bank secrecy act (bsa)/anti-money laundering (aml ... · • the bsa compliance officer should be...
TRANSCRIPT
Bank Secrecy Act (BSA)/Anti-Money Laundering (AML) Compliance Update
Kim Stock, CRCM
Source
• The Bank Secrecy Act (BSA) requires all financial institutions, casinos, and certain other businesses to: Monitor customer behavior File reports on transactions that meet
certain dollar amounts or on transactions that are suspicious
Maintain records of certain transactions
BSA
Source
• Financial Crimes Enforcement Network (FinCEN): Bureau of the United States Department of the
Treasury whose mission is to safeguard the financial system from illicit use and combat money laundering and promote national security through the collection, analysis, and dissemination of financial intelligence and strategic use of financial authorities.
Final interpreter of the Bank Secrecy Act https://www.fincen.gov/
FinCEN
Source
• Financial institutions aid U.S. government agencies and law enforcement by uncovering criminal activities such as money laundering, drug trafficking, tax fraud, and possible terrorist financing.
Monitoring Customer Behavior
Source
• Money laundering is when illegal money is brought into mainstream circulation.
• Launderers hide the source of these illegal funds by making a series of intricate transactions. The true source of the money is “washed away.”
It has been estimated that more than $300 billion is laundered each year in the U.S. alone. More than 81,000 people are convicted of money laundering on some level each year in the U.S.
Money Laundering
Source
• Placement – the first stage in the washing cycle. Money laundering involves a “cash intensive” business generating vast amounts of cash from illegal activities (for example, dealing drugs where payment takes the form of cash). The cash is placed into the financial system, and to avoid detection is transformed into other asset forms, such as purchasing monetary instruments like travelers checks. "Dirty" money is most vulnerable to detection and seizure during placement.
Stages of Money Laundering
Source
• Layering - separating the illegally obtained money from its source through a series of financial transactions that makes it difficult to trace the origin. A few of the many mechanisms that may be misused during layering are currency exchanges, wire transmitting services, prepaid cards that offer global access to cash via automated teller machines and goods at point of sale.
Stages of Money Laundering
Source
• Integration – final stage in the process, where illegal funds are converted into a seemingly legitimate form. Integration may include the purchase of businesses, automobiles, real estate and other assets. Integration of the "cleaned" money into the economy is accomplished by the launderer making it appear to have been legally earned. