch


Observers

Central Bank of Brazil Mr Amaro Luiz de Oliveira Gomes

European Central Bank Ms Fatima Pires

European Commission, Brussels Mr Vitorio Pinelli

Financial Stability Institute Mr Jason George

Monetary Authority of Singapore, Singapore Mr Low Kwok Mun

Austrian National Bank, Vienna Mr Martin Hammer

Saudi Arabian Monetary Agency, Riyadh Mr Abdulelah Alobaid

Secretariat

Secretariat of the Basel Committee on Banking Supervision,

Bank for International Settlements

Ms Donna Bovolaneas

Mr Rory Macfie

Compliance and the compliance function in banks 7

Introduction

1. As part of its ongoing efforts to address bank supervisory issues and enhance sound practices in banking organisations, the Basel Committee on Banking Supervision (the Committee) is issuing this high level paper on compliance risk and the compliance function in banks. Banking supervisors must be satisfied that effective compliance policies and procedures are followed and that management takes appropriate corrective action when compliance failures are identified.

2. Compliance starts at the top. It will be most effective in a corporate culture that emphasises standards of honesty and integrity and in which the board of directors and senior management lead by example. It concerns everyone within the bank and should be viewed as an integral part of the bank’s business activities. A bank should hold itself to high standards when carrying on business, and at all times strive to observe the spirit as well as the letter of the law. Failure to consider the impact of its actions on its shareholders, customers, employees and the markets may result in significant adverse publicity and reputational damage, even if no law has been broken.

3. The expression “compliance risk” is defined in this paper as the risk of legal or regulatory sanctions, material financial loss, or loss to reputation a bank may suffer as a result of its failure to comply with laws, regulations, rules, related self-regulatory organisation standards, and codes of conduct applicable to its banking activities (together, “compliance laws, rules and standards”).

4. Compliance laws, rules and standards generally cover matters such as observing proper standards of market conduct, managing conflicts of interest, treating customers fairly, and ensuring the suitability of customer advice. They typically include specific areas such as the prevention of money laundering and terrorist financing, and may extend to tax laws that are relevant to the structuring of banking products or customer advice. A bank that knowingly participates in transactions intended to be used by customers to avoid regulatory or financial reporting requirements, evade tax liabilities or facilitate illegal conduct will be exposing itself to significant compliance risk.

5. Compliance laws, rules and standards have various sources, including primary legislation, rules and standards issued by legislators and supervisors, market conventions, codes of practice promoted by industry associations, and internal codes of conduct applicable to the staff members of the bank. For the reasons mentioned above, these are likely to go beyond what is legally binding and embrace broader standards of integrity and ethical conduct.

6. Compliance should be part of the culture of the organisation; it is not just the responsibility of specialist compliance staff. Nevertheless, a bank will be able to manage its compliance risk more effectively if it has a compliance function in place that is consistent with the “compliance function principles” discussed below. The expression “compliance function” is used in this paper to describe staff carrying out compliance responsibilities; it is not intended to prescribe a particular organisational structure.

7. There are significant differences between banks regarding the organisation of the compliance function. In larger banks, compliance staff may be located within operating business lines, and internationally active banks may also have group and local compliance officers. In smaller banks, compliance function staff may be located in one unit. Separate units have been established in some banks for specialist areas such as data protection and the prevention of money laundering and terrorist financing.

8 Compliance and the compliance function in banks

8. A bank should organise its compliance function and set priorities for the management of its compliance risk in a way that is consistent with its own risk management strategy and structures. For instance, some banks may wish to organise their compliance function within their operational risk function, as there is a close relationship between compliance risk and certain aspects of operational risk. Others may prefer to have separate compliance and operational risk functions, but establish mechanisms requiring close co-operation between the two functions on compliance matters.

9. Regardless of how the compliance function is organised within a bank, it should be independent and sufficiently resourced, its responsibilities should be clearly specified, and its activities should be subject to periodic and independent review by the internal audit function. Principles 5 to 8 below describe these high-level principles in more detail, and the supporting guidance sets out sound practices related to the principles. The principles should be applicable to all banks, although it is for individual banks to determine how best they should be implemented. A bank may be able to follow practices other than those set out in this paper which are also sound and which, taken together, demonstrate that its compliance function is effective. The way in which the principles are implemented will depend on factors such as the bank’s size, the nature, complexity and geographical extent of its business, and the legal and regulatory framework within which it operates. In smaller banks, for example, it may not be practicable to implement in full some of the specific measures recommended in this paper, yet the bank may be able to take other measures that achieve the same result.

10. The principles in this paper assume a governance structure composed of a board of directors and senior management. The legislative and regulatory frameworks differ across countries and types of entities as regards the functions of the board of directors and senior management. Therefore, the principles set out in this paper should be applied in accordance with the corporate governance structure of each country and type of entity.1

11. The expression “bank” is used in this paper to refer generally to banks, banking groups, and to holding companies whose subsidiaries are predominantly banks.

12. This paper should be read in conjunction with a number of related Committee papers, including the following:

• Framework for Internal Control Systems in Banking Organisations (September 1998);

• Enhancing Corporate Governance for Banking Organisations (September 1999);

• Internal Audit in Banks and the Supervisor’s Relationship with Auditors (August 2001);

• Customer Due Diligence for Banks (October 2001);

• Sound Practices for the Management and Supervision of Operational Risk (February 2003);

1 The Committee is aware that there are significant differences in legislative and regulatory frameworks across

countries as regards the functions of the board of directors and senior management. In some countries, the board has the main, if not exclusive, function of supervising the executive body (senior management, general management) so as to ensure that the latter fulfils its tasks. For this reason, in some cases, it is known as a supervisory board. This means that the board has no executive functions. In other countries, by contrast, the board has a broader competence in that it lays down the general framework for the management of the bank. Owing to these differences, the notions of the board of directors and senior management are used in this paper not to identify legal constructs but rather to label two decision-making functions within a bank.


• International Convergence of Capital Measurement and Capital Standards – A Revised Framework – June 2004; and

• Consolidated KYC Risk Management (October 2004).

13. This paper considers the specific responsibilities of the bank’s board of directors and senior management for compliance, before describing the principles that should underpin the bank’s compliance function.

Responsibilities of the board of directors for compliance

Principle 1 The bank’s board of directors is responsible for overseeing the management of the bank’s compliance risk. The board should approve the bank’s compliance policy, including a formal document establishing a permanent and effective compliance function. At least once a year, the board or a committee of the board should assess the extent to which the bank is managing its compliance risk effectively.

14. As noted in the introduction, a bank’s compliance policy will not be effective unless the board of directors promotes the values of honesty and integrity throughout the organisation. Compliance with applicable laws, rules and standards should be viewed as an essential means to this end. As is the case with other categories of risk, the board is responsible for ensuring that an appropriate policy is in place to manage the bank’s compliance risk. The board should oversee the implementation of the policy, including ensuring that compliance issues are resolved effectively and expeditiously by senior management with the assistance of the compliance function. The board may, of course, delegate these tasks to an appropriate board level committee (e.g. its audit committee).

Responsibilities of senior management for compliance

Principle 2 The bank’s senior management is responsible for the effective management of the bank’s compliance risk.

15. The following two principles articulate the most important elements of this general principle.

Principle 3 The bank’s senior management is responsible for establishing and communicating a compliance policy, for ensuring that it is observed, and for reporting to the board of directors on the management of the bank’s compliance risk.

16. The bank’s senior management is responsible for establishing a written compliance policy that contains the basic principles to be followed by management and staff, and explains the main processes by which compliance risks are to be identified and managed through all levels of the organisation. Clarity and transparency may be promoted by making a distinction between general standards for all staff members and rules that only apply to specific groups of staff.


17. The duty of senior management to ensure that the compliance policy is observed entails responsibility for ensuring that appropriate remedial or disciplinary action is taken if breaches are identified.

18. Senior management should, with the assistance of the compliance function:

• at least once a year, identify and assess the main compliance risk issues facing the bank and the plans to manage them. Such plans should address any shortfalls (policy, procedures, implementation or execution) related to how effectively existing compliance risks have been managed, as well as the need for any additional policies or procedures to deal with new compliance risks identified as a result of the annual compliance risk assessment;2

• at least once a year, report to the board of directors or a committee of the board on the bank’s management of its compliance risk, in such a manner as to assist board members to make an informed judgment on whether the bank is managing its compliance risk effectively; and

• report promptly to the board of directors or a committee of the board on any material compliance failures (e.g. failures that may attract a significant risk of legal or regulatory sanctions, material financial loss, or loss to reputation).

Principle 4 The bank’s senior management is responsible for establishing a permanent and effective compliance function within the bank as part of the bank’s compliance policy.

19. Senior management should take the necessary measures to ensure that the bank can rely on a permanent and effective compliance function that is consistent with the following principles.

Compliance function principles

Principle 5: Independence The bank’s compliance function should be independent.

20. The concept of independence involves four related elements, each of which is considered in more detail below. First, the compliance function should have a formal status within the bank. Second, there should be a group compliance officer or head of compliance with overall responsibility for co-ordinating the management of the bank’s compliance risk. Third, compliance function staff, and in particular, the head of compliance, should not be placed in a position where there is a possible conflict of interest between their compliance responsibilities and any other responsibilities they may have. Fourth, compliance function staff should have access to the information and personnel necessary to carry out their responsibilities.

21. The concept of independence does not mean that the compliance function cannot work closely with management and staff in the various business units. Indeed, a co-operative

2 See paragraph 41 below.


working relationship between compliance function and business units should help to identify and manage compliance risks at an early stage. Rather, the various elements described below should be viewed as safeguards to help ensure the effectiveness of the compliance function, notwithstanding the close working relationship between the compliance function and the business units. The way in which the safeguards are implemented will depend to some extent on the specific responsibilities of individual compliance function staff.

Status

22. The compliance function should have a formal status within the bank to give it the appropriate standing, authority and independence. This may be set out in the bank’s compliance policy or in any other formal document. The document should be communicated to all staff throughout the bank.

23. The following issues with respect to the compliance function should be addressed in the document:

• its role and responsibilities;

• measures to ensure its independence;

• its relationship with other risk management functions within the bank and with the internal audit function;

• in cases where compliance responsibilities are carried out by staff in different departments, how these responsibilities are to be allocated among the departments;

• its right to obtain access to information necessary to carry out its responsibilities, and the corresponding duty of bank staff to co-operate in supplying this information;

• its right to conduct investigations of possible breaches of the compliance policy and to appoint outside experts to perform this task if appropriate;

• its right to be able freely to express and disclose its findings to senior management, and if necessary, the board of directors or a committee of the board;

• its formal reporting obligations to senior management; and

• its right of direct access to the board of directors or a committee of the board.

Head of Compliance

24. Each bank should have an executive or senior staff member with overall responsibility for co-ordinating the identification and management of the bank’s compliance risk and for supervising the activities of other compliance function staff. This paper uses the title “head of compliance” to describe this position.3

25. The nature of the reporting line or other functional relationship between staff exercising compliance responsibilities and the head of compliance will depend on how the bank has chosen to organise its compliance function. Compliance function staff who reside in operating business units or in local subsidiaries may have a reporting line to operating business unit management or local management. This is not objectionable, provided such staff also have a reporting line through to the head of compliance as regards their

3 In some banks, the head of compliance has the title “compliance officer”, while in others the title “compliance

officer” denotes a staff member carrying out specific compliance responsibilities.


compliance responsibilities. In cases where compliance function staff reside in independent support units (e.g. legal, financial control, risk management), a separate reporting line from staff in these units to the head of compliance may not be necessary. However, these units should co-operate closely with the head of compliance to ensure that the head of compliance can perform his or her responsibilities effectively.

26. The head of compliance may or may not be a member of senior management. If the head of compliance is a member of senior management, he or she should not have direct business line responsibilities. If the head of compliance is not a member of senior management, he or she should have a direct reporting line to a member of senior management who does not have direct business line responsibilities.

27. The supervisor of the bank and the board of directors should be informed when the head of compliance takes up or leaves that position and, if the head of compliance is leaving the position, the reasons for his or her departure. For internationally active banks with local compliance officers, the host country supervisor should be similarly informed of the arrival or departure of the local head of compliance.

Conflicts of interest

28. The independence of the head of compliance and any other staff having compliance responsibilities may be undermined if they are placed in a position where there is a real or potential conflict between their compliance responsibilities and their other responsibilities. It is the preference of the Committee that compliance function staff perform only compliance responsibilities. The Committee recognises, however, that this may not be practicable in smaller banks, smaller business units or in local subsidiaries. In these cases, therefore, compliance function staff may perform non-compliance tasks, provided potential conflicts of interest are avoided.

29. The independence of compliance function staff may also be undermined if their remuneration is related to the financial performance of the business line for which they exercise compliance responsibilities. However, remuneration related to the financial performance of the bank as a whole should generally be acceptable.

Access to information and personnel

30. The compliance function should have the right on its own initiative to communicate with any staff member and obtain access to any records or files necessary to enable it to carry out its responsibilities.

31. The compliance function should be able to carry out its responsibilities on its own initiative in all departments of the bank in which compliance risk exists. It should have the right to conduct investigations of possible breaches of the compliance policy and to request assistance from specialists within the bank (e.g. legal or internal audit) or engage outside specialists to perform this task if appropriate.

32. The compliance function should be free to report to senior management on any irregularities or possible breaches disclosed by its investigations, without fear of retaliation or disfavour from management or other staff members. Although its normal reporting line should be to senior management, the compliance function should also have the right of direct access to the board of directors or to a committee of the board, bypassing normal reporting lines, when this appears necessary. Further, it may be useful for the board or a committee of the board to meet with the head of compliance at least annually, as this will help the board or


board committee to assess the extent to which the bank is managing its compliance risk effectively.

Principle 6: Resources The bank’s compliance function should have the resources to carry out its responsibilities effectively.

33. The resources to be provided for the compliance function should be both sufficient and appropriate to ensure that compliance risk within the bank is managed effectively. In particular, compliance function staff should have the necessary qualifications, experience and professional and personal qualities to enable them to carry out their specific duties. Compliance function staff should have a sound understanding of compliance laws, rules and standards and their practical impact on the bank’s operations. The professional skills of compliance function staff, especially with respect to keeping up-to-date with developments in compliance laws, rules and standards, should be maintained through regular and systematic education and training.

Principle 7: Compliance function responsibilities The responsibilities of the bank’s compliance function should be to assist senior management in managing effectively the compliance risks faced by the bank. Its specific responsibilities are set out below. If some of these responsibilities are carried out by staff in different departments, the allocation of responsibilities to each department should be clear.

34. Not all compliance responsibilities are necessarily carried out by a “compliance department” or “compliance unit”. Compliance responsibilities may be exercised by staff in different departments. In some banks, for example, legal and compliance may be separate departments; the legal department may be responsible for advising management on the compliance laws, rules and standards and for preparing guidance to staff, while the compliance department may be responsible for monitoring compliance with the policies and procedures and reporting to management. In other banks, parts of the compliance function may be located within the operational risk group or within a more general risk management group. If there is a division of responsibilities between departments, the allocation of responsibilities to each department should be clear. There should also be appropriate mechanisms for co-operation among each department and with the head of compliance (e.g. with respect to the provision and exchange of relevant advice and information). These mechanisms should be sufficient to ensure that the head of compliance can perform his or her responsibilities effectively.

Advice

35. The compliance function should advise senior management on compliance laws, rules and standards, including keeping them informed on developments in the area.

Guidance and education

36. The compliance function should assist senior management in:

• educating staff on compliance issues, and acting as a contact point within the bank for compliance queries from staff members; and


• establishing written guidance to staff on the appropriate implementation of compliance laws, rules and standards through policies and procedures and other documents such as compliance manuals, internal codes of conduct and practice guidelines.

Identification, measurement and assessment of compliance risk

37. The compliance function should, on a pro-active basis, identify, document and assess the compliance risks associated with the bank’s business activities, including the development of new products and business practices, the proposed establishment of new types of business or customer relationships, or material changes in the nature of such relationships. If the bank has a new products committee, compliance function staff should be represented on the committee.

38. The compliance function should also consider ways to measure compliance risk (e.g. by using performance indicators) and use such measurements to enhance compliance risk assessment. Technology can be used as a tool in developing performance indicators by aggregating or filtering data that may be indicative of potential compliance problems (e.g. an increasing number of customer complaints, irregular trading or payments activity, etc).

39. The compliance function should assess the appropriateness of the bank’s compliance procedures and guidelines, promptly follow up any identified deficiencies, and, where necessary, formulate proposals for amendments.

Monitoring, testing and reporting

40. The compliance function should monitor and test compliance by performing sufficient and representative compliance testing. The results of the compliance testing should be reported up through the compliance function reporting line in accordance with the bank’s internal risk management procedures.

41. The head of compliance should report on a regular basis to senior management on compliance matters. The reports should refer to the compliance risk assessment that has taken place during the reporting period, including any changes in the compliance risk profile based on relevant measurements such as performance indicators, summarise any identified breaches and/or deficiencies and the corrective measures recommended to address them, and report on corrective measures already taken. The reporting format should be commensurate with the bank’s compliance risk profile and activities.

Statutory responsibilities and liaison

42. The compliance function may have specific statutory responsibilities (e.g. fulfilling the role of anti-money laundering officer). It may also liaise with relevant external bodies, including regulators, standard setters and external experts.

Compliance programme

43. The responsibilities of the compliance function should be carried out under a compliance programme that sets out its planned activities, such as the implementation and review of specific policies and procedures, compliance risk assessment, compliance testing, and educating staff on compliance matters. The compliance programme should be risk-based and subject to oversight by the head of compliance to ensure appropriate coverage across businesses and co-ordination among risk management functions.


Principle 8: Relationship with Internal Audit The scope and breadth of the activities of the compliance function should be subject to periodic review by the internal audit function.

44. Compliance risk should be included in the risk assessment methodology of the internal audit function, and an audit programme that covers the adequacy and effectiveness of the bank’s compliance function should be established, including testing of controls commensurate with the perceived level of risk.

45. This principle implies that the compliance function and the audit function should be separate, to ensure that the activities of the compliance function are subject to independent review. It is important, therefore, that there is a clear understanding within the bank as to how risk assessment and testing activities are divided between the two functions, and that this is documented (e.g. in the bank’s compliance policy or in a related document such as a protocol). The audit function should, of course, keep the head of compliance informed of any audit findings relating to compliance.

Other matters

Principle 9: Cross-border issues Banks should comply with applicable laws and regulations in all jurisdictions in which they conduct business, and the organisation and structure of the compliance function and its responsibilities should be consistent with local legal and regulatory requirements.

46. Banks may conduct business internationally through local subsidiaries or branches, or in other jurisdictions where they do not have a physical presence. Legal or regulatory requirements may differ from jurisdiction to jurisdiction, and may also differ depending on the type of business conducted by the bank or the form of its presence in the jurisdiction.

47. Banks that choose to conduct business in a particular jurisdiction should comply with local laws and regulations. For example, banks operating in subsidiary form must satisfy the legal and regulatory requirements of the host jurisdiction. Certain jurisdictions may also have special requirements in the case of foreign bank branches. It is for local businesses to ensure that compliance responsibilities specific to each jurisdiction are carried out by individuals with the appropriate local knowledge and expertise, with oversight from the head of compliance in co-operation with the bank’s other risk management functions.

48. The Committee recognises that a bank may choose to carry on business in various jurisdictions for a variety of legitimate reasons. Nevertheless, procedures should be in place to identify and assess the possible increased reputational risk to the bank if it offers products or carries out activities in certain jurisdictions that would not be permitted in its home jurisdiction.

Principle 10: Outsourcing Compliance should be regarded as a core risk management activity within the bank. Specific tasks of the compliance function may be outsourced, but they must remain subject to appropriate oversight by the head of compliance.


49. The Joint Forum (i.e. the Basel Committee on Banking Supervision, the International Organization of Securities Commissions, and the International Association of Insurance Supervisors) has recently developed high-level principles for outsourcing by regulated entities, to which banks are encouraged to refer.4

50. A bank should ensure that any outsourcing arrangements do not impede effective supervision by its supervisors. Regardless of the extent to which specific tasks of the compliance function are outsourced, the board of directors and senior management remain responsible for compliance by the bank with all applicable laws, rules and standards.

4 The Joint Forum – “Outsourcing in Financial Services” – February 2005 (available at www.bis.org).

1

IMPROVING GLOBAL AML/CFT COMPLIANCE: ON-GOING PROCESS

18 February 2010

As part of its ongoing review of compliance with the AML/CFT standards, the FATF has to date identified the following jurisdictions which have strategic AML/CFT deficiencies for which they have developed an action plan with the FATF. While the situations differ among each jurisdiction, each jurisdiction has provided a written high-level political commitment to address the identified deficiencies. FATF welcomes these commitments. A large number of jurisdictions have not yet been reviewed by the FATF. The FATF will continue to identify additional jurisdictions, on an ongoing basis, that pose a risk in the international financial system. The FATF has already begun an initial review of a number of such jurisdictions as part of this process and will present its findings later this year. The FATF and the FSRBs will continue to work with the jurisdictions noted below and to report on the progress made in addressing the identified deficiencies. The FATF calls on these jurisdictions to complete the implementation of action plans expeditiously and within the proposed timeframes. The FATF will closely monitor the implementation of these action plans and encourages its members to consider the information presented below. Antigua and Barbuda Antigua and Barbuda has demonstrated progress in improving its AML/CFT regime; however, the FATF has determined that certain strategic AML/CFT deficiencies remain. Antigua and Barbuda has made a high-level political commitment to work with the FATF and CFATF to address these deficiencies, including by: (1) establishing and implementing an adequate legal framework for identifying and freezing terrorist assets (Special Recommendation III); (2) improving the overall supervisory framework (Recommendation 23); and (3) enhancing financial transparency (Recommendation 4). Azerbaijan Azerbaijan has demonstrated progress in improving its AML/CFT regime; however, the FATF has determined that certain strategic AML/CFT deficiencies remain. Azerbaijan has made a high-level political commitment to work with the FATF and MONEYVAL to address these deficiencies, including by: (1) adequately criminalising money laundering and terrorist financing (Recommendation 1 and Special Recommendation II); (2) amending relevant laws or regulations to address deficiencies in customer due diligence requirements (Recommendation 5); (3) establishing and implementing adequate procedures to identify and freeze terrorist assets (Special Recommendation III); and (4) ensuring a fully operational and effectively functioning FIU (Recommendation 26).

2

Bolivia The FATF has determined that Bolivia’s AML/CFT regime contains certain strategic deficiencies. Bolivia has expressed a high-level political commitment to address these deficiencies. Bolivia should work with the FATF and GAFISUD to address these deficiencies, including by: (1) adequately criminalise money laundering and the financing of terrorism (Recommendation 1 and Special Recommendation II); (2) establishing and implementing an adequate legal framework for identifying and freezing terrorist assets (Special Recommendation III); (3) establishing a fully operational and effective Financial Intelligence Unit (Recommendation 26). Greece Greece has demonstrated progress, including as indicated in the most recent FATF enhanced Follow-Up Report on Greece, in improving its AML/CFT regime; however, the FATF has determined that certain strategic AML/CFT deficiencies remain. Greece has made a high-level political commitment to work with the FATF and has provided a short term action plan to address these deficiencies, including by: (1) addressing remaining issues regarding adequately criminalising terrorist financing (Special Recommendation II); (2) improving mechanisms and procedures for freezing terrorist assets (Special Recommendation III); and (3) enhancing the effectiveness of the FIU (Recommendation 26). Indonesia Indonesia has demonstrated progress in improving its AML/CFT regime; however, the FATF has determined that certain strategic AML/CFT deficiencies remain. Indonesia has made a high-level political commitment to work with the FATF and APG to address these deficiencies, including by: (1) adequately criminalising money laundering and terrorist financing (Recommendation 1 and Special Recommendation II); (2) establishing and implementing adequate procedures to identify and freeze terrorist assets (Special Recommendation III); and (3) amending and implementing laws or other instruments to fully implementing the 1999 International Convention for the Suppression of Financing of Terrorism (Special Recommendation I). Kenya Kenya has demonstrated progress in improving its AML/CFT regime; however, the FATF has determined that certain strategic AML/CFT deficiencies remain. Kenya has made a high-level political commitment to work with the FATF and ESAAMLG to address these deficiencies, including by: 1) adequately criminalising money laundering and terrorist financing (Recommendation 1 and Special Recommendation II); 2) ensuring a fully operational and effectively functioning Financial Intelligence Unit (Recommendation 26); 3) establishing and implementing an adequate legal framework for identifying and freezing terrorist assets (Special Recommendation III); 4) raising awareness of AML/CFT issues within the law enforcement community (Recommendation 27); and (5) implementing effective, proportionate and dissuasive sanctions in order to deal with natural or legal persons that do not comply with the national AML/CFT requirements (Recommendation 17). Morocco Morocco has demonstrated progress in improving its AML/CFT regime; however, the FATF has determined that certain strategic AML/CFT deficiencies remain. Morocco

3

has made a high-level political commitment to work with the FATF and MENAFATF to address these deficiencies, including by: (1) amending the penal code to extend the scope of the ML and FT offences (Recommendation 1 and Special Recommendation II); (2) amending relevant laws or regulations to address deficiencies in customer due diligence requirements (Recommendation 5); and (3) ensuring a fully operational and effectively functioning Financial Intelligence Unit (Recommendation 26). Myanmar Myanmar has demonstrated progress in improving its AML/CFT regime; however, the FATF has determined that certain strategic AML/CFT deficiencies remain. Myanmar has made a high-level political commitment to work with the FATF and APG to address these deficiencies, including by: (1) adequately criminalising money laundering and terrorist financing (Recommendation 1 and Special Recommendation II); (2) establishing and implementing adequate procedures to identify and freeze terrorist assets (Special Recommendation III); (3) strengthening the extradition framework in relation to terrorist financing (Recommendation 35 and Special Recommendation I); (4) ensuring a fully operational and effectively functioning Financial Intelligence Unit (Recommendation 26); (5) enhancing financial transparency (Recommendation 4); and (6) strengthening customer due diligence measures (Recommendations 5). Nepal Nepal has demonstrated progress in improving its AML/CFT regime; however, the FATF has determined that certain strategic AML/CFT deficiencies remain. Nepal has made a high-level political commitment to work with the FATF and APG to address these deficiencies, including by: (1) adequately criminalising money laundering and terrorist financing (Recommendation 1 and Special Recommendation II); (2) establishing and implementing adequate procedures to identify and freeze terrorist assets (Special Recommendation III); (3) implementing adequate procedures for the confiscation of funds related to money laundering (Recommendation 3); and (4) enacting and implementing appropriate mutual legal assistance legislation (Recommendation 36). Nigeria Nigeria has demonstrated progress in improving its AML/CFT regime; however, the FATF has determined that certain strategic AML/CFT deficiencies remain. Nigeria has made a high-level political commitment to work with the FATF and GIABA to address these deficiencies, including by: (1) adequately criminalising money laundering and terrorist financing (Recommendation 1 and Special Recommendation II); (2) implementing adequate procedures to identify and freeze terrorist assets (Special Recommendation III); (3) ensuring that relevant laws or regulations address deficiencies in customer due diligence requirements and that they apply to all financial institutions (Recommendation 5); and (5) demonstrating that AML/CFT supervision is undertaken effectively across the financial sector (Recommendation 23). Paraguay Paraguay has demonstrated progress in improving its AML/CFT regime; however, the FATF has determined that certain strategic AML/CFT deficiencies remain.

4

Paraguay has made a high-level political commitment to work with the FATF and GAFISUD to address these deficiencies, including by: (1) adequately criminalising terrorist financing (Special Recommendation II); (2) establishing and implementing adequate procedures to identify, freeze and confiscate terrorist assets (Special Recommendation III); (3) improving financial transparency (Recommendation 4); (4) improving and broadening customer due diligence measures (Recommendation 5), and (5) developing and implementing effective controls for cross-border cash transactions (Special Recommendation IX). Qatar Qatar has demonstrated progress in improving its AML/CFT regime; however, the FATF has determined that certain strategic AML/CFT deficiencies remain. Qatar has made a high-level political commitment to work with the FATF and MENAFATF to address these deficiencies, including by: (1) adequately criminalising money laundering and terrorist financing (Recommendation 1 and Special Recommendation II); (2) implementing adequate procedures to identify and freeze terrorist assets (Special Recommendation III); (3) instituting adequate regulatory instructions for AML/CFT, particularly with regard to customer due diligence (Recommendation 5); and (4) ensuring that financial institutions are properly fulfilling their obligations to report suspicious transactions and are receiving appropriate guidance (Recommendation 13 and Special Recommendation IV). Sri Lanka Sri Lanka has demonstrated progress in improving its AML/CFT regime; however, the FATF has determined that certain strategic AML/CFT deficiencies remain. Sri Lanka has made a high-level political commitment to work with the FATF and APG to address these deficiencies, including by: (1) adequately criminalising money laundering and terrorist financing (Recommendation 1 and Special Recommendation II); and (2) establishing and implementing adequate procedures to identify and freeze terrorist assets (Special Recommendation III). Sudan Sudan has demonstrated progress in improving its AML/CFT regime; however, the FATF has determined that certain strategic AML/CFT deficiencies remain. Sudan has made a high-level political commitment to work with the FATF and MENAFATF to address these deficiencies, including by: (1) implementing adequate procedures for identifying and freezing terrorist assets (Special Recommendation III); (2) ensuring a fully operational and effectively functioning Financial Intelligence Unit (Recommendation 26); (3) ensuring financial institutions are aware of and comply with their obligations to file suspicious transaction reports in relation to ML and FT (Recommendation 13 and Special Recommendation IV) and (4) implementing a supervisory programme for the regulators to ensure compliance with the provisions of the new law and regulations (Recommendation 23). Syria Syria has demonstrated progress in improving its AML/CFT regime; however, the FATF has determined that certain strategic AML/CFT deficiencies remain. Syria has made a high-level political commitment to work with the FATF and MENAFATF to address these deficiencies, including by: (1) adopting adequate measures to implement and enforce the 1999 International Convention for the Suppression of

5

Financing of Terrorism (Special Recommendation I); (2) adequately criminalising terrorist financing (Special Recommendation II); (3) implementing adequate procedures for identifying and freezing terrorist assets (Special Recommendation III); (4) ensuring financial institutions are aware of and comply with their obligations to file suspicious transaction reports in relation to ML and FT (Recommendation 13 and Special Recommendation IV) and (5) adopting appropriate laws and procedures to provide mutual legal assistance (Recommendations 36-38, Special Recommendation V). Trinidad and Tobago Trinidad and Tobago has demonstrated progress in improving its AML/CFT regime; however, the FATF has determined that certain strategic AML/CFT deficiencies remain. Trinidad and Tobago has made a high-level political commitment to work with the FATF and the CFATF to address these deficiencies, including by: (1) implementing adequate procedures to identify and freeze terrorist assets without delay (Special Recommendation III); (2) implementing adequate procedures for the confiscation of funds related to money laundering (Recommendation 3); (3) ensuring a fully operational and effectively functioning FIU, including supervisory powers (Recommendation 26). Thailand Thailand has demonstrated progress in improving its AML/CFT regime; however, the FATF has determined that certain strategic AML/CFT deficiencies remain. Thailand has made a high-level political commitment to work with the FATF and APG to address these deficiencies, including by: (1) adequately criminalising terrorist financing (Special Recommendation II); (2) establishing and implementing adequate procedures to identify and freeze terrorist assets (Special Recommendation III); and (3) further strengthening AML/CFT supervision (Recommendation 23); Turkey Turkey has demonstrated progress in improving its AML/CFT regime; however, the FATF has determined that certain strategic AML/CFT deficiencies remain. Turkey has made a high-level political commitment to work with the FATF to address these deficiencies, including by: (1) adequately criminalising terrorist financing (Special Recommendation II); and (2) implementing an adequate legal framework for identifying and freezing terrorist assets (Special Recommendation III). Ukraine Ukraine has demonstrated progress in improving its AML/CFT regime; however, the FATF has determined that certain strategic AML/CFT deficiencies remain. Ukraine has made a high-level political commitment to work with the FATF and MONEYVAL to address these deficiencies, including by: (1) adequately criminalising money laundering and terrorist financing (Recommendation 1 and Special Recommendation II), (2) enhancing financial transparency (Recommendation 4); and (3) establishing and implementing an adequate legal framework for identifying and freezing terrorist assets (Special Recommendation III).

6

Yemen Yemen has demonstrated progress in improving its AML/CFT regime; however, the FATF has determined that certain strategic deficiencies remain. Yemen has made a high-level political commitment to work with the FATF and MENAFATF to address these deficiencies, including by: (1) adequately criminalising money laundering (Recommendation 1); (2) establishing and implementing adequate procedures to identify and freeze terrorist assets (Special Recommendation III); (3) issuing substantive guidance/instructions to reporting institutions with respect to their ML/FT obligations (Recommendation 25); (4) developing the monitoring and supervisory capacity of the financial sector supervisory authorities and the FIU, to ensuring compliance by financial institutions with their STR obligations, especially in relation to FT (Recommendation 23); and (5) ensuring a fully operational and effectively functioning Financial Intelligence Unit (Recommendation 26).

Home Page | Back

MSRB Notice 2003-28 (July 16, 2003)

Approval by SEC of Rule G-41, on Anti-Money

Laundering Compliance

On July 11, 2003, the Securities and Exchange Commission (“Commission” or “SEC”) approved proposed

rule change SR-MSRB-2003-04 establishing Municipal Securities Rulemaking Board (“MSRB”) Rule G-41, on anti-

money laundering compliance.[1] The MSRB filed proposed Rule G-41, on anti-money laundering compliance, in

response to the passage of the USA PATRIOT Act[2] which required financial institutions, including broker/dealers,

to establish and implement anti-money laundering compliance programs designed to ensure ongoing compliance

with the requirements of the Bank Secrecy Act[3] and the regulations promulgated thereunder by April 24, 2002.

The MSRB proposed Rule G-41 to ensure that all brokers, dealers and municipal securities dealers

(“dealers”)[4] that effect transactions in municipal securities, and in particular those that only effect transactions in

municipal securities (“sole municipal dealers”), are aware of, and in compliance with, anti-money laundering

compliance program requirements. Thus, Rule G-41 requires that all dealers establish and implement anti-money

laundering programs that are in compliance with the rules and regulations of either its registered securities

association (i.e., NASD) or its appropriate banking regulator governing the establishment and maintenance of anti-

money laundering programs.

The adoption of Rule G-41 will provide clarity to dealers and examiners concerning the rules and

regulations that dealers who effect transactions in municipal securities must comply with concerning the

development of anti-money laundering compliance programs; it will not impose any new or different obligations

upon such dealers. Below is the text of the rule change. New language is underlined.

July 16, 2003

* * *

Rule G-41: Anti-Money Laundering Compliance Program

No broker, dealer or municipal securities dealer shall be qualified for purposes of Rule G-2 unless such

broker, dealer or municipal securities dealer has met the anti-money laundering compliance program rules set forth

by either the registered securities association of which the dealer is a member (e.g., NASD Rule 3011), or the rules

set forth by the appropriate regulatory agency as defined in Section 3(a)(34) of the Act with respect to any other

broker, dealer or municipal securities dealer (e.g., 12 C.F.R. 21.21 (OCC); 12 C.F.R. 208.63 (FRB); 12 C.F.R. 326.8

(FDIC); and 12 C.F.R. 563.177 (OTS)), to the same extent as if such rules were applicable to such broker, dealer

or municipal securities dealer.

[1] See Release No. 34-48169 (July 11, 2003).

[2] Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct

Terrorism Act of 2001, Pub. L. No. 107-56, 115 Stat. 272 (2001).

[3] 31 U.S.C. 5311, et seq.

[4] The term “dealer” is used herein as shorthand for “broker,” “dealer” or “municipal securities dealer,” as

those terms are defined in the Securities Exchange Act of 1934. The use of the term does not imply that the entity

is necessarily taking a principal position in a municipal security.

©2005 Municipal Securities Rulemaking Board. All Rights Reserved. Terms and Conditions of Use.

Page 1 of 1Municipal Securities Rulemaking Board

2/9/2011http://www.msrb.org/msrb1/archive/G-41approval.htm

44768 Federal Register / Vol. 72, No. 153 / Thursday, August 9, 2007 / Rules and Regulations

1 Bank Secrecy Act, Pub. L. No. 91–508 (codified as amended at 12 U.S.C. 1829b, 12 U.S.C. 1951– 1959, and 31 U.S.C. 5311–5314 and 5316–5332).

2 31 CFR 103.175(f) (defining a ‘‘covered financial institution’’ as any one of a number of specific U.S. financial institutions, including banks, broker- dealers, futures commission merchants, and mutual funds).

3 Due Diligence Anti-Money Laundering Programs for Certain Foreign Accounts, 67 FR 37736 (May 30, 2002) (First Proposed Rule).

4 Section 312(b)(2) of the Act provides that section 5318(i) of the Bank Secrecy Act would take effect on July 23, 2002, whether or not final rules had been issued by that date.

5 Due Diligence Anti-Money Laundering Programs for Certain Foreign Accounts, 67 FR 48348 (July 23, 2002).

6 Pursuant to the interim final rule, banks, savings associations, and credit unions had to comply with the correspondent account and private banking account provisions of section 312. Securities broker-dealers, futures commission merchants, and introducing brokers had to comply with the private banking account provisions of section 312. We deferred the application of section 312 to all other financial institutions.

7 See id. 8 Anti-Money Laundering Programs; Special Due

Diligence for Certain Foreign Accounts, 71 FR 496 (January 4, 2006).

9 Anti-Money Laundering Programs; Special Due Diligence for Certain Foreign Accounts, 71 FR 516 (January 4, 2006).

10 Section 312 contains enhanced due diligence provisions for both correspondent accounts and private banking accounts for non-U.S. persons. Unless otherwise provided in this release, the term ‘‘enhanced due diligence provisions’’ relates exclusively to the correspondent account provisions of section 312.

11 See 31 U.S.C. 5318(i)(4)(A) and 31 CFR 103.175(k) (defining ‘‘offshore banking license’’).

12 The Financial Action Task Force (FATF) is the only intergovernmental organization of which the United States is a member that has designated countries as non-cooperative with international anti-money laundering principles (no such countries currently are designated). The United States has concurred with all FATF designations to date.

72 FR 16720 on April 5, 2007, are adopted as final rules without change.

[FR Doc. E7–15242 Filed 8–8–07; 8:45 am] BILLING CODE 4191–02–P

DEPARTMENT OF THE TREASURY

31 CFR Part 103

RIN 1506–AA29

Financial Crimes Enforcement Network; Anti-Money Laundering Programs; Special Due Diligence Programs for Certain Foreign Accounts

AGENCY: Financial Crimes Enforcement Network, Treasury. ACTION: Final rule.

SUMMARY: The Financial Crimes Enforcement Network is issuing this final rule to implement the enhanced due diligence requirements for correspondent accounts for certain foreign banks set forth in section 312 of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA PATRIOT Act), Pub. L. No. 107–56. Section 312 requires U.S. financial institutions to establish due diligence and, where necessary, enhanced due diligence, policies, procedures, and controls reasonably designed to detect and report money laundering through correspondent accounts and private banking accounts established or maintained by U.S. financial institutions for non-U.S. persons. We issued final rules implementing the due diligence requirements for correspondent accounts and the due diligence and enhanced due diligence requirements for private banking accounts for non-U.S. persons on January 4, 2006. This final rule completes the section 312 rulemaking process.

DATES: This final rule is effective September 10, 2007.

Applicability Dates: On February 5, 2008, the enhanced due diligence provisions of this final rule will apply to correspondent accounts for certain foreign banks established on or after such date. On May 5, 2008, the enhanced due diligence provisions of this final rule will apply to correspondent accounts for certain foreign banks established before February 5, 2008. See 31 CFR 103.176(f) of this final rule. FOR FURTHER INFORMATION CONTACT: Regulatory Policy and Programs

Division, Financial Crimes Enforcement Network, (800) 949–2732. SUPPLEMENTARY INFORMATION

I. Background Section 312 of the USA PATRIOT Act

amended the Bank Secrecy Act 1 to add new subsection (i) to 31 U.S.C. 5318. This provision requires each U.S. financial institution that establishes, maintains, administers, or manages a correspondent account or a private banking account in the United States for a non-U.S. person to subject such accounts to certain anti-money laundering measures. In particular, a covered financial institution 2 must establish appropriate, specific and, where necessary, enhanced due diligence policies, procedures, and controls that are reasonably designed to enable the financial institution to detect and report instances of money laundering through these accounts.

On May 30, 2002, we published a notice of proposed rulemaking in the Federal Register, proposing to implement the requirements of section 312 in their entirety.3 In that proposal, we set forth a series of specific measures that covered financial institutions could, and in some instances would be required to, apply to correspondent accounts and private banking accounts established or maintained for non-U.S. persons. We received comments on that proposal raising concerns about the definitions in the proposal, the scope of the requirements contained in the proposed rule text, and the types of financial institutions that would be subject to the proposal’s requirements.

To have adequate time to review the comments we received in response to the proposal, to determine the appropriate resolution of the issues raised, and to give direction to financial institutions that would be subject to section 312,4 we issued an interim final rule on July 23, 2002.5 In the interim final rule, we exercised our authority under 31 U.S.C. 5318(a)(6) to defer temporarily the application of section

312 to certain financial institutions.6 For those financial institutions that were not subject to the deferral,7 we provided interim guidance for compliance with the statute by generally describing the scope of coverage, duties, and obligations under that provision, pending issuance of a final rule.

Thereafter, on January 4, 2006, we issued final rules implementing section 312, excepting the enhanced due diligence provisions for correspondent accounts established or maintained for certain foreign banks.8 Also on January 4, we published a second notice of proposed rulemaking (Second Proposed Rule or proposed rule),9 seeking comment on a new approach to implementing the enhanced due diligence provisions of section 312 with respect to correspondent accounts established or maintained for certain statutorily designated foreign banks (‘‘respondent banks’’).10

As required by section 312, the enhanced due diligence measures proposed would apply to correspondent accounts maintained for a foreign bank operating under an offshore banking license,11 under a license issued by a country that has been designated as being non-cooperative with international anti-money laundering principles or procedures by an intergovernmental group or organization of which the United States is a member and with which designation the United States representative to the group or organization concurs,12 or under a license issued by a country designated by the Secretary of the Treasury

VerDate Aug<31>2005 17:01 Aug 08, 2007 Jkt 211001 PO 00000 Frm 00044 Fmt 4700 Sfmt 4700 E:\FR\FM\09AUR1.SGM 09AUR1jlent

ini o

n P

RO

D1P

C65

with

RU

LES


13 The Secretary is authorized under section 311 of the USA Patriot Act, after finding that reasonable grounds exist for concluding that a foreign jurisdiction, foreign financial institution, international class of transaction, or type of account is of ‘‘primary money laundering concern,’’ to require domestic financial institutions and domestic financial agencies to take certain statutorily defined ‘‘special measures’’ against the primary money laundering concern. Section 311 requires the Secretary to consult with various Federal agencies before making such a finding or imposing special measures. For a listing of findings and rulemakings issued pursuant to section 311, see http://www.fincen.gov/reg_section311.html.

14 In the preamble to the Second Proposed Rule, we referred to these relationships as nested accounts or nested banks. It has been suggested that the term ‘‘nested’’ is not synonymous with indirect use of a correspondent account. We have not employed the terminology in this final rule.

15 Section 509 of the Gramm-Leach-Bliley Act defines federal functional regulators to include the Federal Deposit Insurance Corporation, the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency, the Office of Thrift Supervision, the National Credit Union Administration Board, and the U.S. Securities and Exchange Commission. See 15 U.S.C. 6809. The Commodity Futures Trading Commission was defined in section 321 of the USA PATRIOT Act as a federal functional regulator for the purposes of implementing that Act.

16 The comment letters may be inspected at the Financial Crimes Enforcement Network reading room in Vienna, Virginia between 10 a.m. and 4 p.m. Persons wishing to inspect comments must request an appointment by telephone at (202) 354– 6400 (not a toll-free number). The comment letters are also available on our Web site at http:// www.fincen.gov/71fr516.htm.

17 As part of its general due diligence program for foreign correspondent accounts, a covered financial institution is expected to establish policies, procedures, and controls that include assessing the money laundering risk of a correspondent account based upon consideration of all the risk factors, including (1) The nature of the foreign financial institution’s business and the markets it serves; (2) the type, purpose, and anticipated activity of the correspondent account; (3) the nature and duration of the covered financial institution’s relationship with the foreign financial institution; (4) the anti- money laundering and supervisory regime of the jurisdiction that issued a charter or license to the foreign financial institution, and its owners if applicable, to the extent that such information is reasonably available; and (5) information known or reasonably available to the covered financial institution about the foreign financial institution’s anti-money laundering record. 31 C.F.R. 103.176(a)(2).

18 31 CFR 103.176(a)(2)(iv).

(Secretary) as warranting special measures due to money laundering concerns.13 With respect to these accounts, we proposed that a covered financial institution would be required to conduct risk-based enhanced due diligence with regard to a correspondent account maintained for or on behalf of such a foreign bank to guard against money laundering and to report suspicious activity; to ascertain whether such a foreign bank maintains correspondent accounts for other foreign banks 14 and, if so, to conduct appropriate due diligence; and to identify the owners of such a foreign bank if its shares are not publicly traded. This final rule adopts the risk- based enhanced due diligence rule that we proposed on January 4, 2006.

Finally, section 312(b)(1) of the USA PATRIOT Act provides that the Secretary shall issue implementing regulations under this section ‘‘in consultation with the appropriate federal functional regulators (as defined in section 509 of the Gramm-Leach- Bliley Act) of the affected financial institutions.’’ This final rule was developed in consultation with the staffs of the federal functional regulators.15

II. Summary of Comments and Revisions

A. Comments We received seven comment letters on

the Second Proposed Rule. Commenters included U.S. banks, an association of state banking supervisors, and trade associations representing U.S. banks,

foreign banks, the futures industry, investment companies, the securities industry, and the bond markets.16 Eleven trade associations representing covered financial institutions jointly signed one of the comment letters. In general, commenters expressed support for the risk-based approach elaborated in the Second Proposed Rule. We respond to the submitted comments in the Section-by-Section Analysis, below.

B. Revisions This final rule is substantially similar

to the Second Proposed Rule. The following revisions to the rule, which we will explain more fully in the Section-by-Section Analysis below, have been made in response to comments received on the Second Proposed Rule.

First, the provisions requiring covered financial institutions, in appropriate circumstances, to obtain and review ‘‘documentation’’ relating to a respondent bank’s anti-money laundering program and to ‘‘consider[ ] whether such program appears to be reasonably designed to detect and prevent money laundering’’ have been revised to require covered financial institutions, in appropriate circumstances, to obtain and consider ‘‘information’’ relating to a respondent bank’s anti-money laundering program in order to assess the risk of money laundering presented by the respondent bank’s account.

Second, the provision requiring a covered financial institution, in certain circumstances, to take reasonable steps to assess and ‘‘minimize’’ money laundering risks related to the customers of their respondent banks has been revised to require a covered financial institution, in certain circumstances, to take reasonable steps to assess and ‘‘mitigate’’ such money laundering risks.

III. Section-by-Section Analysis

A. Section 103.176(b)—Enhanced Due Diligence for Certain Foreign Banks

Section 103.176(b) of this final rule requires a covered financial institution to establish enhanced due diligence procedures that, at a minimum, include taking reasonable steps to (1) Conduct risk-based enhanced scrutiny of correspondent accounts established or maintained for respondent banks to

guard against money laundering and to identify and report suspicious transactions, (2) determine whether the subject respondent bank in turn maintains correspondent accounts for other foreign banks that enable those other foreign banks to gain access to the respondent bank’s correspondent account with the covered financial institution and, if so, to take reasonable steps to obtain information to assess and mitigate the money laundering risks associated with such accounts, and (3) determine the identity of each owner of a respondent bank whose shares are not publicly traded, and the nature and extent of each owner’s ownership interest.

The commenters generally expressed support for the risk-based approach of the Second Proposed Rule. One commenter suggested that the five risk factors enumerated in our rules implementing the due diligence requirements for correspondent accounts contained in section 312 should also be applied to determine the appropriate extent of enhanced due diligence.17

As these five risk factors are meant to apply to all respondent banks, including those subject to the enhanced due diligence provisions of section 312, it would be appropriate to consider the five factors listed in subsection (a)(2) when assessing the risk posed by a respondent bank subject to the provisions of this final rule to help determine the level of enhanced due diligence required. The fourth risk factor in particular—the anti-money laundering regime of the jurisdiction that issued a charter or license to the foreign bank and, to the extent reasonably available, of the home jurisdiction of the foreign bank or its parent 18—may be especially relevant in a covered financial institution’s determination of the nature and extent of the risks posed by the correspondent


ini o

n P

RO

D1P

C65

with

RU

LES

http://www.fincen.gov/reg_section311.html

http://www.fincen.gov/71fr516.htm


19 See Second Proposed Rule, 71 FR at 517 (adopting a risk-based approach to enhanced due diligence as an alternative to creating exceptions to the enhanced due diligence provisions for foreign banks operating under an offshore banking license).

20 For example, a covered financial institution may maintain a correspondent account for a respondent bank with which it has had a longstanding relationship, for a respondent bank that only conducts proprietary transactions through the correspondent account, for a respondent bank that is controlled by a U.S. institution, or for a respondent bank whose licensing or home jurisdiction is known for maintaining a comprehensive anti-money laundering regime. In such circumstances, a covered financial institution may determine through experience and due diligence that reviewing information related to the anti-money laundering program of the respondent bank will not provide information that is relevant to the covered financial institution’s risk- assessment or monitoring of the respondent bank’s correspondent account. In contrast, a respondent bank that permits or conducts transactions on behalf of other foreign banks, or operates payable- through accounts, through the covered financial institution may pose a greater money laundering risk. In such circumstances, conducting due diligence that includes a review of information related to the respondent bank’s anti-money laundering program may be appropriate.

21 See, e.g., Second Proposed Rule, 71 FR at 518 (‘‘[w]e do not contemplate that the covered financial institution would conduct an audit of the foreign correspondent bank’s written anti-money laundering program’’).

22 See 31 CFR 103.177. 23 31 CFR 103.177(b).

accounts for the foreign banks covered by this rule and the extent of the enhanced due diligence that is necessary and appropriate to mitigate these risks.19

1. 103.176(b)(1)—Enhanced scrutiny to guard against money laundering. Section 103.176(b)(1) of the Second Proposed Rule would have required a covered financial institution to conduct risk-based enhanced scrutiny of correspondent accounts established or maintained for respondent banks to guard against money laundering and to identify and report suspicious transactions. This provision is adopted in the final rule without substantial change.

Section 103.176(b)(1)(i) and (ii) of the Second Proposed Rule would have required covered financial institutions, as part of their enhanced due diligence programs when appropriate, to obtain and review documentation related to a respondent bank’s anti-money laundering program and consider whether the program appears to be reasonably designed to detect and prevent money laundering. Several commenters questioned the utility of the requirement and expressed concern about the cost of complying with it.

One commenter read the Second Proposed Rule as effectively requiring a covered financial institution to perform an audit of a respondent bank’s anti- money laundering program, despite guidance in the preamble stating that an audit was not required. Another commenter similarly expressed concern that this and other provisions of the Second Proposed Rule would cause covered financial institutions to become policemen and regulators. A third commenter was concerned that this provision ultimately would be enforced as a default or mandatory requirement.

Other commenters additionally suggested that obtaining and reviewing documentation frequently would be a difficult and expensive proposition, as such documents may be written only in the native language of a respondent bank. One commenter questioned the utility of reviewing the documentation of a respondent bank’s anti-money laundering program and suggested that other due diligence measures, such as reviewing and monitoring transactions conducted by the foreign bank, would be more productive. Other commenters offered that administering a questionnaire to a respondent bank about its anti-money laundering

practices, when appropriate, would be more effective than a review of its anti- money laundering program documents.

In response to these comments, section 103.176(b)(1)(i) of the final rule now requires a covered financial institution, in appropriate circumstances, to obtain and consider information related to the anti-money laundering program of the respondent bank to assess the risk of money laundering presented by the respondent bank’s correspondent account. This provision of the final rule is not meant to be a mandatory requirement. Rather, it is intended to be risk-based. We emphasize that whether enhanced due diligence should include a reasonable inquiry into the anti-money laundering program of a respondent bank will depend on the extent to which reviewing the anti-money laundering program of the respondent bank would be appropriate based upon the nature of the correspondent account.20 While covered financial institutions have discretion with respect to implementing this provision, as with other risk-based provisions of the BSA and its implementing regulations, a covered financial institution is responsible for reasonably demonstrating that it is effectively exercising that discretion on a risk-assessed basis.

We revised this due diligence provision of the Second Proposed Rule to clarify that covered financial institutions are expected neither to conduct an audit of the anti-money laundering programs of their respondent bank customers, nor to determine the extent to which the respondent bank’s anti-money laundering program is ‘‘reasonably designed to detect and prevent money laundering,’’ which may be difficult to determine without

conducting an audit.21 Rather, under the final rule, a covered financial institution is required to consider and assess more generally the extent to which it may be exposed to money laundering risk by the respondent bank’s correspondent account. The revision also was made to reduce the burdens associated with reviewing documents, such as language barriers, as well as to provide covered financial institutions with flexibility to determine how to conduct due diligence with respect to a respondent bank’s anti- money laundering efforts.

For example, a covered financial institution may, in appropriate circumstances, use a questionnaire, as several commenters suggested, to gather information related to the anti-money laundering program of a respondent bank, provided that the questionnaire and the responses thereto enable a covered financial institution to assess effectively the risk of money laundering presented by the respondent bank. In appropriate situations, such as where a covered financial institution has a sufficient transaction history with a respondent bank, a covered financial institution may also conduct a review of that transaction history to assess the money laundering risk presented by the respondent bank.

As one commenter suggested, a covered financial institution may also, in appropriate circumstances, incorporate its enhanced due diligence efforts into the certification process available under the rules implementing sections 313 and 319(b) of the USA PATRIOT Act.22 Incorporating a questionnaire into the certification form would not alone affect the safe harbor provided under the rules implementing sections 313 and 319(b),23 provided that the covered financial institution also obtains and maintains all of the information required under those rules.

We caution, however, that the certifications are subject to renewal only every three years. Waiting until the next certification is required before obtaining information about the respondent bank’s anti-money laundering program may not be reasonable for purposes of complying with the enhanced due diligence provisions of section 312. We also remind covered financial institutions incorporating a questionnaire into their certifications that doing so will not extend the section 313 and 319(b) safe harbor to this final rule.


ini o

n P

RO

D1P

C65

with

RU

LES


24 See 31 CFR 103.175(h) (defining ‘‘foreign financial institution’’ to include banks, broker- dealers in securities, futures commission merchants, and mutual funds).

25 31 CFR 103.176(a). 26 Second Proposed Rule, 71 FR at 518.

27 Other commenters requested clarification that the provisions of subsection (b)(2) are risk-based.

28 One commenter expressed the view that it should not be required to obtain the anti-money laundering programs of the foreign bank customers of a respondent bank. Section 103.176(b)(2) does not contain such a requirement. Obtaining and considering information related to the anti-money laundering program of a foreign respondent bank, and not the program of its foreign bank customers, is set forth in this final rule as an enhanced due diligence procedure when appropriate. See 31 CFR 103.176(b)(1)(i).

29 In situations where it is unlikely that funds transfers will be conducted through a correspondent account, covered financial institutions may determine that it would not be necessary to obtain a list of the respondent bank’s foreign bank customers. We note, however, that correspondent accounts that may not be used to conduct funds transfers nonetheless may be used to launder money and conduct other illicit financial activity.

30 See 31 CFR 103.15(a) (suspicious activity reporting requirements for mutual funds), 31 CFR 103.17(a) (same for futures commission merchants), 31 CFR 103.18(a) (for banks), and 31 CFR 103.19(a) (for broker-dealers in securities). See also In the Matter of the Federal Branch of Arab Bank PLC, FinCEN enforcement action 2005–2 (Aug. 17, 2005) and In the Matter of the New York Branch of ABN Amro Bank N.V., FinCEN enforcement action 2005– 5 (Dec. 19, 2005) (financial institutions responsible for monitoring the transactions through correspondent accounts maintained on behalf of foreign financial institutions), available at http:// www.fincen.gov/reg_enforcement.html.

Finally, one commenter asked whether a covered financial institution would be required to formulate additional due diligence measures for its accounts for foreign banks that are subject of this final rule if the covered financial institution applies the equivalent of enhanced due diligence required in this final rule to all of its correspondent accounts for foreign financial institutions.24 If a covered financial institution applies both the due diligence program for foreign correspondent accounts 25 and the enhanced due diligence requirements of this final rule to all of its correspondent accounts for foreign financial institutions, then the covered financial institution would not be required to formulate additional due diligence measures for the correspondent accounts it establishes and maintains for foreign banks that are the subjects of this final rule.

Section 103.176(b)(1)(iii) of the Second Proposed Rule would have required covered financial institutions to monitor transactions to, from, or through a respondent bank in a manner that is reasonably designed to detect money laundering and suspicious activity. In the preamble to the Second Proposed Rule, we emphasized that monitoring is an important aspect of enhanced due diligence.26 This monitoring may be conducted manually or electronically, may be done on an individual account basis or by product activity, and should reflect the risk assessment conducted by the covered financial institution on each respondent bank subject of the enhanced due diligence provisions. Section 103.176(b)(1)(iii) has been incorporated into the final rule without change, and has been re-designated as Section 103.176(b)(1)(ii).

Section 103.176(b)(1)(iv) of the Second Proposed Rule would have required covered financial institutions to obtain information from the foreign bank about the identity of any person with authority to direct transactions through any correspondent account that is a payable-through account, and the sources and beneficial owners of funds or other assets in the payable-through account. This provision has been incorporated into the final rule without change, and has been re-designated as Section 103.176(b)(1)(iii).

2. 103.176(b)(2)—Foreign bank customers. Section 103.176(b)(2) of the

Second Proposed Rule would have required a covered financial institution to determine whether a respondent bank in turn maintains correspondent accounts for other foreign banks that enable those other foreign banks to gain access to the respondent bank’s account with the covered financial institution. If such a situation exists, the Second Proposed Rule would have required the covered financial institution to take reasonable steps to assess and minimize the potential money laundering risk posed by the respondent bank’s accounts for those other foreign banks.

Commenters were concerned about the extent to which they would be expected to obtain lists of foreign bank customers from their respondent banks, for the purposes of complying with section 103.176(b)(2).27 One commenter, for example, stated that it may not be possible to obtain a list of the foreign bank customers of respondent banks due to strict privacy laws in some countries.28 Two commenters suggested that there are situations where it is unlikely, due to the nature of the correspondent account, that funds transfers will be conducted through the account, and therefore the covered financial institution should not be required to obtain lists of, or other information about, foreign bank customers of their respondent banks.

As a general rule, we do not expect that a covered financial institution will request and obtain lists of foreign bank customers from their respondent banks. We do expect, however, that covered financial institutions, based upon their risk assessment of a respondent bank and as part of their enhanced due diligence efforts, will make appropriate inquiries about such factors as the nature of the foreign bank customers the respondent bank serves (if any) and the extent to which transactions for any such foreign bank customer may be conducted through the respondent bank’s correspondent account. The covered financial institution also could consult bank reference guides, and monitor or otherwise assess transaction

activity to the extent it may contain foreign bank customer information.29

There may be circumstances, such as in the highest risk situations, where it may be necessary and appropriate to request and obtain the identity of a respondent bank’s foreign bank customers directly from the respondent bank. If obtaining such information in appropriate circumstances is not possible—including by monitoring account activity—the covered financial institution should determine, pursuant to section 103.176(d) of this final rule, how to proceed in light of the particular circumstances.

One commenter expressed concern that covered financial institutions may be held responsible, according to the provisions of section 103.176(b)(2), for monitoring and reporting suspicious activity of the foreign bank customers of their respondent banks. The obligation to monitor for and report suspicious activity arises from the rules implementing 31 U.S.C. 5318(g). Under those rules, covered financial institutions must report suspicious activity involving any of their accounts to the extent they know, suspect, or have reason to suspect a violation of law or regulation, including suspicious activity attempted or conducted by, at, or through correspondent accounts they establish or maintain for respondent banks.30 Such activity may involve the respondent bank’s foreign bank customers.

One commenter was concerned by the level of due diligence that may be required by the use of the word ‘‘minimize’’ in section 103.176(b)(2) of the Second Proposed Rule and suggested replacing with the word mitigate. Accordingly, in this final rule, we have revised the relevant clause to require a covered financial institution to ‘‘take reasonable steps to obtain


ini o

n P

RO

D1P

C65

with

RU

LES

http://www.fincen.gov/reg_enforcement.html


31 Emphasis added.

32 See supra note 11. 33 See supra note 12. 34 See supra note 13. 35 See First Proposed Rule, 67 FR at 37743.

36 See supra note 19 and accompanying text (recognizing that the anti-money laundering and supervisory regime of the jurisdiction that issued a charter or license to a foreign bank may be particularly relevant in assessing the money laundering risk posed by the foreign bank and a mitigating risk factor for the purposes of complying with the enhanced due diligence provisions, as also may be the regime of the home jurisdiction of the foreign bank or its parent to the extent relevant information is readily available).

37 See 31 CFR 103.176(a).

information relevant to assess and mitigate money laundering risks associated with the foreign bank’s correspondent accounts for other foreign banks’’ 31 as the commenter suggested.

Finally, commenters sought clarification as to whether section 103.176(b)(2) is risk-based. The first part of this sub-paragraph requires a covered financial institution to take reasonable steps to ‘‘[d]etermine whether the foreign bank for which the correspondent account is established or maintained in turn maintains correspondent accounts for other foreign banks that use the foreign correspondent account established or maintained by the covered financial institution.’’ Making that initial determination is not dependent on the risks associated with a particular respondent bank.

However, once a covered financial institution has taken reasonable steps to make such a determination, it may ‘‘take reasonable steps to obtain information relevant to assess and mitigate money laundering risks associated with the foreign bank’s correspondent accounts for other foreign banks, including, as appropriate, the identity of those foreign banks,’’ as section 103.176(b)(2) provides and the authorizing statute contemplates. A covered financial institution may take a risk-based approach when determining what steps to gather due diligence information are appropriate.

3. 103.176(b)(3)—Identification of the owners of foreign banks. Section 103.176(b)(3) of the Second Proposed Rule would require a covered financial institution to take reasonable steps to identify the owners of a respondent bank if the respondent bank’s shares are not publicly traded. The section defined an owner as ‘‘any person who directly or indirectly owns, controls, or has the power to vote 10 percent or more of any class of securities’’ of the respondent bank.

One commenter suggested that we increase the proposed 10% threshold for identifying the interest of the owners of respondent banks to 25% for banks that are considered to represent a relatively low level of money laundering risk. Other commenters requested clarification that the provisions of subsection (b)(3) are risk-based.

After consideration, we adopted the proposed threshold into the final rule without change. The final rule covers three specific and relatively small categories of foreign banks that have been designated by statute. We believe that tiered ownership thresholds would undermine the benefit of identifying the

owners of high-risk respondent banks while not appreciably reducing the burden of identifying such owners. Accordingly, we have not adopted a risk-based approach to section 103.176(b)(3).

B. Section 103.176(c)—Foreign Banks Subject to Enhanced Due Diligence

Section 103.176(c) of the Second Proposed Rule set forth the types of foreign banks for which enhanced due diligence would be required, as provided by section 312 of the USA PATRIOT Act. The enhanced due diligence provisions would apply to foreign banks operating under (1) An offshore banking license; 32 (2) a license issued by a country designated as being non-cooperative with international anti- money laundering principles or procedures by an intergovernmental group or organization of which the United States is a member and with which designation the United States representative to the group or organization concurs; 33 or (3) a license issued by a country designated by the Secretary as warranting special measures due to money laundering concerns.34 The final rule adopts this provision without change.

One commenter suggested that we reinstate the proposed exception from the enhanced due diligence requirements of section 312 for an offshore bank that ‘‘has been found, or is chartered in a jurisdiction where one or more foreign banks have been found, by the Board of Governors of the Federal Reserve System under the Bank Holding Company Act or the International Banking Act, to be subject to comprehensive supervision or regulation on a consolidated basis by the relevant supervisors in that jurisdiction.’’ 35 After consideration, we did not include such an exception in this final rule.

We believe that the risk-based provisions of the final rule are better suited to addressing the various risk profiles of respondent banks subject to enhanced due diligence than the proposed exception. Thus, when dealing with an offshore booking location of a bank located in a country with a strong anti-money laundering regime, for example, a covered financial institution ordinarily will not be required to conduct enhanced due

diligence to the same degree as it would with a stand-alone offshore bank.36

One commenter was concerned that a covered financial institution may be cited for a violation of this final rule if it failed to subject an account established or maintained for a high-risk foreign bank to the enhanced due diligence requirements of the rule even when the foreign bank was not in one of the three designated categories of banks subject to enhanced due diligence. However, section 103.176(b) is expressly limited to the foreign banks enumerated at section 103.176(c). With respect to high-risk foreign banks not enumerated in section 103.176(c), a failure to apply appropriate due diligence to a correspondent account maintained for such a foreign bank would constitute a violation of the general due diligence provisions of the correspondent account rule,37 but not the enhanced due diligence provisions of this final rule.

C. Section 103.176(d)—Special Procedures

According to the provisions of proposed section 103.176(d), a covered financial institution would be required to establish special procedures for circumstances in which appropriate due diligence or enhanced due diligence cannot be performed with respect to a correspondent account. We received no comments on this provision of the Second Proposed Rule. It has been adopted in this final rule without change.

D. Section 103.176(e) and (f)— Applicability Rules

This final rule revises section 103.176(e) and adds new section (f) to reflect the applicability dates of the obligations under this section. The Second Proposed Rule did not address the issue of applicability dates. We are mindful, however, of the obligations that will result from the statutory requirement that enhanced due diligence apply to all correspondent accounts maintained for certain foreign banks, regardless of when the accounts were opened. Effective 180 days after the date of publication of this final rule, the requirements of this final rule will


ini o

n P

RO

D1P

C65

with

RU

LES


38 See supra note 5 and accompanying text. 39 Due Diligence Anti-Money Laundering

Programs for Certain Foreign Accounts, 67 FR 48348 (July 23, 2002).

40 See Anti-Money Laundering Programs for Financial Institutions, 67 FR 21110 (April 29, 2002) (establishing anti-money laundering program requirements for federally regulated depository institutions, broker-dealers in securities, futures commission merchants, and introducing brokers in commodities). See also Anti-Money Laundering Program for Mutual Funds, 67 FR 21117 (April 29, 2002).

41 See supra text accompanying footnotes 11–13. 42 Second Proposed Rule, 71 FR at 519.

apply to correspondent accounts opened on or after that date. Effective 270 days after the date of publication of this final rule, the rule’s requirements will apply to all correspondent accounts opened prior to the date that is 180 days after the date of publication of this final rule.

Section 103.176(f)(2) contains a special implementation rule for banks. This special implementation rule requires banks that have been subject to the provisions of our interim final rule 38 to continue to comply with the existing enhanced due diligence requirements for correspondent accounts of section 312 until the effective dates described in section 103.176(f)(1) are triggered.

Section 103.176(f)(3) contains a special implementation rule for all other covered financial institutions. This section provides that securities broker- dealers, futures commission merchants, introducing brokers, mutual funds, and trust banks or trust companies that have a federal regulator are not required to comply with the enhanced due diligence provisions until the effective dates described in section 103.176(f)(1) are triggered.

E. Section 103.176(g)—Exemptions

New section 103.176(g) restates and conforms the exemption for certain financial institutions from the due diligence and enhanced due diligence requirements of section 103.176.

IV. Regulatory Flexibility Act

We certified that the January 4, 2006 proposed rule would not have a significant economic impact on a substantial number of small entities. We made this certification because the proposed rule would provide guidance concerning certain mandated enhanced due diligence requirements in section 312 of the Act, and because the financial institutions that would be covered by the rule tend to be larger institutions.

One commenter expressed concern that the final rule will make it prohibitive for smaller institutions to engage in the foreign correspondent banking business. However, this final rule does not impose significant new burdens on covered financial institutions of any size. Since at least 2002, the depository institutions covered by this rule have been subject to an interim final rule containing substantially similar enhanced due diligence requirements.39 Other covered financial institutions have been required

to establish and maintain anti-money laundering programs reasonably designed, among other things, to prevent money laundering through correspondent accounts generally.40

Because the terms of the interim rule and the final rule are substantially similar, and because the single comment does not provide evidence of any significant economic impact created by the interim or final rule, we believe that the final rule will not have a significant economic impact on a substantial number of small businesses. We also note that even if, as the comment asserts, the rule made foreign correspondent banking prohibitive for small entities, this would establish neither that a substantial number of small entities engage in foreign correspondent banking, nor that any that do derive significant revenue from such business.

Moreover, we have incorporated flexibility into this final rule, particularly by shifting from the prescriptive approach to compliance proposed in the First Proposed Rule to the risk-based approach adopted in this final rule. This flexibility will permit each covered financial institution to tailor its enhanced due diligence program for statutorily designated foreign banks 41 to fit its size and the risks of its customer base.

For these reasons, it is hereby certified, pursuant to the Regulatory Flexibility Act (5 U.S.C. 601 et seq.), that this final rule will not have a significant economic impact on a substantial number of small businesses.

V. Executive Order 12866 This final rule is not a ‘‘significant

regulatory action’’ as defined in Executive Order 12866. Accordingly, a regulatory assessment is not required.

VI. Paperwork Reduction Act The collection of information

contained in this final rule has been approved by the Office of Management and Budget in accordance with the Paperwork Reduction Act of 1995 (44 U.S.C. 3507(d)), and was assigned Office of Management and Budget Control Number 1506–0046. An agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a valid

control number assigned by the Office of Management and Budget.

The only requirements in the final rule that are subject to the Paperwork Reduction Act are set forth in 31 CFR 103.176(b)(1)(i), 103.176(b)(1)(iii)(A), and 103.176(b)(3), requiring covered financial institutions to obtain information relating to certain foreign banks’ anti-money laundering programs, when appropriate, to obtain information from such foreign banks about the identity of any person with authority to direct transactions through a correspondent account that is a payable- through account and the sources and beneficial owner of funds or other assets in the payable-through account, when appropriate, and to obtain the identity of certain owners of any such foreign bank that is privately owned and the nature and extent of the ownership interest. The estimated annual average burden associated with this collection of information was one hour per recordkeeper. We estimated that there would be 28,163 recordkeepers, for a total of 28,163 annual burden hours.42 We received two comments on this burden estimate.

One commenter argued that the burden would ‘‘number into the hundreds of hours, at a minimum.’’ The number of burden hours set forth under the Paperwork Reduction Act is designed to be an average, however, and includes recordkeepers subject to the provisions of this final rule that may not maintain correspondent accounts for statutorily designated foreign banks. Moreover, the number of burden hours pertains only to the collection of information when appropriate, and not to the review of the information.

Another commenter suggested that the number of burden hours may be two hours per year instead of one hour. We accept that estimate and, accordingly, have adjusted our final estimate of burden hours to two hours per recordkeeper.

Comments concerning the accuracy of this recordkeeping burden estimate and suggestions for reducing this burden should be sent (preferably by fax (202– 395–6974)) to Desk Officer for the Department of the Treasury, Office of Information and Regulatory Affairs, Office of Management and Budget, Paperwork Reduction Project (1506), Washington, DC 20503 (or by the internet to [email protected]), with a copy by regular mail to Financial Crimes Enforcement Network, P.O. Box 39, Vienna, VA 22183, ‘‘ATTN: Regulation Identifier Number 1506– AA29’’ or by electronic mail to


ini o

n P

RO

D1P

C65

with

RU

LES

mailto:[email protected]


[email protected] with the caption ‘‘ATTN: Regulatory Information Number 1506–AA29’’ in the body of the text.

List of Subjects in 31 CFR Part 103

Banks, Banking, Brokers, Counter- money laundering, Counter-terrorism, Currency, Foreign banking, Reporting and recordkeeping requirements.

Authority and Issuance

� For the reasons set forth above, we are amending subpart I of 31 CFR Part 103 as follows:

PART 103—FINANCIAL RECORDKEEPING AND REPORTING OF CURRENCY AND FOREIGN TRANSACTIONS

� 1. The authority citation for part 103 continues to read as follows:

Authority: 12 U.S.C. 1829b and 1951–1959; 31 U.S.C. 5311–5314 and 5316–5332; title III, secs. 311, 312, 313, 314, 319, 326, 352, Pub. L. 107–56, 115 Stat. 307.

� 2. In subpart I, amend § 103.176 by adding paragraphs (b) and (c), revising paragraphs (d) and (e), and adding paragraphs (f) and (g) to read as follows:

§ 103.176 Due diligence programs for correspondent accounts for foreign financial institutions.

* * * * * (b) Enhanced due diligence for certain

foreign banks. In the case of a correspondent account established, maintained, administered, or managed in the United States for a foreign bank described in paragraph (c) of this section, the due diligence program required by paragraph (a) of this section shall include enhanced due diligence procedures designed to ensure that the covered financial institution, at a minimum, takes reasonable steps to:

(1) Conduct enhanced scrutiny of such correspondent account to guard against money laundering and to identify and report any suspicious transactions in accordance with applicable law and regulation. This enhanced scrutiny shall reflect the risk assessment of the account and shall include, as appropriate:

(i) Obtaining and considering information relating to the foreign bank’s anti-money laundering program to assess the risk of money laundering presented by the foreign bank’s correspondent account;

(ii) Monitoring transactions to, from, or through the correspondent account in a manner reasonably designed to detect money laundering and suspicious activity; and

(iii)(A) Obtaining information from the foreign bank about the identity of any person with authority to direct transactions through any correspondent account that is a payable-through account, and the sources and beneficial owner of funds or other assets in the payable-through account.

(B) For purposes of paragraph (b)(1)(iii)(A) of this section, a payable- through account means a correspondent account maintained by a covered financial institution for a foreign bank by means of which the foreign bank permits its customers to engage, either directly or through a subaccount, in banking activities usual in connection with the business of banking in the United States.

(2) Determine whether the foreign bank for which the correspondent account is established or maintained in turn maintains correspondent accounts for other foreign banks that use the foreign correspondent account established or maintained by the covered financial institution and, if so, take reasonable steps to obtain information relevant to assess and mitigate money laundering risks associated with the foreign bank’s correspondent accounts for other foreign banks, including, as appropriate, the identity of those foreign banks.

(3)(i) Determine, for any correspondent account established or maintained for a foreign bank whose shares are not publicly traded, the identity of each owner of the foreign bank and the nature and extent of each owner’s ownership interest.

(ii) For purposes of paragraph (b)(3)(i) of this section:

(A) Owner means any person who directly or indirectly owns, controls, or has the power to vote 10 percent or more of any class of securities of a foreign bank. For purposes of this paragraph (b)(3)(ii)(A):

(1) Members of the same family shall be considered to be one person; and

(2) Same family has the meaning provided in § 103.175(l)(2)(ii).

(B) Publicly traded means shares that are traded on an exchange or an organized over-the-counter market that is regulated by a foreign securities authority as defined in section 3(a)(50) of the Securities Exchange Act of 1934 (15 U.S.C. 78c(a)(50)).

(c) Foreign banks to be accorded enhanced due diligence. The due diligence procedures described in paragraph (b) of this section are required for any correspondent account maintained for a foreign bank that operates under:

(1) An offshore banking license;

(2) A banking license issued by a foreign country that has been designated as non-cooperative with international anti-money laundering principles or procedures by an intergovernmental group or organization of which the United States is a member and with which designation the U.S. representative to the group or organization concurs; or

(3) A banking license issued by a foreign country that has been designated by the Secretary as warranting special measures due to money laundering concerns.

(d) Special procedures when due diligence or enhanced due diligence cannot be performed. The due diligence program required by paragraphs (a) and (b) of this section shall include procedures to be followed in circumstances in which a covered financial institution cannot perform appropriate due diligence or enhanced due diligence with respect to a correspondent account, including when the covered financial institution should refuse to open the account, suspend transaction activity, file a suspicious activity report, or close the account.

(e) Applicability rules for general due diligence. The provisions of paragraph (a) of this section apply to covered financial institutions as follows:

(1) General rules—(i) Correspondent accounts established on or after July 5, 2006. Effective July 5, 2006, the requirements of paragraph (a) of this section shall apply to each correspondent account established on or after that date.

(ii) Correspondent accounts established before July 5, 2006. Effective October 2, 2006, the requirements of paragraph (a) of this section shall apply to each correspondent account established before July 5, 2006.

(2) Special rules for certain banks. Until the requirements of paragraph (a) of this section become applicable as set forth in paragraph (e)(1) of this section, the due diligence requirements of 31 U.S.C. 5318(i)(1) shall continue to apply to any covered financial institution listed in § 103.175(f)(1)(i) through (vi).

(3) Special rules for all other covered financial institutions. The due diligence requirements of 31 U.S.C 5318(i)(1) shall not apply to a covered financial institution listed in § 103.175(f)(1)(vii) through (x) until the requirements of paragraph (a) of this section become applicable as set forth in paragraph (e)(1) of this section.

(f) Applicability rules for enhanced due diligence. The provisions of paragraph (b) of this section apply to covered financial institutions as follows:


ini o

n P

RO

D1P

C65

with

RU

LES

mailto:[email protected]


(1) General rules—(i) Correspondent accounts established on or after February 5, 2008. Effective February 5, 2008, the requirements of paragraph (b) of this section shall apply to each correspondent account established on or after such date.

(ii) Correspondent accounts established before February 5, 2008. Effective May 5, 2008, the requirements of paragraph (b) of this section shall apply to each correspondent account established before February 5, 2008.

(2) Special rules for certain banks. Until the requirements of paragraph (b) of this section become applicable as set forth in paragraph (f)(1) of this section, the enhanced due diligence requirements of 31 U.S.C. 5318(i)(2) shall continue to apply to any covered financial institutions listed in § 103.175(f)(1)(i) through (vi).

(3) Special rules for all other covered financial institutions. The enhanced due diligence requirements of 31 U.S.C. 5318(i)(2) shall not apply to a covered financial institution listed in § 103.175(f)(1)(vii) through (x) until the requirements of paragraph (b) of this section become applicable, as set forth in paragraph (f)(1) of this section.

(g) Exemptions—(1) Exempt financial institutions. Except as provided in this section, a financial institution defined in 31 U.S.C. 5312(a)(2) or (c)(1), or § 103.11(n) is exempt from the requirements of 31 U.S.C. 5318(i)(1) and (i)(2) pertaining to correspondent accounts.

(2) Other compliance obligations of financial institutions unaffected. Nothing in paragraph (g) of this section shall be construed to relieve a financial institution from its responsibility to comply with any other applicable requirement of law or regulation, including title 31, United States Code, and this part.

Dated: August 2, 2007.

James H. Freis, Jr., Director, Financial Crimes Enforcement Network. [FR Doc. E7–15467 Filed 8–8–07; 8:45 am]

BILLING CODE 4810–02–P

DEPARTMENT OF HOMELAND SECURITY

Coast Guard

33 CFR Part 165

[CGD14–07–001]

RIN 1625–AA87

Security Zones; Oahu, Maui, Hawaii, and Kauai, HI

AGENCY: Coast Guard, DHS. ACTION: Final rule.

SUMMARY: The Coast Guard is changing the permanent security zones in waters adjacent to the islands of Oahu, Maui, Hawaii, and Kauai, Hawaii. Review of the established zones indicated the need for some adjustment to better suit vessel and facility security in and around Hawaiian ports. The changes are intended to enhance the protection of personnel, vessels, and facilities from acts of sabotage or other subversive acts, accidents, or other causes of a similar nature.

DATES: This rule is effective September 10, 2007. ADDRESSES: Comments and material received from the public, as well as documents indicated in this preamble as being available in the docket, are part of docket CGD14–07–001 and are available for inspection and copying at U.S. Coast Guard Sector Honolulu, Sand Island Parkway, Honolulu, Hawaii 96819–4398 between 7 a.m. and 3:30 p.m., Monday through Friday, except Federal holidays. FOR FURTHER INFORMATION CONTACT: Lieutenant (Junior Grade) Jasmin Parker, U.S. Coast Guard Sector Honolulu at (808) 842–2600. SUPPLEMENTARY INFORMATION:

Regulatory Information

On June 19, 2007, we published a notice of proposed rulemaking (NPRM) entitled Security Zones; Oahu, Maui, Hawaii, and Kauai, HI in the Federal Register (72 FR 33711). We received no letters commenting on the proposed rule. No public meeting was requested, and none was held.

Background and Purpose

The terrorist attacks against the United States that occurred on September 11, 2001, have emphasized the need for the United States to establish heightened security measures in order to protect the public, ports and waterways, and the maritime transportation system from future acts of terrorism or other subversive acts. The terrorist organization al-Qaeda and other

similar groups remain committed to conducting armed attacks against U.S. interests, including civilian targets within the United States. National security and intelligence officials warn that future terrorist attacks are likely.

In response to this threat, on December 19, 2005, the Coast Guard published a final rule establishing the current permanent security zones in designated waters surrounding the Hawaiian Islands (70 FR 75036, December 19, 2005). The current zones replaced zones established by a final rule issued in 2003 (68 FR 20344, April 25, 2003) which in turn replaced temporary zones that had been established, and then extended, in the waters surrounding the Hawaiian Islands soon after the attacks (66 FR 52693, October 17, 2001). The existing permanent security zones have been in operation for more than 18 months.

We have recently completed a periodic review of port and harbor security procedures and considered the oral feedback that local vessel operators gave to Coast Guard units enforcing the zones. In response, the Coast Guard is reducing the scope of the Honolulu International Airport, North Section security zone. The Coast Guard is also establishing new zones at Kawaihae Harbor, Hawaii and Kahe Point, Oahu to address a new vessel operation and recent identification of a critical facility. Additionally, we are clarifying the application of large cruise ship (LCS) security zones to the new Hawaii SuperFerry.

Our action with respect to the Honolulu International Airport, North Section zone (33 CFR 165.1407(a)(4)(i)) is to change it from one that is perpetually activated and enforced to one that is used only in response to a threat. This change, permitting a reduced security posture in the waters adjacent to Honolulu International Airport, is based on a 2006 reevaluation of airport protection requirements. The new arrangement offers us the opportunity to decrease disruption to maritime commerce and inconvenience to small entities by making the zone subject to activation and enforcement only under certain conditions rather than all the time.

All of the security zones described in this final rule are permanently established. We use the word ‘‘activated’’ to describe when these permanently established zones are subject to enforcement.

Our addition of a Kawaihae Harbor security zone is due to the arrival of the Hawaii SuperFerry. In June 2004, Hornblower Marine Services, Inc. signed a Marine Management Operating


ini o

n P

RO

D1P

C65

with

RU

LES

20854 Federal Register / Vol. 67, No. 81 / Friday, April 26, 2002 / Notices

8 15 U.S.C. 78f(b).9 15 U.S.C. 78f(b)(5). 10 17 CFR 200.30–3(a)(12).

1 15 U.S.C. 78s(b)(1).2 17 CFR 240.19b–4.3 Securities Exchange Act Release No. 45457

(February 19, 2002), 67 FR 8565.4 March 18, 2002 letter from Alan E. Sorcher, Vice

President and Associate General Counsel, SecuritiesIndustry Association (‘‘SIA’’), to Jonathan G. Katz,Secretary, SEC (‘‘SIA Letter’’); March 18, 2002 letterfrom Betty Santangelo, Schulte Roth & Zabel LLP,to Jonathan G. Katz, Secretary, SEC (‘‘Schulte RothLetter’’); March 11, 2002 letter from W. RichardMason, General Counsel, Mosaic Funds, toSecretary, SEC (‘‘Mosaic Letter’’); March 18, 2002letter from Craig S. Tyle, General Counsel,Investment Company Institute (‘‘ICI’’), to JonathanG. Katz, Secretary, SEC (‘‘ICI Letter’’).

5 Securities Exchange Act Release No. 45487(February 28, 2002), 67 FR 10463.

paragraph 10. Namely, Paragraph 6 willneed to be amended to reflect that allspecialist/competing specialists will beresponsible for orders directed to him/her. Likewise, Paragraph 9 will need tobe amended to reflect certain BEACONsystem changes which will updatequotations more efficiently, removingthe burden from the regular specialist.

In today’s BEACON system, an agencyorder is automatically routed to thespecialist quote in accordance withprice/time priority amongst competingspecialists if such quote is at the NBBO.Such order routing has allowedspecialists with orderflow to reducetheir costs and compete more effectivelyfor public customer business withoutsacrificing quality of executions.However, the economic value of thispractice has diminished considerablywith the introduction of a number ofCommission led initiatives in recentyears, particularly the introduction ofdecimalization. Implementation of theproposed rule will enable the order tobe routed to the designated specialistand will enable competing specialists toexercise greater control over more oftheir firm’s orderflow and provide priceimprovement opportunities to theircustomers over existing specialistproprietary quotations. All ITStransactions and non-directed orderswill continue to be routed according toprice/time priority, and available forprice improvement by exposure to thespecialists/competing specialists.

2. Statutory BasisThe Exchange believes that the

proposed rule change is consistent withthe provisions of section 6(b) of theAct,8 in general, and section 6(b)(5) ofthe Act,9 in particular, which requires,among other things, that the rules of anexchange be designed to promote justand equitable principles of trade, tofoster cooperation and coordinationwith persons engaged in regulating,clearing, settling, processinginformation with respect to, andfacilitating transactions in securities, toremove impediments to and perfect themechanism of a free and open marketand a national market system, ingeneral, to protect investors and thepublic interest, and not be designed topermit unfair discrimination betweencustomers, issuers, brokers or dealers.

B. Self-Regulatory Organization’sStatement on Burden on Competition

The Exchange does not believe thatthe proposed rule change will imposeany burden on competition that is not

necessary or appropriate in furtheranceof the purposes of the Act.

C. Self-Regulatory Organization’sStatement on Comments on theProposed Rule Change Received FromMembers, Participants or Others

The Exchange has neither solicitednor received written comments on theproposed rule change.

III. Date of Effectiveness of theProposed Rule Change and Timing forCommission Action

Within 35 days of the date ofpublication of this notice in the FederalRegister or within such longer period (i)as the Commission may designate up to90 days of such date if it finds suchlonger period to be appropriate andpublishes its reasons for so finding or(ii) as to which the Exchange consents,the Commission will:

(A) By order approve such proposedrule change, or

(B) Institute proceedings to determinewhether the proposed rule changeshould be disapproved.

IV. Solicitation of Comments

Interested persons are invited tosubmit written data, views, andarguments concerning the foregoing,including whether the proposed rulechange is consistent with the Act.Persons making written submissionsshould file six copies thereof with theSecretary, Securities and ExchangeCommission, 450 Fifth Street, NW,Washington, DC 20549–0609. Copies ofthe submission, all subsequentamendments, all written statementswith respect to the proposed rulechange that are filed with theCommission, and all writtencommunications relating to theproposed rule change between theCommission and any person, other thanthose that may be withheld from thepublic in accordance with theprovisions of 5 U.S.C. 552, will beavailable for inspection and copying inthe Commission’s Public ReferenceRoom. Copies of such filing will also beavailable for inspection and copying atthe principal office of the Exchange. Allsubmissions should refer to File No.SR–BSE–2001–08 and should besubmitted by May 17, 2002.

For the Commission, by the Division ofMarket Regulation, pursuant to delegatedauthority.10

Margaret H. McFarland,Deputy Secretary.[FR Doc. 02–10310 Filed 4–25–02; 8:45 am]BILLING CODE 8010–01–P

SECURITIES AND EXCHANGECOMMISSION

[Release No. 34–45798; File Nos. SR–NASD–2002–24 and SR–NYSE–2002–10]

Self-Regulatory Organizations;National Association of SecuritiesDealers, Inc. and the New York StockExchange, Inc.; Order ApprovingProposed Rule Changes Relating toAnti-Money Laundering CompliancePrograms

April 22, 2002.

I. Introduction

On February 15, 2002, the NationalAssociation of Securities Dealers, Inc.(‘‘NASD’’ or ‘‘Association’’), through itssubsidiary NASD Regulation, Inc.(‘‘NASD Regulation’’), filed with theSecurities and Exchange Commission(‘‘Commission’’ or ‘‘SEC’’), pursuant toSection 19(b)(1) of the SecuritiesExchange Act of 1934 (‘‘Act’’) 1 and Rule19b–4 thereunder,2 a proposed rulechange to establish NASD Rule 3011,Anti-Money Laundering ComplianceProgram. The proposed rule changeprescribes the minimum standardsrequired for each member firm’s anti-money laundering program. OnFebruary 25, 2002, notice of theproposed rule change was published inthe Federal Register.3 The Commissionreceived four comments on theproposal.4

On February 27, 2002, the New YorkStock Exchange, Inc. (‘‘NYSE’’ or‘‘Exchange’’) filed a proposed rulechange to adopt NYSE Rule 445, Anti-Money Laundering ComplianceProgram. The proposed rule changewould require each member andmember organization to develop andimplement an anti-money launderingcompliance program consistent withapplicable provisions of the BankSecrecy Act and the regulationsthereunder. On March 7, 2002, notice ofthe proposed rule change was publishedin the Federal Register.5 The

VerDate 11<MAY>2000 21:14 Apr 25, 2002 Jkt 197001 PO 00000 Frm 00132 Fmt 4703 Sfmt 4703 E:\FR\FM\26APN1.SGM pfrm11 PsN: 26APN1

20855Federal Register / Vol. 67, No. 81 / Friday, April 26, 2002 / Notices

6 The SIA Letter and the Schulte Roth Letter werefiled as comments to both the NASD proposal andthe NYSE proposal.

7 See April 17, 2002 letter from Patrice M.Gliniecki, Vice President and Acting GeneralCounsel, NASD Regulation, to Katherine A.England, Assistant Director, Division of MarketRegulation (‘‘Division’’), SEC (‘‘NASD ResponseLetter’’).

8 See April 16, 2002 letter from Richard P.Bernard, Assistant Corporate Secretary, NYSE, toNancy Sanow, Assistant Director, Division, SEC(‘‘NYSE Response Letter’’).

9 See footnote 4, supra.10 See footnote 6, supra.11 SIA Letter at 2.12 SIA Letter at 2–3.13 Id. at 3.14 Id.15 Id.16 Id.17 Id.

Commission received two comments onthe proposal.6

The NASD provided a response to thecomment letters on April 17, 2002.7 TheNYSE provided a response to thecomment letters on April 16, 2002.8

This order approves the NASD andthe NYSE proposed rule changes.

II. Description of the Proposed RuleChanges

SR–NASD–2002–24NASD Regulation proposes to

establish NASD Rule 3011, Anti-MoneyLaundering Compliance Program, whichrequires financial institutions, includingbroker-dealers, by April 24, 2002, toestablish and implement anti-moneylaundering compliance programsdesigned to ensure ongoing compliancewith the requirements of the BankSecrecy Act and the regulationspromulgated thereunder. NASDRegulation proposes its anti-moneylaundering compliance program rule toguide member firms on how to complywith Section 352 of the Uniting andStrengthening America by ProvidingAppropriate Tools Required to Interceptand Obstruct Terrorism Act of 2001(‘‘PATRIOT Act’’). The proposed rulechange prescribes the minimumstandards required for each memberfirm’s anti-money laundering program.

Under the proposal, on or before April24, 2002, each NASD member isrequired to develop and implement awritten anti-money laundering programreasonably designed to achieve andmonitor the member’s compliance withthe requirements of the Bank SecrecyAct, and the implementing regulationspromulgated thereunder by theDepartment of the Treasury(‘‘Treasury’’). Each memberorganization’s anti-money launderingprogram must be approved, in writing,by a member of senior management.

The anti-money laundering programsrequired under the proposal, at aminimum, must (1) establish andimplement policies and procedures thatcan be reasonably expected to detectand cause the reporting of transactionsrequired under 31 U.S.C. 5318(g) andthe implementing regulationsthereunder; (2) establish and implement

policies, procedures, and internalcontrols reasonably designed to achievecompliance with the Bank Secrecy Actand the implementing regulationsthereunder; (3) provide for independenttesting for compliance to be conductedby member personnel or by a qualifiedoutside party; (4) designate anindividual or individuals responsiblefor implementing and monitoring theday-to-day operations and internalcontrols of the program; and (5) provideongoing training for appropriatepersonnel.

SR–NYSE–2002–10

The NYSE proposes to adopt NYSERule 445, Anti-Money LaunderingCompliance Program. The proposedRule, like the NASD proposal, requireseach member and member organizationto develop and implement an anti-money laundering compliance programconsistent with applicable provisions ofthe Bank Secrecy Act and theregulations thereunder.

Under the NYSE’s proposal, eachmember organization and each membernot associated with a memberorganization must develop andimplement a written anti-moneylaundering program reasonablydesigned to achieve and monitorcompliance with the requirements of theBank Secrecy Act, and theimplementing regulations promulgatedthereunder by Treasury. A member ofsenior management must approve, inwriting, each member organization’santi-money laundering program. At aminimum, the anti-money launderingprograms must (1) establish andimplement policies and procedures thatcan be reasonably expected to detectand cause the reporting of transactionsrequired under 31 U.S.C. 5318(g) andthe implementing regulationsthereunder; (2) establish and implementpolicies, procedures, and internalcontrols reasonably designed to achievecompliance with the Bank Secrecy Actand the implementing regulationsthereunder; (3) provide for independenttesting for compliance to be conductedby member or member organizationpersonnel or by a qualified outsideparty; (4) designate, and identify to theNYSE a person or persons responsiblefor implementing and monitoring theday-to-day operations and internalcontrols of the program and provideprompt notification to the NYSEregarding any change in suchdesignation(s); and (5) provide ongoingtraining for appropriate persons.

III. Summary of Comments

The Commission received four letterscommenting on the NASD proposal.9 Ofthose four comment letters, two of themalso were submitted as comments to theNYSE proposal.10 One commenterexpressed support for the proposals,calling sound anti-money launderingprograms ‘‘the starting point in theindustry’s effort in the prevention ofmoney-laundering and the financing ofterrorism.’’ 11 All of the commenterssuggested that the proposals bemodified.

While the SIA expressed support forthe proposed rules, it requested that therequirements imposed by the proposedrules be clarified. First, it requested thatthe rules require firms to have a writtenanti-money laundering program in placeby April 24, 2002, but not to haveimplemented the program by thatdate.12 The SIA asserts that ‘‘thelanguage of Section 352 of the PatriotAct is clear that the requirement is to‘establish’ anti-money launderingprograms,’’ not to have actuallyimplemented the programs by April 24,2002.13

The SIA also requests clarificationthat the anti-money launderingprograms required by April 24, 2002 areonly required to account for the BankSecrecy Act requirements that are ineffect by that same date.14 The SIAstates this clarification is necessarybecause some provisions of thePATRIOT Act have already becomeeffective, while other provisions willbecome effective on a rolling basisthroughout this year.15 The SIAquestions the ability of firms toimplement all aspects of these programsby April 24, 2002.16 For example, theSIA expressed strong support for therequirement that broker-dealers reportsuspicious activity. It also expressedconcern that the rules could be read torequire a firm to implement policies forreporting suspicious transactions beforethe time required by the statute.17

According to the commenter, Section356 of the Patriot Act requires thatbroker-dealers be subject to suspiciousactivity reporting requirements. UnderTreasury’s proposed rule implementingSection 356, such provision would takeeffect 180 days after a final rule is



18 Id.19 Id. at 4.20 Id.21 Schulte Roth Letter at 3–4.22 Id.23 Id.24 Id. at 4.25 Id.

26 Mosaic Letter.27 Id.28 ICI Letter at 1.29 Id.30 Id. at 2.

31 Id.32 See footnote 8, supra.33 NYSE Response Letter at 2.34 Id.35 Id.36 Id.

issued by Treasury.18 The NYSE andNASD proposals require firms toestablish and implement policies tocomply with the Bank Secrecy Act andimplementing regulations by April 24,2002.

Finally, the SIA states the proposedrules should allow for extension beyondthe April 24, 2002 compliance date,where full compliance cannot be timelyachieved.19 To obtain an extension, theSIA suggests a firm would be requiredto demonstrate the firm made a goodfaith effort to comply, and that therewere extenuating circumstances thatjustify an extension.20

The Schulte Roth Letter suggests thatthe Commission and the self-regulatoryorganizations should allow anexemption from the anti-moneylaundering program requirement forbroker-dealers that do not maintaintraditional customer relationships, suchas investment partnerships andcorporations that are exempt fromregistration under the InvestmentCompany Act of 1940.21 Schulte Rothstates these entities elect to register, orcreate a wholly-owned subsidiary toregister, as a broker-dealer to obtainmore favorable margin treatment.According to the commenter, theseentities are not required to register asbroker-dealers, and do not function astraditional broker-dealers, in that theydo not engage in certain activities thatare typically associated with a broker-dealer.22 Furthermore, the commenterstates that these broker-dealers do notadvertise or hold themselves out to thepublic as a dealer, nor do they renderany incidental investment advice,extend or arrange for the extension ofcredit to others in connection withsecurities, or purchase or sell securitiesas principal from or to customers.23

Accordingly, the commenter asserts thatthese broker-dealers should not berequired to adopt an anti-moneylaundering program.24

The commenter also asserts thatbroker-dealers that merely engage instock lending activities with otherbroker-dealers, agency lenders, andmutual funds, should not be required toadopt an anti-money launderingprogram, because they do not conducttransactions involving the purchase orsale of securities in the traditional senseand do not involve traditional customerrelationships.25

Similarly, one commenter suggestedthat the NASD proposal be modified tostate that a broker-dealer that does notreceive customer funds or open or holdcustomer accounts is deemed to satisfythe anti-money laundering programrequirements by stating itsunderstanding that it will be required todevelop such a program before itactually receives customer funds oropens or holds customer accounts.26

The commenter suggests thismodification to prevent broker-dealersthat do not accept or hold customeraccounts or receive any customer fundsfrom going through the ‘‘futile exercise’’of establishing programs that cannot beimplemented because the broker-dealersare powerless to identify any potentialmoney-laundered money or accounts.27

The ICI submitted comments toaddress the NASD’s proposal as itapplies to NASD members thatunderwrite securities issued byregistered investment companies.28 TheICI expressed strong support for‘‘effective rules to combat potentialmoney laundering activity in theinvestment company industry.’’ It alsoproposed an exception to proposedNASD Rule 3011 for any NASD memberwith respect to its activities as aprincipal underwriter of mutual fundsecurities where the mutual funds suchNASD member underwriters haveestablished an anti-money launderingprogram that meets the requirements ofSection 352 of the PATRIOT Act andany rules that apply to funds adoptedthereunder.29

The ICI provides two reasons for itsproposed exception. First, the ICI statesthe exemption would avoid unnecessaryregulatory duplication. The PATRIOTAct’s requirement to establish an anti-money laundering compliance programby April 24, 2002 applies to funds andto broker-dealers. The ICI states thatproposed regulations setting minimumstandards for fund compliance programsare imminent. Where an underwriter ispart of a fund complex, the ICI states itwould be ‘‘logical’’ for any relevantactivities of the underwriter to beaddressed by the funds’ anti-moneylaundering program. In these situations,the ICI states there is no need forunderwriters to comply with separaterequirements imposed by the NASD onits members.30

Second, the ICI states the exceptionwould eliminate a bifurcated anti-money laundering compliance

examination regime. The ICI states thatcompliance with the anti-moneylaundering program requirements forfunds will be examined by theCommission’s Office of Compliance,Inspections and Examinations (‘‘OCIE’’).The ICI believes that OCIE is best ableto examine funds comprehensively forcompliance with anti-money launderingrequirements. To subject fundunderwriters to NASD examinationauthority would, according to the ICI,‘‘create a piecemeal regulatory schemethat would be both duplicative andinefficient.’’ 31

The NYSE’s Response to Comments

On April 16, 2002, the NYSEsubmitted a response to comments.32

In response to the suggestion thatSection 352 of the PATRIOT Actrequires only that firms ‘‘establish’’written anti-money laundering programsby April 24, 2002, the NYSE states thatmembers and member organizationsmust be in compliance with federallymandated requirements of Section 352by April 24, 2002, by establishingwritten policies and procedures thathave been approved in writing by seniormanagement, that address all applicableBank Secrecy Act requirements. Thesepolicies should address the memberorganization’s employee trainingprogram and independent auditfunctions.33 The NYSE also indicatesthat proposed NYSE Rule 445 requiresthat the anti-money launderingprograms provide for independenttesting for compliance, and thatpolicies, procedures, and internalcontrols must be reasonably designed toachieve compliance with applicablefederal requirements. The NYSE expectsimplementation of the requiredindependent testing function to be‘‘timely and effective.’’ 34 As forimplementation of policies related toanti-money laundering requirementsthat have yet to be adopted, the NYSEexpects they will be implementedconcurrently with their respectiveeffective dates.35 The NYSE furtherclarified that it will not requirecompliance with Bank Secrecy Actprovisions before their prescribedeffective dates.36 The NYSE alsoconfirmed its understanding that thesuspicious activity reports (‘‘SAR’’)reporting requirements under 31 U.S.C.5318(g) are expected to become effective


20857Federal Register / Vol. 67, No. 81 / Friday, April 26, 2002 / Notices

37 Id. at 3.38 Id.39 Id.40 Id.41 See footnote 7, supra.42 Id. at 2.43 Id.

44 Id.45 Id. at 3.46 Id.47 Id.38 Id.49 Id. at 4.

50 Id.51 Id. at 4–5.52 Id. at 5.53 In approving these rules, the Commission has

considered their impact on efficiency, competition,and capital formation. 15 U.S.C. 78c(f).

54 15 U.S.C. 78o–3(b)(6).55 15 U.S.C. 78f(b)(5).

180 days after the date on which finalregulations are issued by Treasury.37

With regard to establishing aprocedure to allow for extensions of theApril 24, 2002 compliance date, theNYSE stated that the requirementsoutlined by proposed NYSE Rule 445are practical applications of federal lawand that it has no authority to grantextensions for compliance withfederally mandated deadlines.38

Similarly, in response to thecommenter’s suggestion that proposedNYSE Rule 445 grant an exemption fromthe requirement to adopt an anti-moneylaundering program for broker-dealersthat do not engage in activitiestraditionally undertaken by registeredbroker-dealers such as hedge funds, orbroker-dealers that engage in stocklending activities with other broker-dealers, agency lenders like banks, andmutual funds, the NYSE againmaintains it has no authority to grantsuch relief from the requirement, as therequirement is mandated by federallaw.39 The NYSE takes the position thateach entity subject to anti-moneylaundering requirements is required toimplement policies and procedures thatare ‘‘reflective of the type and nature oftheir business and that exemptions forhedge funds, investment companies, etc.would not be appropriate.’’ 40

NASD Regulation’s Response toComments

NASD Regulation submitted aresponse To comments on April 17,2002.41

In response to the commenters’assertion that certain broker-dealers beexempt from the requirements ofproposed NASD Rule 3011, NASDRegulation, like the NYSE, stated thatthe requirement to establish an anti-money laundering compliance programis a ‘‘mandate of federal law.’’ 42 WhileSection 352 requires Treasury to issueregulations by April 24, 2002 thataddress the applicability of the statutoryrequirements to different types offinancial institutions, it does not allowfor the NASD or other self-regulatoryorganizations to grant exemptions to anytypes of broker-dealers from thestatutory requirements.43 NASDRegulation suggests that anti-moneylaundering programs at firms that haveno customers and handle no funds willbe tailored to focus on ‘‘potential

employee misconduct and counterpartyawareness.’’ 44 Similarly, with regard tothe ICI’s request that an exemption beallowed for an NASD member withrespect to its activities as principalunderwriter of mutual fund securitieswhere the fund complex beingunderwritten has established anti-money laundering compliance programsthat meet the requirements of Section352, NASD Regulation reiterates that allbroker-dealers are required to enactappropriate compliance procedures.45

In establishing such programs, NASDRegulation suggests that broker-dealersmay coordinate their efforts by takingaccount of programs and procedures ofother firms with which they dobusiness. It also suggests that principalunderwriters to mutual funds would beexpected to have similarly targetedprocedures once the firms had assuredthemselves that the investment adviseror transfer agent within the fundcomplex had established andimplemented a sufficient anti-moneylaundering program. NASD Regulationnotes that each firm must have its ownprogram designed to detect suspiciousactivity, and no broker-dealer may relysolely on a program implemented by afirm with which it does business or hasa business relationship.46

Regarding the SIA’s concerns that theproposed rule’s requirement to bothestablish and implement complianceprograms by April 24, 2002 is beyondthe scope of Section 352, NASDRegulation asserts that its proposed Ruleis consistent with Section 352.47 NASDRegulation states that it does not suggestthat all aspects of a firm’s anti-moneylaundering compliance program must beoperational by April 24, 2002. Instead,NASD Regulation believes that firmsmust put in place written procedures,and take ‘‘meaningful steps’’ to carry outthe procedures to the extent possible byApril 24, 2002.48

With regard to the SIA’s and ICI’srequests for clarification that thecompliance programs required by April24, 2002 need only address the BankSecrecy Act requirements that are ineffect by that date, NASD Regulationstates that it agrees a member’s programmust continuously evolve to adapt tonew Bank Secrecy Act requirements asthey are adopted.49 Additionally, NASDRegulation believes its proposed newRule does not require a firm’scompliance program to reflect those

Bank Secrecy Act requirements that arenot in effect by April 24, 2002. NASDRegulation, however, encourages allfirms to comply voluntarily with thoseprovisions of the Bank Secrecy Act notyet in effect to the extent practicable,rather than waiting for mandatorycompliance deadlines.50 With respect tothe SIA’s comment that the broker-dealer SAR reporting requirement is notexpected to be in effect until 180 daysafter Treasury issues final rules, NASDRegulation states that an anti-moneylaundering program need only achievecompliance with requirements that arein effect. However, NASD Regulationstates that broker-dealers shouldconsider filing SARs voluntarily beforethe effective date of the regulations, andprograms must be adapted to provideprocedures for reporting suspicioustransactions consistent with the finalrule once it becomes effective.51

Finally, with regard to the SIA’srequest that the NASD’s proposed rulebe modified to allow for exemptionsfrom the compliance date under certaincircumstances, NASD Regulation notesthat the law does not grant NASDRegulation or any other self-regulatoryorganization the authority to grantexemptions or extensions of time forcompliance.52

IV. Discussion and CommissionFindings

The Commission has reviewedcarefully the NASD’s and NYSE’sproposed rule changes, the commentletters, and the NASD’s and NYSE’sresponses to the comments, and finds,for the reasons set forth below, that theproposals are consistent with therequirements of the Act and the rulesand regulations thereunder applicable toa registered national securitiesassociation,53 and a national securitiesand exchange, and, in particular, withthe requirements of Sections15A(b)(6) 54 and 6(b)(5) 55 of the Act.Section 15A(b)(6) requires the rules of aregistered national securities associationbe designed to prevent fraudulent andmanipulative acts and practices, topromote just and equitable principles oftrade, to foster cooperation andcoordination with persons engaged inregulating, clearing, settling, processinginformation with respect to, andfacilitating transactions in securities, toremove impediments to and perfect the



56 15 U.S.C. 78s(b)(2).57 17 CFR 200.30–3(a)(12).

1 15 U.S.C. 78s(b)(1).2 The Commission has modified the text of the

summaries prepared by NSCC.3 Securities Exchange Act Release No. 44431

(June 15, 2001), 66 FR 33280.

4 NSCC Rules and Procedures Procedure XV,II.(B).

5 15 U.S.C. 78q–1(b)(3)(F).

mechanism of a free and open marketand a national market system, and, ingeneral, to protect investors and thepublic interest. Section 6(b)(5) imposesthe same requirements on a nationalsecurities exchange.

The Commission finds that theproposed rule changes are consistentwith these Sections of the Act. TheCommission finds that the NASD andthe NYSE have proposed rules thataccurately, reasonably, and efficientlyimplement the requirements of thePATRIOT Act as it applies to theirmembers. While the Commissionacknowledges that the commenters haveraised possible burdens these proposedrules place upon certain entities that arerequired to implement anti-moneylaundering compliance programs byApril 24, 2002, the Commission agreeswith NASD Regulation and the NYSEthat they have no authority to grantexceptions or exemptions to thesefederally mandated requirements anddeadlines. The Commission believesthat NYSE and NASD members that aresubject to the requirements of thePATRIOT Act must have written anti-money laundering programs in place byApril 24, 2002, and must implementthose procedures in a timely fashion.The Commission also recognizes,however, that anti-money launderingcompliance programs will evolve overtime, and that improvements to theseprograms are inevitable as members findnew ways to combat money launderingand to detect suspicious activities.

With regard to all other issues raisedby the commenters, the Commission issatisfied that NASD Regulation and theNYSE have adequately and accuratelyaddressed the commenters’ concerns.

V. Conclusion

It is therefore ordered, pursuant toSection 19(b)(2) of the Act,56 that theproposals SR–NASD–2002–24 and SR–NYSE–2002–10 be and hereby areapproved.

For the Commission, by the Division ofMarket Regulation, pursuant to delegatedauthority.57

Margaret H. McFarland,Deputy Secretary.[FR Doc. 02–10313 Filed 4–25–02; 8:45 am]

BILLING CODE 8010–01–U

SECURITIES AND EXCHANGECOMMISSION

[Release No. 34–45788; File No. SR–NSCC–2002–01]

Self-Regulatory Organizations;National Securities ClearingCorporation; Notice of Filing and OrderGranting Accelerated Approval of aProposed Rule Change MakingTechnical Changes to Its Rules Relatedto the Timing of Clearing FundDeposits

April 19, 2002.Pursuant to section 19(b)(1) of the

Securities Exchange Act of 1934(‘‘Act’’),1 notice is hereby given that onJanuary 23, 2002, the NationalSecurities Clearing Corporation(‘‘NSCC’’) filed with the Securities andExchange Commission (‘‘Commission’’)the proposed rule change as describedin Items I and II below, which itemshave been prepared primarily by NSCC.The Commission is publishing thisnotice and order to solicit commentsfrom interested persons and to grantaccelerated approval of the proposal.

I. Self-Regulatory Organization’sStatement of the Terms of Substance ofthe Proposed Rule Change

The purpose of the proposed rulechange is to make a technical correctionto NSCC Rule 4 relating to the timing ofclearing fund deposits.

II. Self-Regulatory Organization’sStatement of the Purpose of, andStatutory Basis for, the Proposed RuleChange

In its filing with the Commission,NSCC included statements concerningthe purpose of and basis for theproposed rule change and discussed anycomments it received on the proposedrule change. The text of these statementsmay be examined at the places specifiedin Item IV below. NSCC has preparedsummaries, set forth in sections (A), (B),and (C) below, of the most significantaspects of such statements.2

(A) Self-Regulatory Organization’sStatement of the Purpose of, andStatutory Basis for, the Proposed RuleChange

On June 15, 2001, the Commissionapproved proposed rule change SR–NSCC–2001–04 which modified andconsolidated NSCC’s clearing fundrules.3 The purpose of the filing was to:(1) move all NSCC members subject to

clearing fund requirements, and notonly those member firms that weresubject to surveillance status, to risk-based margining and (2) modify therules to provide that additional clearingfund deposits must be made on thesame day requested and within the timeframe established by NSCC. The filingstated, in part, that all clearing fundrequirements and other depositrequirements shall be made by memberswithin one hour of demand unlessotherwise determined by NSCC.4 At thattime, the prior notification requirementfound in Section 7 of Rule 4 of NSCC’sRules and Procedures should have beendeleted because it is inconsistent withthe time frame in that filing.Inadvertently, this deletion was notmade. The purpose of this proposed rulechange is to delete the inconsistent priornotification provisions of NSCC Rule 4.

The proposed rule change isconsistent with the requirements of theAct and the rules and regulationsthereunder applicable to NSCC since theproposed rule change clarifies theclearing fund deposit process andassures the safeguarding of funds withinNSCC’s custody and control.

(B) Self-Regulatory Organization’sStatement on Burden on Competition

NSCC does not believe that theproposed rule change will have animpact on or impose a burden oncompetition

(C) Self-Regulatory Organization’sStatement on Comments on theProposed Rule Change Received FromMembers, Participants, or Others

No written comments relating to theproposed rule change have beensolicited or received. NSCC will notifythe Commission of any writtencomments received by NSCC.

III. Date of Effectiveness of theProposed Rule Change and Timing forCommission Action

The Commission finds that theproposed rule change is consistent withthe requirements of the Act and therules and regulations thereunder andparticularly with the requirements ofSection 17A(b)(3)(F).5 Section17A(b)(3)(F) requires that the rules of aclearing agency be designed to assurethe safeguarding of funds which are inthe custody or control of the clearingagency or for which it is responsible.The Commission believes that theapproval of NSCC’s rule change isconsistent with this section because it


Print

3310. Anti-Money Laundering Compliance Program

Each member shall develop and implement a written anti-money laundering program reasonably designed to achieve and monitor the member's compliance with the requirements of the Bank Secrecy Act (31 U.S.C. 5311, et seq.), and the implementing regulations promulgated thereunder by the Department of the Treasury. Each member's anti-money laundering program must be approved, in writing, by a member of senior management. The anti-money laundering programs required by this Rule shall, at a minimum,

(a) Establish and implement policies and procedures that can be reasonably expected to detect and cause the reporting of transactions required under 31 U.S.C. 5318(g) and the implementing regulations thereunder;

(b) Establish and implement policies, procedures, and internal controls reasonably designed to achieve compliance with the Bank Secrecy Act and the implementing regulations thereunder;

(c) Provide for annual (on a calendar-year basis) independent testing for compliance to be conducted by member personnel or by a qualified outside party, unless the member does not execute transactions for customers or otherwise hold customer accounts or act as an introducing broker with respect to customer accounts (e.g., engages solely in proprietary trading or conducts business only with other broker-dealers), in which case such "independent testing" is required every two years (on a calendar-year basis);

(d) Designate and identify to FINRA (by name, title, mailing address, e-mail address, telephone number, and facsimile number) an individual or individuals responsible for implementing and monitoring the day-to-day operations and internal controls of the program (such individual or individuals must be an associated person of the member) and provide prompt notification to FINRA regarding any change in such designation(s); and

(e) Provide ongoing training for appropriate personnel.

• • • Supplementary Material: --------------

.01 Independent Testing Requirements

(a) All members should undertake more frequent testing than required if circumstances warrant.

(b) Independent testing, pursuant to Rule 3310(c), must be conducted by a designated person with a working knowledge of applicable requirements under the Bank Secrecy Act and its implementing regulations.

(c) Independent testing may not be conducted by:

(1) a person who performs the functions being tested,

(2) the designated anti-money laundering compliance person, or

(3) a person who reports to a person described in either subparagraphs (1) or (2) above.

.02 Review of Anti-Money Laundering Compliance Person Information

Each member must identify, review, and, if necessary, update the information regarding its anti-money laundering compliance person designated pursuant to Rule 3310(d) in the manner prescribed by NASD Rule 1160.

Amended by SR-FINRA-2009-039 eff. Jan. 1, 2010. Amended by SR-NASD-2007-034 eff. Dec. 31, 2007. Amended by SR-NASD-2005-066 eff. Mar. 6, 2006. Amended by SR-NASD-2002-146 eff. Oct. 22, 2002. Adopted by SR-NASD-2002-24 eff. April 24, 2002.

Page 1 of 2

2/9/2011http://finra.complinet.com/en/display/display_main.html?rbid=2403&element_id=8656&pri...

Selected Notices: 02-21, 02-50, 02-78, 02-80, 03-34, 06-07, 07-42, 09-60.

©2008 FINRA. All rights reserved.

Page 2 of 2

2/9/2011http://finra.complinet.com/en/display/display_main.html?rbid=2403&element_id=8656&pri...

FAQs Regarding Anti-Money Laundering Compliance Programs

1. What law requires a Money Services Business (MSB) to develop and implement an AML compliance program?

On October 26, 2001, the President signed into law the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001 (Public Law 107-56). Title III of the Act makes a number of amendments to the anti-money laundering provisions of the Bank Secrecy Act (BSA), which is codified in subchapter II of chapter 53 of title 31, United States Code.

These amendments are intended to provide additional tools to prevent, detect, and prosecute international money laundering and the financing of terrorism. Section 352(a) of the Act, which became effective on April 24, 2002 amended section 5318(h) of the BSA. As amended, section 5318(h) (1) requires financial institutions to establish anti-money laundering compliance programs. FinCEN promulgated an anti-money laundering compliance program requirement specifically applicable to money services businesses that became effective on July 24, 2002, and can be found at 31 CFR 103.125.

2. What are the required components of a compliance program?

The anti-money laundering compliance program must be in writing and must be reasonably designed to prevent the money services business from being used to facilitate money laundering and the financing of terrorism. At a minimum, the program must:

� Incorporate policies, procedures and internal controls reasonably designed to assure compliance with the Bank Secrecy Act including:

� Verifying customer identification � Filing reports � Detecting suspicious activity � Creating and retaining records; and � Responding to law enforcement requests

� Designate a compliance officer to assure day-to-day compliance with the program. The responsibilities of such person include assuring that:

� The business properly files reports and creates and retains records; � The compliance program is updated as necessary to reflect current requirements and

related guidance issued by the Department of Treasury; and � The business provides appropriate training and education.

� Provide for ongoing training of appropriate personnel concerning their responsibilities under the program, including training in the detection of suspicious transactions.

� Provide for an independent review to monitor and maintain an adequate program. � The scope and frequency of the review should be commensurate with the risk of the

financial services provided by the money services business. Such review may be conducted by an officer or employee of the MSB so long as the reviewer is not the person designated as the compliance officer.

In addition, 31 CFR 103.125(b) provides that compliance programs should be commensurate with the risks posed by the location and size of, and the nature and volume of financial services provided by, the money services business.

3. What money services businesses are affected by this law?

All categories of money services businesses subject to BSA regulation under 31 CFR part 103 must implement an anti-money laundering compliance program including:

� Currency dealers or exchanges � Check cashers � Issuers, sellers, and redeemers of travelers checks, money orders, or pre-paid access (formerly

known as stored value) and � Money transmitters

4. What if the financial services that I provide are incidental to my business? Am I still included in the law?

Yes.

For some enterprises, such as grocery stores, convenience stores, and gas stations, the financial activities that make them money services businesses are not their core business activities but only incidental services offered along with core products and services. Other money services businesses are organized to provide several financial services to their customers similar to the full range of financial products provided by a bank. The anti-money laundering program requirement found at 31 CFR 103.125 requires each money services business to establish a program reasonably designed to prevent the MSB from being used in money laundering or terrorist financing. However, it only applies to the extent of the money services activity conducted by an MSB.

5. How do I get started?

FinCEN has determined that the exact nature of an effective anti-money laundering program for money services businesses must be commensurate with the risks posed by the size and location of the particular money services business, and the nature and volume of the financial services that it offers. Therefore, a business must first assess its risk of being used to launder money or finance terrorism.

6. Are there other important items to consider when creating a compliance program?

Page 1 of 2FAQs Regarding Anti-Money Laundering Compliance Programs

2/9/2011http://www.irs.gov/businesses/small/article/0,,id=154565,00.html

Page Last Reviewed or Updated: November 30, 2010

Policies, procedures, and internal controls developed and implemented shall include the following to the extent they are applicable to MSBs (31 CFR 103.125 (d)(1)(i)):

� Procedures for assuring that applicable customer identification requirements are met; � All reports required under 31 CFR part 103, including but not limited to suspicious activity

reports are filed in a timely fashion; � All records are maintained in complete and accurate form � Requests for information from law enforcement agencies are handled with appropriate speed � To the extent that automated data processing systems are used, MSBs should integrate their

compliance procedures with such systems. (31 CFR 103.125(d)(1)(ii))

7. What is the effective date for the compliance programs to be implemented?

Pursuant to section 103.125(e), an existing money services business is required to comply with the anti-money laundering compliance program requirements by July 24, 2002.

Money services businesses coming into existence after that date must develop and implement such a program by the end of the 90-day period beginning on the day following the date the business is established.

Rate the Small Business and Self-Employed Web Site

Page 2 of 2FAQs Regarding Anti-Money Laundering Compliance Programs

2/9/2011http://www.irs.gov/businesses/small/article/0,,id=154565,00.html

OFAC REGULATIONS FOR THE SECURITIESINDUSTRY

These ex am ples il lus trate how dan ger ous it can be to run afoul of U.S.laws en forced by the U.S. Trea sury De part ment’s Of fice of For eign As -sets Con trol (OFAC). Su dan and Cuba are the fo cus of full-fledged tradeem bar goes, in clud ing the block ing of as sets in U.S. ju ris dic tion. Thereare re stric tions on im ports from Burma and North Ko rea; new in vest -ments in Burma; im ports from and ex ports of goods and ser vices to Iran;ex ports to Iraq; im ports of goods, tech nol ogy, or ser vices pro duced orpro vided by for eign per sons des ig nated by the Sec re tary of State whopro mote the pro lif er a tion of weap ons of mass de struc tion; im ports ofrough di a monds from Li be ria; im ports of un cer ti fied di a monds; the re -ceipt of do na tions in the form of gifts or char i ta ble con tri bu tions from thegov ern ments of Syria or North Ko rea; and pro hi bi tions against trans ac -tions with des ig nated in ter na tional nar cot ics traf fick ers, ter ror ists, for -eign ter ror ist or ga ni za tions, par ties named in or pur su ant to Ex ec u tiveOr der 13304 re lat ing to per sons who threaten international stabilizationefforts in the Balkans, and certain individuals tied to the regime inZimbabwe.

Crim i nal vi o la tions of the stat utes ad min is tered by OFAC can re sult incor po rate and per sonal fines of up to $1 mil lion and 12 years in jail.OFAC also has in de pend ent au thor ity to im pose civil pen al ties of up to$1,075,000 per count.

To assure that illicit transactions are not processed, much of the bankingindustry has installed sophisticated and highly effective “interdict”software to block questionable funds transfers and other transactions. Because of the current level of electronic compliance programs in thefinancial community, it is more likely now than ever that violations by the securities industry will come to the attention of OFAC.In light of this,targeted countries, entities, and individuals are likely in search of “saferplaces” to hide assets, including in securities firms. To prevent this fromhappening and to avert violations and costly enforcement actions, it iscritical that securities firms establish internal compliance programs.

OFAC Customer Assessment Checklist

It is rec om mended that you start by tak ing a look at your ex ist ing cus -tomer ac counts to de ter mine whether you are prop erly treat ing those thatare blocked by ex ist ing sanc tions, including:

• per sonal and com mer cial ac counts held in the name of or on be half of in -di vid u als or or ga ni za tions ap pear ing on OFAC’s SDN list;

• ac counts with Cu ban ad dresses;

• per sonal ac counts held in the name of na tion als of Cuba, re gard less of ad -dress (ex cept na tion als un blocked by OFAC license);

• ac counts held in the name of the gov ern ment of Cuba or Su dan; and

• ac counts owned by in di vid u als act ing for or on be half of any of the ac -count par ties listed above or ac counts owned by en ti ties which are ownedor con trolled by any of the ac count par ties listed above.

Con tin ued trad ing on the na tional se cu ri ties ex changes on be half ofblocked Cu ban and North Ko rean cus tomer ac counts is au tho rized pro -vided that cer tain con di tions, which are in tended to pre serve the block ingof re sult ing as sets and proceeds, are met.

Al though no block ing pro vi sions ap ply with re gard to Ira nian ac counts,firms may not act on buy or sell or ders orig i nat ing from the Gov ern mentof Iran, or in di vid u als or en ti ties lo cated in Iran. At the re quest of the ac -count holder, a firm may close out an Ira nian ac count and ef fect aone-time lump sum trans fer of all re main ing ac count funds andotherassets to the account holder.

With re gard to ac counts for com mer cial en ter prises op er at ing in tar getedcoun tries, you should be aware that there is a pro hi bi tion on the per for -mance of con tracts in sup port of in dus trial, com mer cial, or gov ern men talpro jects in those ar eas. This would in clude trans fer ring funds to a thirdparty in sup port of its op er a tions in the targeted country.

Department of the Treasury April 29, 2004 1

You might re ceive in struc tions from a long- time cus tomer to wire sales pro ceeds to an ac count at the Bank of Khartoum. All in a day'swork, right? Wrong. These funds will most likely be blocked be cause Bank of Khar toum is owned by the Gov ern ment of Sudan. Your firmmay be fined up to $11,000 for ini ti at ing the trans fer, even though your own bank blocked it. You'll also have to break the news to your cli -ent that his funds may be in limbo in defi nitely.

You might also un wit tingly open a mar gin ac count for a cus tomer who hap pens to be a Cu ban na tional, in which case the U.S. Gov ern -ment may be the least of your prob lems! Your firm could be on the hook for any pur chases made on mar gin for this cli ent be fore you re al -ize that all of his U.S. as sets are frozen.

OFAC Securities Assessment Checklist

Next, you should re view the se cu ri ties in your cus tody to de ter minewhether you are treat ing prop erly any that are blocked, in clud ing:

• se cu ri ties reg is tered or in scribed in the name of a Cu ban na tional (re gard -less of whether the reg is tered or in scribed owner ap pears to have as -signed, trans ferred or oth er wise dis posed of the security);

• sov er eign debt se cu ri ties rep re sent ing ob li ga tions of the gov ern ments ofCuba, Su dan, Iraq, Bur mese de vel op ment-re lated is sues of the gov ern -ment of Burma or pri vate firms sub se quent to May 20, 1997;

• debt or eq uity se cu ri ties rep re sent ing ob li ga tions of, or own er ship in ter ests in, com pa nies ap pear ing on OFAC’s SDN list;

• debt or eq uity se cu ri ties rep re sent ing ob li ga tions of, or own er ship in ter ests in, com pa nies lo cated in Cuba; or

• bank ers ac cep tan ces that in di cate on their face that they re late to un au tho -rized trade trans ac tions in volv ing North Ko rea, Cuba, Iran, Iraq, Burma,Su dan, im ports of un cer ti fied di a monds, im ports of rough di a monds fromLi be ria, or im ports pro duced or pro vided by for eign per sons des ig natedby the Sec re tary of State as hav ing en gaged in ac tiv i ties re lated to thepro lif er a tion of weapons of mass destruction.

You should also scru ti nize any other se cu ri ties which you have rea son tobe lieve rep re sent ob li ga tions of, or own er ship in ter ests in, en ti ties ownedor con trolled by blocked com mer cial or gov ern men tal en ti ties referenced above.

OFAC Banking Checklist

Be fore they are re layed to your bank, out go ing wire trans fer in struc tionsshould be re viewed to in sure that:

• no par ties–in clud ing banks–ap pear on OFAC’s SDN list;

• the funds are not des tined for Cuba;

• the ben e fi ciary is not oth er wise blocked (to de ter mine whether a ben e fi -ciary is blocked, ap ply the same cri te ria as those found in the OFAC Se -cu ri ties As sess ment Check list above); and

• The trans ac tion is not re lated to com mer cial trans ac tions in a tar getedcoun try.

Blocked Accounts and Securities

Block ings must be re ported within 10 days by fax to OFAC Com pli anceDi vi sion at 202/622-2426. Deb its to blocked ac counts are pro hib ited, al -though cred its are au tho rized. Cash bal ances in cus tomer ac counts mustearn in ter est at com mer cially rea son able rates. Blocked se cu ri ties maynot be paid, with drawn, trans ferred (even by book trans fer), en dorsed,guar an teed, or oth er wise dealt in with out an OFAC li cense. OFAC alsore quires the fil ing of a com pre hen sive an nual re port on blocked prop ertyheld as of June 30 by Sep tem ber 30 each year. The re port is to be filed us -ing Form TDF 90-22.50, which fol lows, and which is also avail able onOFAC’s website or from OFAC’s fax-on-de mand ser vice. Re quests tosub mit the in for ma tion in an al ter na tive for mat or for an ex ten sion of there port ing dead line are invited and will be considered on a case-by-casebasis by OFAC.

U.S. per sons in volved in lit i ga tion, ar bi tra tion, or other bind ing al ter na -tive dis pute res o lu tion pro ceed ings re gard ing blocked prop erty must:pro vide no tice of such pro ceed ings to OFAC Chief Coun sel, sub mit cop -ies of all doc u ments as so ci ated with such pro ceed ings within 10 days oftheir fil ing to OFAC Chief Coun sel at U.S. Trea sury De part ment, 1500Penn syl va nia Ave., NW — 3123 An nex, Wash ing ton, DC 20220, and fax in for ma tion about the sched ul ing of any hear ing or sta tus conference toOFAC Chief Counsel at 202/622-1911.

Ongoing OFAC Compliance

The in for ma tion on the OFAC as sess ment check lists will as sist you when you eval u ate new cli ents and un fa mil iar in vest ment se cu ri ties. In ad di -tion, it may be help ful to des ig nate a “Com pli ance Of fi cer” re spon si blefor mon i tor ing com pli ance with OFAC pro grams and over see ing blocked ac counts and se cu ri ties. In ter nal au dit ing de part ments can as sist in thede vel op ment of “cor po rate com pli ance mem o randa” and ver i fi ca tionthat pro ce dures, once es tab lished, are be ing fol lowed. An ef fec tive in ter -nal com mu ni ca tion net work is crit i cal for reg u la tory com pli ance. Firmsmight con sider in clud ing reg u la tory no tices and ex pla na tions in staffnewsletters. Compliance training programs will help prevent violations.

Other use ful mea sures would in clude re view ing reg u la tions in staff meet -ings, in cor po rat ing com pli ance re quire ments into op er at ing pro ce dures,and join ing with other firms to spon sor compliance seminars.

The eco nomic sanc tions pro grams of the U.S. Gov ern ment are pow er fulfor eign pol icy tools. Their suc cess re quires the ac tive par tic i pa tion andsup port of ev ery U.S. cit i zen. Pro tect your firm from losses and civil pen -alty ex po sure — don’t open your doors to OFAC tar gets; stay abreast ofU.S. sanc tions law. When in doubt about a spe cific ac count or trans ac -tion, or in need of ad di tional in for ma tion, con tact OFAC’s Com pli anceHot line for fi nan cial in sti tu tions at 1-800-540-OFAC (6322). It shouldbe noted that OFAC has a Mi ami branch of fice (909 South east First Av e -nue, Suite 735A) with a spe cial bi-lin gual hot line re lat ing to in for ma tionon the Cuban embargo; that hotline number is 305/810-5170.

2 April 29, 2004 Department of the Treasury

Hedge Funds and Al ter na tive In vest ments

All in vest ments and trans ac tions in the United States or in volv ing U.S. per sons any where in theworld fall un der U.S. ju ris dic tion and need to com ply with OFAC reg u la tions. Be cause of theirloosely reg u lated na ture and the abil ity to han dle trans ac tions through off shore lo ca tions,U.S.-man aged hedge funds and other al ter na tive in vest ment ve hi cles may be at trac tive in vest -ments for sanc tions tar gets. Hos tile gov ern ments as well as per sons, busi nesses and or ga ni za tions linked to ter ror ism and nar cot ics traf fick ing have the po ten tial to use such in vest ments to gain ac -cess to the U.S. fi nan cial sys tem or to laun der money.

U.S. in vest ment com pa nies, man ag ers and in ves tors must be vig i lant in deal ing with these in stru -ments, which in clude hedge funds, fu tures, de riv a tives and funds. Hedge funds and their in vest -ment in stru ments are of ten once or twice re moved from orig i nat ing in vest ments. U.S. man ag ersand in ves tors must be aware of all the un der ly ing in vest ments mak ing up their port fo lios. Fundsmay con tain il le gal in vest ment ve hi cles such as sov er eign bonds of the Re pub lic of Cuba or thoseof other sanc tioned for eign gov ern ments such as Iran and Su dan. With out proper au tho ri za tion, itis un law ful for U.S. per sons to in vest in oil fu tures con tracts in volv ing Ira nian or Su da nese crudeoil. All in vest ment in stru ments should be scru ti nized to as sure that they do not rep re sent ob li ga -tions of, or own er ship in ter ests in, en ti ties owned or con trolled by sanc tions tar gets.

U.S. com pa nies and their off shore of fices are re spon si ble for main tain ing iden ti fy ing in for ma tioncon cern ing all cli ents, in ves tors, and ben e fi cia ries as well as for know ing the source of in vest ment funds. It is rec om mended that iden ti ties be checked against OFAC’s SDN list and re ported if theyap pear to be au then tic matches.

Please see OFAC’s website for spe cific de tails con cern ing sanc tions pro grams or call OFAC at1-800-540-6322 to speak with an OFAC rep re sen ta tive re gard ing in di vid ual ques tions and sit u a -tions.

Additional Information

When ever there is an up date to any OFAC reg u la tion, an ad di tion or re -moval of an SDN, or any other an nounce ment from OFAC, the in for ma -tion is quickly made avail able elec tron i cally via many dif fer ent sources.

• All of OFAC’s pro gram “bro chures,” as well as SDN in for ma tion, areavail able free in down load able cam era-ready Adobe Ac ro bat© “*.PDF”for mat over the Trea sury De part ment’s World Wide Web Server.OFAC’s Home Page site is <http://www.treas.gov/ofac>. The Page also con tains a self-ex tract ing ASCII file of the SDN list in DOS, de lim ited,fixed-field, and coun try-spe cific ver sions, a free Adobe Ac ro bat Reader©

to view and print “*.PDF” files, ac cess to all OFAC-re lated Ex ec u tive Or -ders, U.N. Res o lu tions, stat utes, reg u la tions, and the Code of Fed eralReg u la tions as well as to bro chures in ASCII for mat, and a wealth ofother ma te rial. All of OFAC’s “forms,” in clud ing its An nual Re port onBlocked Prop erty, Cu ban Re mit tance Af fi da vit, and li cense ap pli ca tionare elec tron i cally avail able on the site. The Trea sury De part ment pro vides two E-mail sub scrip tion ser vices—one to OFAC’s Fi nan cial Op er a tionsBul le tin up dates and the other to OFAC’s “What’s New” file. In ad di -tion, when ever there is a change in volv ing ur gent in for ma tion re quir ingim me di ate im ple men ta tion, the [DATE] changes on the face of the pri -mary Page; us ers can au to mate their com pli ance by struc tur ing theirInternet con nec tion to use a Web browser to watch for that date change,check a “Bul le tin” file to get the de tails about changes, and down loadOFAC’s lat est in for ma tion for in cor po ra tion, for ex am ple, into in ter dic -tion soft ware. There is a sep a rate date-in di ca tor for OFAC’s SDN list..OFAC’s sec ond ary Page on the site en ti tled “Re cent OFAC Ac tions ofIn ter est” con tains date-spe cific “What’s New” files with their own dates. Those not di rectly in volved in op er a tions ar eas can au to mate their abil ityto keep cur rent with OFAC’s gen eral in for ma tion by struc tur ing theirInternet con nec tion to use their Web browser to watch for those datechanges on the sec ond ary Page to check the “What’s New” file to get thede tails about changes, and down load OFAC’s lat est in for ma tion. Theremay be times when the date on the sec ond ary Page will be later than thedate on the primary Page because some OFAC “Actions of Interest” maynot rise to the level of an urgent bulletin. Call OFAC Compliance at1-800-540-6322 with any questions.

• OFAC op er ates a free au to mated fax-on-de mand ser vice, which can beac cessed 24 hours a day, seven days a week, by di al ing 202/622-0077from any touchtone phone and fol low ing voice prompts. OFAC doc u -ments kept up to date on the sys tem in clude pro gram and gen eral bro -

chures, list ings of Spe cially Des ig nated Na tion als and Blocked Per sons,in clud ing changes to the list ings, li cens ing guide lines, and Fed eral Reg is -ter no tices (even those filed but not yet printed in the Fed eral Reg is ter).The “In dex of Avail able Documents” is date-specific.

• The free Fed eral Bul le tin Board of the U.S. Gov ern ment Print ing Of fice,which is linked to the Fed eral Reg is ter and Code of Fed eral Reg u la tions,car ries all OFAC bro chures in ASCII and Adobe/Ac ro bat “*.PDF” for -mat, as well as the en tire Code of Fed eral Reg u la tions con tain ing OFACreg u la tions, all Fed eral Reg is ter no tices that OFAC puts out, andOFAC’s ex tended elec tronic read ing room (FAC_MISC). For in for ma -tion on the Fed eral Bul le tin Board call 202/512-1530 or dial202/512-1387 to con nect. The in for ma tion is also avail able over theInternet via GPO ACCESS at <fedbbs.access.gpo.gov>.

• Sub scrib ers to Bloomberg via ded i cated ter mi nals should be able to findin for ma tion on OFAC-ad min is tered sanc tions by typ ing OFAC <GO>.Al ter na tively, sub scrib ers may do a search uti liz ing the fol low ingkeywords: gov ern ment, gov ern ment agen cies, pol icy, ter ror ism-spon sor -ing or ga ni za tions, trade sanc tions, treasury, or united states.

• In for ma tion is dis sem i nated by links from the web sites of the In ter na -tional Fi nan cial Ser vices As so ci a tion in New York(<http://www.intlbanking.org>) the In ter na tional Bank ing Op er a tions As -so ci a tion in Mi ami (<http://www.iboa.com>). Ma jor an nounce ments arealso dis trib uted to U.S. fi nan cial in sti tu tions through Fedwire bul le tinsand CHIPS sys tem broad casts, as well as, from time to time, in printedfor mat through the var i ous Federal bank supervisory agencies.

• The U.S. Mar i time Ad min is tra tion’s Web site at <http://marad.dot.gov>con tains a spe cial link to OFAC’s bro chures and in for ma tion, in clud ing aflash ing in di ca tor of late-break ing up dates. The U.S. Cus toms Ser vicemain tains a free Cus toms Elec tronic Bul le tin Board geared es pe cially to -ward Cus toms House Bro kers (OFAC’s in for ma tion is avail able as adate-spe cific self-ex tract ing DOS file, “OFAC*.EXE” un der “Files,” andthen “Cus toms Ex tra!,” via the Internet at <http://209.122.8.97> or“cebb.cus toms.treas.gov”. Nu mer ous other in dus try groups link toOFAC’s website, among them: the Na tional As so ci a tion of Se cu ri tiesDeal ers (<http://www.nasdr.com>), the Securites and Ex change Com mis -sion (<http://www.sec.gov>), the Se cu ri ties In dus try As so ci a tion(<http://www.sia.com>), the Amer i can So ci ety of Travel Agents(<http://www.astanet.com>), the In sti tute of Real Es tate Man age ment(<http://www.irem.org>), and the Commercial Investment Real EstateInstitute (<http://www.cre.org>).

April 29, 2004 3

OF FICE OF FOR EIGN AS SETS CON TROL

U.S. De part ment of the Trea sury

1500 Penn syl va nia Av e nue, N.W., Wash ing ton D.C. 20220

202/622-2490

Fax: 202/622-2426

http://www.treas.gov/ofac

Guidance

FIN-2006-G009 Issued: May 10, 2006 Subject: Application of the Regulations Requiring Special Due Diligence Programs

for Certain Foreign Accounts to the Securities and Futures Industries The Financial Crimes Enforcement Network is issuing this guidance to clarify the due diligence obligations of broker-dealers, futures commission merchants, and introducing brokers in commodities (collectively, “securities and futures firms”) under the final rules implementing section 312 of the USA PATRIOT Act (the “section 312 rules”).1 Specifically, this guidance addresses: (1) whether all five of the risk factors enumerated in the final due diligence rule for correspondent accounts established or maintained for foreign financial institutions2 (the “correspondent account rule”) must be applied in every instance in which securities and futures firms establish, maintain, administer, or manage such accounts; (2) how certain intermediated relationships should be treated for purposes of the correspondent account rule; (3) how the due diligence rule for private banking accounts3 (the “private banking rule”) applies to clearing firms; (4) how firms should determine whether a foreign entity is a “foreign financial institution” under the section 312 rules; and (5) how securities and futures firms should evaluate the purpose and anticipated activity of a correspondent account.

1. Application of the Due Diligence Requirements of the Final Rules The correspondent account rule provides that securities and futures firms must “[assess] the money laundering risk presented by such correspondent account, based on a consideration of all relevant factors, which shall include, as appropriate [five enumerated factors].”4 We have been asked to clarify whether the five risk factors must be applied to all correspondent accounts established or maintained for foreign financial institutions under the rule, or whether, as part of a risk-based approach, the evaluation may include an analysis of which, if any, of the five risk factors must be applied. We do not expect that securities and futures firms will need to apply each of the five risk factors to every correspondent account relationship they establish, maintain, administer,

1 Anti-Money Laundering Programs; Special Due Diligence Programs for Certain Foreign Accounts, 71 Fed. Reg. 496 (Jan. 4, 2006) (the “Final Rules”). 2 31 C.F.R. § 103.176. 3 31 C.F.R. § 103.178. 4 31 C.F.R. § 103.176(a)(2).

or manage for a foreign financial institution. Rather, securities and futures firms may apply some subset of the five enumerated factors when conducting due diligence on a foreign financial institution, depending upon their determination of the nature of the foreign financial institution they are assessing and the relative money laundering risk posed by such institution.5 We do expect that securities and futures firms will consider the factors that are relevant to the particular risk profile of the foreign financial institution being assessed and we note, moreover, that the five risk factors enumerated in the rule were not meant to be exhaustive. The due diligence programs of securities and futures firms should provide, as appropriate, for the consideration of additional factors that have not been enumerated in the rule when assessing foreign financial institutions with a unique risk profile or those that pose high risk.6

2. Intermediated Relationships under the Correspondent Account Rule

We also have been asked to address how securities and futures firms should treat certain intermediaries and intermediated relationships for the purpose of complying with the due diligence provisions of the correspondent account rule. Whether a securities or futures firm has established or maintained a correspondent account with a foreign financial institution will depend on whether the securities or futures firm has a “formal relationship” with the foreign financial institution.7

With respect to omnibus accounts established or maintained for an intermediary financial institution, a securities or futures firm will have a formal relationship with the intermediary financial institution holding the omnibus account. Under the correspondent account rule, a securities or futures firm is required to perform due diligence on a foreign financial institution for which an omnibus account is established or maintained.8 The securities or futures firm generally is not required to look through an omnibus account to perform due diligence on any foreign financial institutions that may be underlying accountholders. However, due diligence conducted on a foreign financial institution for which an omnibus account is established or maintained should include conducting a risk-

5 See Final Rules, 71 Fed. Reg. at 502 (“we agree that this provision should be modified to incorporate a risk-based approach to the entire rule . . . [T]his . . . will permit covered financial institutions to assess the risks posed by their various non-U.S. customers and accounts and to direct their resources most appropriately at those accounts that pose a more significant money laundering risk”). 6 See id. at 503 (“[s]ection 103.176(a) does not prescribe the elements of increased due diligence that should be associated with specific risk factors, but a covered financial institution’s general due diligence program should identify risk factors that would warrant the institution conducting additional scrutiny of a particular account”). 7 With respect to broker-dealers, we have defined the term “account” to mean “any formal relationship established with a broker or dealer in securities to provide regular services to effect transactions in securities.” 31 C.F.R. § 103.175(d)(2)(ii) (emphasis added). The term “account” is defined similarly in 31 C.F.R. § 103.175(d)(2)(iii) with respect to futures commission merchants and introducing brokers in commodities. 8See Final Rules, 71 Fed. Reg. at 503 (“the due diligence requirement . . . generally requires an assessment of the money laundering risks presented by the foreign financial institution for which the correspondent account is maintained”).

based assessment into the “nature of the foreign financial institution’s business and the markets it serves,”9 including the nature of the foreign firm’s account base. Moreover, we expect that a securities or futures firm will conduct increased due diligence on the intermediary institution’s account base in the highest risk situations.10

With respect to accounts introduced on a fully disclosed basis to clearing firms in the securities industry,11 a clearing firm will have a formal relationship with any financial institution with which it has executed a clearing or carrying agreement pursuant to New York Stock Exchange or NASD rules.12 Thus, a clearing firm is required to perform due diligence pursuant to the correspondent account rule with respect to its carrying agreements with a foreign financial institution.13 However, a clearing firm will not have a formal relationship, and thus will not have an “account” subject to the due diligence provisions of the correspondent account rule, with a foreign financial institution introduced under a clearing or carrying agreement unless the clearing firm engages in activities that obligate it to make a suitability determination with respect to securities transactions conducted through the introduced accounts.14

We caution that this interpretation should not be construed as limiting the anti-money laundering obligations of clearing firms under our rules.15 The risks of money laundering and terrorist financing do not stop at an introducing firm’s back door. In a relationship

9 31 C.F.R. § 103.176(a)(2)(i) 10See infra note 6 and accompanying text. 11 We have limited this interpretation of the responsibilities of introducing and clearing firms to those in the securities industry. We will address the application of the correspondent account rule to introduced business in the futures industry separately. 12 See NYSE Rule 382 and NASD Rule 3230. 13 See NYSE Rule 382. 14 In a typical relationship between a clearing firm and an introducing firm, the introducing firm and not the clearing firm will recommend securities transactions or strategies to the accountholder of an introduced account, requiring it to inquire, for example, into the financial status, the investment objectives, and the risk tolerance of the account holder. See NASD Rule 2310 (“[in recommending to a customer the purchase, sale or exchange of any security, a member shall have reasonable grounds for believing that the recommendation is suitable for such customer upon the basis of facts, if any, disclosed by such customer as to his other security holdings and as to his financial situation and needs”). See also NASD IM-2310-3 (“[m]embers’ responsibilities include having a reasonable basis for recommending a particular security or strategy, as well as having reasonable grounds for believing the recommendation is suitable for the customer to whom it is made”). In circumstances where a clearing firm establishes the type of relationship that would cause it to recommend securities or strategies to an introduced accountholder, which would subject it to compliance with the suitability rule, the clearing firm would be establishing a formal relationship with the introduced accountholder that would subject it to the due diligence requirements of the correspondent account rule. 15 See 31 C.F.R. § 103.120(c) (anti-money laundering program requirements for registered securities broker-dealers). Additionally, this interpretation of the section 312 rules does not supersede prior guidance regarding the application of the Customer Identification Program rules that we jointly issued with the Securities and Exchange Commission and the Commodity Futures Trading Commission. See Customer Identification Programs for Broker-Dealers, 68 Fed. Reg. 25113 (May 9, 2003); Customer Identification Programs for Futures Commission Merchants and Introducing Brokers, 68 Fed. Reg. 25149 (May 9, 2003).

with an introducing firm, a clearing firm must consider the money laundering risks posed by the introducing firm, including any information the clearing firm acquires about the account base of the introducing firm in the ordinary course of its business and through the application of its anti-money laundering policies, procedures, and controls.

A clearing firm’s anti-money laundering program should contain risk-based policies, procedures, and controls for monitoring introduced business, which includes knowing whether the introducing firm may establish or maintain correspondent accounts for foreign financial institutions and the nature and scope of that business, including the nature of the introducing firm’s account base. The program additionally should address circumstances that may warrant gathering any necessary and appropriate information about specific accounts of the introducing firm in high-risk situations. The clearing firm also should have established risk-based policies, procedures, and controls to monitor and mitigate the money laundering risk of the business introduced to it and to detect and report suspicious activity attempted at or conducted through the clearing firm.16

3. Obligations of Clearing Firms under the Private Banking Account Rule In the preamble to the Final Rules, we describe how introducing and clearing firms in the securities and futures industries may apportion due diligence functions for the purposes of complying with the private banking rule.17 We have been asked to clarify whether we meant to impose obligations on clearing firms in the securities industry to perform due diligence on introduced private banking accounts pursuant to the private banking rule.18

We did not intend to impose such an obligation on clearing firms in all instances. When a clearing firm does not impose aggregate minimum account requirements of not less than $1,000,000 on an introduced account for a non-U.S. person and does not assign an officer, employee, or agent to act as a liaison between the clearing firm and such an account, the introduced account will not be considered a private banking account of the clearing firm.19 16 See 31 C.F.R. § 103.19(a)(2). 17 In the preamble at footnote 68, we wrote “where [introducing and clearing firms in the securities and futures industries] maintain a private banking account for a customer . . . [a]ny apportionment of [due diligence] functions between such entities should include adequate sharing of information to ensure that each institution can satisfy its obligations under this rule. For example, an introducing firm would be responsible for informing the clearing firm of the customers holding private banking accounts and for obtaining the necessary information from and about these customers, while both firms would be responsible for establishing adequate controls to detect suspicious activity.” Final Rules, 71 Fed. Reg. at 508. 18 We have limited this interpretation to clearing and introducing firms in the securities industry. We will address the application of the private banking rule to introduced business in the futures industry separately. 19 A “private banking account” is defined in the Final Rules as “an account (or . . . combination of accounts) . . . maintained at a covered financial institution that . . . [r]equires a minimum aggregate deposit of funds or other assets of not less than $1,000,000 . . . [i]s established on behalf of or for the benefit of one or more non-U.S. persons who are direct or beneficial owners of the account [and is] assigned to, or is administered or managed by, in whole or in part, an officer, employee, or agent of a covered financial institution acting as a liaison between the covered financial institution and the direct or beneficial owner of the account.” 31 C.F.R. § 103.175(o).

We caution that this clarification should not be interpreted as limiting the anti-money laundering program obligations of clearing firms under our rules.20 In a relationship with an introducing firm, a clearing firm must consider the money laundering risks posed by the introducing firm, including any information the clearing firm acquires about the account base of the introducing firm in the ordinary course of its business and through the application of its anti-money laundering policies, procedures, and controls.

A clearing firm’s anti-money laundering program should contain risk-based policies, procedures, and controls for monitoring introduced business, which includes knowing whether the introducing firm may offer or maintain private banking accounts to non-U.S. persons and the nature and scope of that business. The program additionally should address circumstances that may warrant gathering any necessary and appropriate information about specific accounts of the introducing firm in apparently high-risk situations. The clearing firm also should have established policies, procedures, and controls to monitor and mitigate the money laundering risk of such introduced business and to detect and report suspicious activity attempted at or conducted through the clearing firm.21

4. Determining Whether a Foreign Entity is a “Foreign Financial Institution” We have additionally been asked to clarify the term “foreign financial institution” as it has been defined for the purposes of applying the correspondent account rule. It has been suggested that that the legal analysis required to determine which foreign entities would be broker-dealers, futures commission merchants, or mutual funds “if [they] were located in the United States”22 will be extremely difficult. With respect to mutual funds, it has been further suggested that applying the definition of “investment company” under the Investment Company Act of 194023 is a complex matter, often requiring the advice of specialized legal counsel. We recognize the difficulty in determining whether a foreign person would be required to register in the United States as a broker-dealer, futures commission merchant, or mutual fund, which would result in such entity falling within the definition of “foreign financial institution” under the correspondent account rule.24 We did not intend that compliance with the correspondent account rule would require covered financial institutions to undergo complex and exhaustive legal analyses to determine which foreign entities would be foreign financial institutions under the rule, and we did not expect that a

20 See supra note 15. 21 31 C.F.R. § 103.19(a)(2). 22 31 C.F.R. § 103.175(h)(1)(iii). 23 15 U.S.C. 80a–1 et seq. 24 For purposes of the correspondent account rule, a “foreign financial institution” includes a broad range of entities, including foreign banks, broker dealers, futures commission merchants, mutual funds, currency dealers or exchangers, and money transmitters. See 31 C.F.R. § 103.175(h).

covered financial institution would establish with legal certainty that a foreign entity is one that, if located in the United States, would require the kind of registration that would result in it being a “foreign financial institution” under the rule. Rather, we intended that covered financial institutions, as part of their overall risk-based due diligence effort, would conduct enough of an inquiry of a foreign entity for which it is establishing, maintaining, administering, or managing a correspondent account to draw a general conclusion as to whether that institution would be a broker dealer, futures commission merchant, or a mutual fund in the United States, and thus subject to the due diligence provisions of the correspondent account rule. For example:

• Whether a foreign entity would be a broker-dealer if located in the

United States, as opposed to an investment adviser, for instance, may be determined from the responses to such questions as: (1) whether it is a member of a securities exchange, other organized securities markets, or a clearinghouse for securities in the jurisdictions in which it operates; (2) whether it underwrites securities or otherwise helps bring new issues to market; (3) whether it formally acts as a market maker on an exchange, trading system, or otherwise; (4) whether it holds itself out as promoting liquidity to the market or otherwise is looked to as a source of liquidity to market professionals or the public; (5) whether it provides services to investors, such as handling money and securities, extending credit, lending securities, or giving investment advice; (6) whether it advertises or otherwise lets others know that it is in the business of buying and selling securities; or (7) whether it manages accounts for customers or clients solely as a fiduciary;

• Whether a foreign entity would be a futures commission merchant if

located in the United States can be determined from the responses to questions regarding: (1) whether it solicits or accepts orders to purchase or sell futures or commodity option contracts in the jurisdictions in which it operates; and (2) whether it accepts any money, securities, or other property to margin, guarantee, or secure solicited or accepted trades or contracts;25 and

• Whether an offshore fund would be a mutual fund in the United States

may be determined from the responses to questions in connection with: (1) whether its shares are continuously offered; (2) whether it has more than 100 beneficial shareholders; and (3) whether its shares are offered to the general public in its home jurisdiction, or whether they are offered exclusively to purchasers who qualify under certain minimum asset or sophistication requirements.26

25 7 U.S.C. 1a(20). 26 See, e.g., Touche, Remnant & Co., 1984 SEC No-Act. LEXIS 2566 (Aug. 27, 1984) (analyzing section 3(c)(1) of the 1940 Act as it applies to foreign funds operating in the United States) and Goodwin, Procter

Additionally, it has been suggested that it would be “difficult to determine which foreign entities would be considered a U.S. currency dealer or exchanger or money transmitter covered by the rule.” We do not believe that conducting a reasonable inquiry into the nature of a foreign entity’s business for the purposes of identifying such institutions as currency dealers or exchangers or money transmitters is complex. Whether a foreign entity would be considered a “foreign financial institution” for the purposes of the correspondent account rule depends on whether it “is readily identifiable as . . . [a] currency dealer or exchanger[,] or [a] money transmitter.”27 Though we expressly noted that the definition of currency dealer or exchanger and money transmitter does not correspond to the definition of such institutions contained in our rules,28 to determine whether a foreign entity is operating functionally as a currency dealer or exchanger or money transmitter we would encourage securities and futures firms to use our definitions as a starting point.29

Finally, we remind securities and futures firms that the correspondent account rule supplements their anti-money laundering obligations30 – it does not supersede such obligations. A securities or futures firm’s anti-money laundering program should contain policies, procedures, and controls for conducting appropriate, ongoing due diligence on foreign entities including, among other things, whether or not they are foreign financial institutions for the purposes of the correspondent account rule. Such policies, procedures, and controls should include, where appropriate, ascertaining the foreign entity’s ownership and the nature of its business. In high-risk situations involving any account, an anti-money laundering program should include provisions for obtaining any necessary and appropriate information about the customers underlying such an account. The anti-money laundering program additionally should contain risk-based provisions for monitoring and mitigating the money laundering risk such entities may present, and for detecting and reporting suspicious activity in such accounts.

& Hoar, 1997 Sec No-Act. LEXIS 375 (Feb. 28, 1997) (analyzing sections 3(c)(1) and 3(c)(7) as they apply to foreign funds operating in the United States). 27 31 C.F.R. § 103.175(h)(1)(iv) (emphasis added). We additionally have limited the definition to exclude those entities that may offer currency or money transmission services only incidentally. Id. See also Final Rules, 71 Fed. Reg. at 502. 28 See id. at note 36. 29 See 31 C.F.R. § 103.11(uu). The definitions of currency dealer or exchanger and money transmitter in 31 C.F.R. § 103.11(uu) cover a significant number of small financial institutions operating in the United States. See Definitions Relating to, and Registration of, Money Services Businesses, 64 Fed. Reg. 45438 (Aug. 20, 1999). The definitions in the section 312 rules were meant to capture larger foreign financial institutions located outside of the United States that engage in the business of dealing in or exchanging currency or transmitting money, which institutions would not be a foreign financial institution as the term is defined in 31 C.F.R. § 103.175(h)(1)(i)-(iii). Thus, we limited the definition of currency dealer or exchanger and money transmitter in the section 312 rules to those that are “readily identifiable” as such. See supra note 27. 30 See supra note 15.

5. Evaluating the Purpose and Anticipated Activity of an Account The correspondent account rule identifies “[t]he type, purpose, and anticipated activity of [a] correspondent account” as one of the relevant factors that should be considered, to the extent such is appropriate, in a securities or futures firm’s risk assessment of a foreign financial institution for which it establishes, maintains, administers, or manages a correspondent account.31 We have been asked whether securities and futures firms could limit their consideration to the “money movements” anticipated in accounts covered by the rules and not on the transactions in securities or futures or commodity option contracts through the account when considering the type, purpose, and activity of a securities or futures account. We have determined they cannot. Correspondent accounts are used in the securities and futures industries, for example, when a market participant that does not have direct access to a market or membership in a clearinghouse may use the facilities of a market participant with such access or membership to execute and process trades on its own behalf or on behalf of its customers. Correspondents additionally may use such facilities to deliver funds or assets to a depository, custodial, or other carrying institution. Illicit activity is not limited to the movement of funds. Money launderers may trade securities or futures or commodity option contracts as they layer transactions or integrate criminal proceeds with apparently legitimate proceeds. Thus, in considering the type, purpose, and anticipated activity of a correspondent account being established, maintained, administered, or managed for a foreign financial institution, securities and futures firms should consider the anticipated securities activities or futures and commodity options trading in a correspondent account as well as the use of the account for the purposes of moving funds when performing due diligence on or monitoring the activity of a correspondent account subject to the provisions of the correspondent account rule.32

For example, in situations where it is appropriate to consider the “type, purpose, and anticipated activity of [a] correspondent account,”33 we expect that securities and futures firms will base their determinations of anticipated activity of a new correspondent account in part on the information they gather when they qualify the foreign financial institution as an account, as appropriate. Securities and futures firms additionally may base their determinations on experiences with like accounts for other similarly situated financial institutions, if appropriate.34 For existing correspondent accounts, we expect

31 Similar provisions were contained in the private banking rule. See 31 C.F.R. § 103.178(b)(4) (requiring securities and futures firms to “[r]eview the activity of the account to ensure that it is consistent with the information obtained about the client’s . . . stated purpose and expected use of the account”). 32 We would interpret similarly the “stated purpose and expected use” provision of the private banking rule. See supra note 31. 33 31 C.F.R. § 103.176(a)(2)(ii). See also infra note 5 and accompanying text. 34 Types of correspondent accounts for which a securities or futures firm may determine that considering the account’s purpose and anticipated activity are appropriate may include a new correspondent account

that securities and futures firms will base their initial consideration of purpose and anticipated activity on their past experiences with the foreign financial institution, to the extent that such relates to how the account is presently being used. In the event that a foreign financial institution begins to use an account for purposes and activities not previously considered or anticipated, securities and futures firms’ due diligence programs should include provisions for reviewing the new use to ensure that it does not indicate suspicious activity and, when appropriate, for reevaluating the account in light of its new purpose.35

with a foreign broker-dealer or futures commission merchant for the purpose of executing and clearing customer trades for such foreign financial institution, for which the information gathered during qualification of the financial institution may be relevant and applicable. Examples of types of accounts for which experiences with similarly situated financial institutions may be appropriate include a new correspondent account with a foreign broker-dealer or futures commission merchant for proprietary trading, or a new correspondent account with a foreign mutual fund seeking to trade securities in the U.S. markets or to protect its positions or portfolio. 35 With respect to private banking accounts that may be established, maintained, administered, or managed by securities and futures firms, the purpose of the account and the expected use likely will correspond directly with a particular account program that a securities or futures firm has established with an aggregate account minimum of $1,000,000 and specialized liaison services. In the event that a private banking customer begins to use an account for new purposes the securities or futures firm should reevaluate the account and should commence monitoring the account for the anticipated activity associated with the new purpose, if necessary and appropriate in light of the circumstances.

Guidance FIN-2006-G010 Issued: May 31, 2006 Subject: Frequently Asked Questions Anti-Money Laundering Program and Suspicious Activity

Reporting Requirements for Insurance Companies Please note: This guidance supplements the Frequently Asked Questions that were issued on October 31, 2005. 1. What does FinCEN mean by “any other insurance product with features of cash value or investment,” under the definition of “covered products”? Per 31 C.F.R. § 103.137, the definition of “covered products” includes:

(i) A permanent life insurance policy, other than a group life insurance policy; (ii) An annuity contract, other than a group annuity contract (or charitable gift

annuity); (iii) Any other insurance product with features of cash value or investment.

FinCEN has received inquiries concerning the scope of (iii) “any other insurance product with features of cash value or investment” and whether group policies or group annuities that allow individual investment or have cash value for an individual will be considered “covered products.” The purpose of including the language “any other insurance product with features of cash value or investment,” in the definition of “covered products” is to ensure that any newly developed products in the life insurance and annuity areas having these characteristics, and that are particularly vulnerable to money laundering, would be covered. It is not intended that group life insurance policies or group annuities, with or without these characteristics, would be covered because group policies are administered according to guidelines that make them generally less vulnerable to abuses by participants in the plan. A request for an administrative ruling interpreting the application of this definition may be submitted in writing to FinCEN pursuant to 31 C.F.R. § 103.81.

2. Are insurance companies required to have a Customer Identification Program similar to banks subject to the requirements under 31 CFR 103.121? Presently, insurance companies are not subject to a rule requiring them to implement a Customer Identification Program and obtain minimum mandatory information verifying the identity of a customer. Nevertheless, other applicable Bank Secrecy Act regulations require insurance companies to obtain and retain identifying information from customers in certain situations. For example, insurance companies must obtain all relevant and appropriate customer-related information necessary to administer an effective anti-money laundering program. Insurance companies that are subsidiaries of banking organizations should consult with their parent bank’s primary Federal regulator. 3. Which suspicious activity reporting form should insurance companies use? The rule requiring insurance companies to report suspicious activity has an effective date of May 2, 2006. Accordingly, insurance companies must begin reporting suspicious activity on that date. We have proposed a new suspicious activity reporting form for insurance companies (FinCEN Form 108, SAR-IC). However, the new form will not be available for use on May 2, 2006. Until further notice, insurance companies should use the suspicious activity reporting form used by the securities and futures industries (FinCEN Form 101, SAR-SF) to report suspicious activity. To prevent any confusion, it is essential that insurance companies complete the SAR-SF forms for filing as follows:

On Page 2, Part IV, #36—Name of financial institution or sole proprietorship: After entering the name of the insurance company, leave one space and enter "SAR-IC.” For example: “ABC Life Insurance Co. SAR-IC.” In the Narrative section, enter “Insurance SAR” on the first line.

FinCEN will publish guidance on completing the new SAR-IC when the form becomes available. 4. What are the implications if an insurance company was unable to train all of their agents and brokers prior to the applicability date of May 2, 2006? The anti-money laundering rules for insurance companies highlight that each insurance company - like other financial institutions subject to anti-money laundering program requirements - must develop a risk-based anti-money laundering program that identifies, assesses, and mitigates any risks of money laundering, terrorist financing, and other financial crime associated with their particular business. We recognize that not all insurance companies will have the same risk profile or resources, that companies will differ in the number of associated agents and brokers and in the complexity of distribution structures, and that some companies may be in a better position than others to

provide anti-money laundering program training for their agents and brokers by the rule’s applicability date of May 2, 2006. The Financial Crimes Enforcement Network intends to administer and interpret the insurance anti-money laundering program regulations in a manner that takes into account these differences in risk profiles and resources. Accordingly, we acknowledge that some insurance companies may require additional time to provide anti-money laundering program training to all of their agents and brokers. Nonetheless, we expect that by May 2, 2006, all insurance companies that are subject to the anti-money laundering regulations will have already formally adopted written anti-money laundering policies and procedures that include reasonable plans for training of all appropriate agents and brokers.

Guidance

FIN-2007-G004 Issued: September 5, 2007 Subject: Application of the Correspondent Account Rule to Executing Dealers

Operating in Over-The-Counter Foreign Exchange and Derivatives Markets Pursuant to Prime Brokerage Arrangements

The Financial Crimes Enforcement Network is issuing this interpretive guidance to clarify the due diligence obligations of executing dealers in over-the-counter foreign exchange and derivatives markets (“OTC derivatives markets”) pursuant to prime brokerage arrangements under our rules implementing the correspondent account provisions of section 312 of the USA PATRIOT Act (“correspondent account rule”).1 Specifically, this guidance addresses whether executing dealers conducting transactions pursuant to prime brokerage arrangements in the OTC derivatives markets establish correspondent accounts with prime brokerage clients that would require the executing dealers to comply with the correspondent account rule. Prime brokerage arrangements in the OTC derivatives markets involve a prime broker, a prime brokerage client, and an executing dealer.2 Prime brokerage allows clients to trade in the name of the prime broker with executing dealers approved by the prime broker.3 When transactions are effected through a prime brokerage arrangement, the prime broker will become the counterparty to the transactions that were executed by the executing broker and the prime brokerage client, exposing the prime broker to the credit risk of the opposing parties.

1 See 31 C.F.R. § 103.176 (requiring covered financial institutions to establish a due diligence program “designed to enable the covered financial institution to detect and report . . . any known or suspected money laundering activity conducted through or involving any correspondent account established, maintained, administered, or managed by such covered financial institution in the United States for a foreign financial institution”), 31 C.F.R. § 103.175(f) (defining “covered financial institution” to include banks, broker-dealers, and futures commission merchants), and 31 C.F.R. § 103.175(h) (defining “foreign financial institution” to include foreign banks, foreign institutions that would be broker-dealers, futures commission merchants, and mutual funds if they were located in the United States, and foreign institutions that are readily recognizable as currency dealers or exchangers or money transmitters). 2 Prime brokers typically are large financial institutions – such as banks, broker-dealers, and futures commission merchants – that have established credit lines for foreign exchange and derivatives trading with foreign exchange and derivatives dealers. The client often is an advisor, a manager, or a fund. An executing dealer may be, for example, a bank, a broker-dealer, a futures commission merchant, or a “currency dealer or exchanger” as that term is defined in our rules at 31 C.F.R. § 103.11(uu)(1). 3 These transactions – including, for example, spot or forward contracts, plain vanilla swaps, and structured options – typically are executed by telephone or through an electronic trading system.

A prime brokerage relationship is formed with an agreement between a prime broker and its prime brokerage client (a “prime brokerage agreement”), in which the prime broker will permit the client to trade in the prime broker’s name with dealers in OTC derivatives that are approved by the prime broker. If the terms of the prime brokerage agreement are satisfied, then the prime broker will become the party to any transactions that the prime brokerage client initiates with the executing dealer. The prime brokerage agreement additionally will include an agreement by the prime brokerage client to enter into – or if the client is a manager or advisor, to have funds or accounts it manages (“client’s relevant account or accounts”) enter into – one or more transactions opposing the prime broker’s transactions with the executing dealer. The transactions between the prime broker and its client, or the prime broker and the client’s relevant accounts, if applicable, also will be governed by a master agreement between those parties.4 The prime broker also typically will enter into a master give-up agreement with the dealers with which its prime brokerage clients may initiate trades.5 Pursuant to the give-up agreement, the prime broker will become the counterparty to each transaction initiated with the dealer by the prime brokerage client, subject to specified limits.6 According to the give-up agreement, when the prime broker accepts a trade for give-up, it becomes a binding transaction between the executing dealer and the prime broker, rather than between the executing dealer and the prime brokerage client, or the client’s relevant accounts, if applicable.7 The transactions between the executing dealer and the prime broker typically will be governed by the terms of the same master agreement that governs the direct trading between those two institutions,8 subjecting the executing dealer to the credit risk of the prime broker rather than the prime brokerage client. The correspondent account rule applies to correspondent accounts that are established, maintained, administered, or managed by a covered financial institution for a foreign

4 These agreements – such as a Master Agreement published by the International Swaps and Derivatives Association, Inc. (“ISDA Master Agreement”), an International Foreign Exchange Master Agreement (“IFEMA”), a Foreign Exchange and Options Master Agreement (“FEOMA”), or an International Currency Options Agreement (“ICOM”) – will include provisions for closing out trades in the event of a default against the prime broker by the dealer, the prime brokerage client, or the client’s relevant account. 5 A prime broker and an executing dealer often will execute a Master Foreign Exchange Give-Up Agreement published by the Foreign Exchange Committee or a Master Give-Up Agreement published by ISDA. 6 These limits generally will parallel the limits contained in the prime brokerage agreements that the prime broker will execute with its prime brokerage clients. 7 This transaction between the dealer and the prime broker is opposed by transaction between the prime broker and the client, or the client’s account when applicable. 8 In many cases the prime broker and the executing dealer will have entered into a master agreement that governs the transactions between these parties. These agreements – such as an ISDA Master Agreement, an IFEMA, an FEOMA, or an ICOM – will include provisions for closing out trades in the event of a default against the prime broker by the dealer, the prime brokerage client, or the client’s relevant account.

financial institution.9 An account is defined for the purposes of the correspondent account rule to include only “formal relationships.”10 We do not view the interaction between an executing dealer and a prime brokerage client as the establishment, maintenance, administration, or management of a correspondent account for the prime brokerage client.11 The interaction between an executing dealer and a prime brokerage client typically is limited to the initiation of an OTC derivatives transaction by telephone or electronic trading system on a trade-by-trade basis.12 Moreover, the executing dealer and the prime brokerage client do not effect transactions with each other. Rather, each party will effect a transaction with the prime broker, who contemporaneously will enter into opposing transactions with the executing dealer pursuant to the master give-up agreement on the one hand, and the prime brokerage client, funds managed by the client, or a bank that holds accounts for the client pursuant to the prime brokerage agreement with the client on the other hand. In such circumstances, an executing dealer does not establish, maintain, administer, or manage a correspondent account for a prime brokerage client that would require an executing dealer to comply with the due diligence provisions of the correspondent account rule.13 We caution, however, that this interpretation should not be construed as limiting the other anti-money laundering obligations of executing dealers under our rules. Each financial institution subject to an anti-money laundering program rule should establish and implement risk-based policies, procedures, and controls for assessing the money laundering risk posed by its operations, including the execution of over-the-counter foreign exchange and derivatives transactions; for monitoring and mitigating that risk; and for detecting and reporting suspicious activity.

9 See 31 C.F.R. § 103.175(d)(1)(i) (defining the term “correspondent account” as an account that is established “to receive deposits from, or to make payments or other disbursements on behalf of, the foreign financial institution, or to handle other financial transactions related to [the] foreign financial institution”). 10 See 31 C.F.R. § 103.175(d)(2)(i)-(iii) (defining the term “account,” respectively, for banks, broker-dealers in securities, and futures commission merchants). 11 See, e.g., Application of the Regulations Requiring Special Due Diligence Programs for Certain Foreign Accounts to Certain Introduced Accounts and Give-Up Arrangements in the Futures Industries, FIN-2006-G011 at 4-5 (June 7, 2006) (futures commission merchants operating solely as executing brokers in give-up arrangements are not required to comply with the due diligence provisions of the correspondent account rule). 12 An executing dealer and a prime brokerage client may enter into a compensation or reimbursement agreement, under which the executing dealer may be compensated if a prime broker does not accept a trade for give-up that was conducted by the prime brokerage client. The existence of a compensation or reimbursement agreement would not alter our conclusions, as the agreement is not established to handle financial transactions. See supra note 9 (definition of “correspondent account”). 13This guidance addresses whether correspondent accounts exist between executing dealers and prime brokerage clients. We are not addressing whether a correspondent account exists between a prime broker and an executing dealer, a prime broker and a prime brokerage client, or a prime broker and the client’s relevant account.

Guidance

FIN-2008-G001 Issued: January 30, 2008 Subject: Application of Correspondent Account Rules to the Presentation of

Negotiable Instruments Received by a Covered Financial Institution for Payment

The Financial Crimes Enforcement Network (“FinCEN”) is issuing this interpretative guidance to clarify how our rules implementing section 312 of the USA PATRIOT Act (the correspondent account rule) apply to a covered financial institution presenting a negotiable instrument for payment to another financial institution.1 Specifically, this guidance addresses whether the presentation of a negotiable instrument for payment by a covered financial institution to a foreign financial institution on which the instrument is drawn would establish a correspondent account between the covered financial institution and the paying institution, subjecting the covered financial institution to compliance with the due diligence provisions of the correspondent account rule.

A covered financial institution may offer to a customer services including the processing of negotiable instruments drawn on another financial institution (the “paying institution”). After a negotiable instrument is received from the customer, the covered financial institution will present the instrument – which may be a check, a draft, or another type of negotiable instrument – to the paying institution for payment either directly or through a membership with a clearinghouse or an account with a clearing bank.2

The correspondent account rule applies to correspondent accounts that are established, maintained, administered, or managed by a covered financial institution for a foreign financial institution.3 An account is defined for the purposes of the correspondent 1 See 31 C.F.R. § 103.176 (requiring covered financial institutions to conduct due diligence on a “foreign financial institution,” including a foreign bank, for which it establishes, maintains, administers or manages a “correspondent account”). See also 31 C.F.R. § 103.175(f) (defining “covered financial institution” to include U.S. banks, broker-dealers in securities, and futures commission merchants for purposes of complying with the correspondent account rule). 2 When the covered financial institution presents a negotiable instrument for payment to or through another U.S. financial institution or a U.S. clearing facility, the due diligence provisions of the correspondent account rule would not be implicated. 3 See 31 C.F.R. § 103.175(d)(1)(i) (defining the term “correspondent account” as an account that is established “to receive deposits from, or to make payments or other disbursements on behalf of, the foreign financial institution, or to handle other financial transactions related to [the] foreign financial institution”).

account rule to include only “formal relationships.”4 In the ordinary course of business, a covered financial institution may receive negotiable instruments for payment from a foreign financial institution with which it maintains a correspondent relationship. However, the presentation by the covered financial institution of these instruments to the paying institution for collection will not establish a correspondent account between the covered financial institution and the paying institution.

Regardless of the volume or frequency with which a covered financial institution may present negotiable instruments to a particular financial institution for payment, the covered financial institution effectively does not know with what paying institution it will be dealing until a customer presents a negotiable instrument for collection, and does not know whether it will ever present a negotiable instrument to that paying institution again. Thus, the covered financial institution does not enter into a relationship with the paying institution to govern the provision of regular services or future dealings, but rather presents negotiable instruments for collection to a paying institution on a transaction-by-transaction basis.5 FinCEN does not view the transaction-by-transaction presentation of a negotiable instrument to a foreign paying institution – either directly or through a clearing facility – to be the establishment of a formal banking or business relationship by a covered financial institution for purposes of complying with the correspondent account rule. Financial institutions with questions about this guidance or other matters related to compliance with the Bank Secrecy Act and its implementing regulations may contact FinCEN's Regulatory Helpline at (800) 949-2732.

4 See 31 C.F.R. § 103.175 (d)(2)(i)-(iii) (defining the term “account,” respectively, for banks, broker-dealers in securities, and futures commission merchants). 5 This guidance covers the presentation of negotiable instruments for payment by means generally employed between covered financial institutions and the jurisdiction of the paying foreign financial institution in the normal course of business. This guidance may not apply if the covered financial institution and the paying institution enter into a different presentation procedure agreed between the parties.

Guidance FIN-2008-G005 Issued: April 17, 2008 Subject: Guidance to Financial Institutions on

Filing Suspicious Activity Reports regarding the Proceeds of Foreign Corruption

The Financial Crimes Enforcement Network is issuing this guidance to financial institutions so that they may better assist law enforcement when filing Suspicious Activity Reports regarding financial transactions that may involve senior foreign political figures, acting individually or through government agencies and associated front companies, seeking to move the proceeds of foreign corruption to or through the U.S. financial system. The term “senior foreign political figure” includes: a current or former senior official of a foreign government or of a major foreign political party; a current or former senior executive of a foreign government-owned commercial enterprise; a corporation, business, or other entity that has been formed by, or for the benefit of, any such individual; the immediate family members of any such individual; and the widely and publicly, or actually, known close associates of any such individual.1 The term “proceeds of foreign corruption” means any asset or property that is acquired by, through, or on behalf of such corrupt public figures through misappropriation, theft, or embezzlement of public funds, the unlawful conversion of property of a foreign government, or through acts of bribery or extortion, and includes any property into which any such assets have been transformed or converted.2

In order to assist law enforcement in its efforts to target foreign corruption and related money laundering and, ultimately, deny the perpetrators access to the fruits of such corruption – and, in particular, to ensure that transactions relating to foreign corruption are identified by law enforcement as early as possible – we request that financial institutions include the term “foreign corruption” in the narrative portions of all Suspicious Activity Reports filed in connection with such activity.

1 See 31 C.F.R. § 103.175(r). 2 See 31 C.F.R. § 103.178(c)(2). Various illustrative red flags regarding transactions that may be related to the proceeds of foreign corruption are described in Guidance on Enhanced Scrutiny for Transactions That May Involve the Proceeds of Foreign Official Corruption (January 2001) issued by the U.S. Department of the Treasury, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, the Office of Thrift Supervision, and the U.S. Department of State, http://www.treas.gov/press/releases/docs/guidance.htm.

http://www.treasury.gov/press-center/press-releases/Pages/guidance.aspx

As indicated in President George W. Bush’s National Strategy to Internationalize Efforts Against Kleptocracy,3 foreign corruption threatens important American interests globally, including security and stability, the rule of law and core democratic values, prosperity, and a level playing field for lawful business activities. Additionally, such corrupt practices contribute to the spread of organized crime and terrorism, undermine public trust in government, and destabilize entire communities and economies. Accordingly, consistent with their anti-money laundering obligations pursuant to 31 C.F.R. part 103, financial institutions are reminded of the requirement to implement appropriate risk-based policies, procedures, and processes, including conducting customer due diligence on a risk-assessed basis to aid in the identification of potentially suspicious transactions. Financial institutions are also reminded of their responsibilities regarding the provision of private banking services to non-U.S. persons pursuant to section 312 of the USA PATRIOT Act,4 which requires banks, brokers or dealers in securities, futures commission merchants and introducing brokers in commodities, and mutual funds to establish and maintain a due diligence program for such private banking accounts that is reasonably designed to detect and report any known or suspected money laundering or other suspicious activity. Included in this requirement is the duty to conduct enhanced scrutiny of any private banking account that is maintained for senior foreign political figures in order to detect and report the proceeds of foreign corruption. Additionally, consistent with the standard for reporting suspicious activity as provided for in 31 C.F.R. part 103, if a financial institution knows, suspects, or has reason to suspect that a transaction involves funds derived from illegal activity or that a customer has otherwise engaged in activities indicative of money laundering, terrorist financing, or other violation of law or regulation, the financial institution should then file a Suspicious Activity Report. As we noted in our SAR Narrative Guidance Package,5 financial institutions must provide a detailed description of the known or suspected criminal violation or suspicious activity in the narrative sections of Suspicious Activity Reports. This guidance is consistent with the Department of the Treasury’s efforts to ensure that U.S. financial institutions are not used as a conduit for laundering the proceeds of financial and other crimes, including corruption.

3 http://www.whitehouse.gov/news/releases/2006/08/20060810.html. 4 31 U.S.C. 5318(i); 31 C.F.R. § 103.178. 5 http://www.fincen.gov/narrativeguidance_webintro.html.

2

http://www.whitehouse.gov/BRIEFING-ROOM/

http://www.fincen.gov/narrativeguidance_webintro.html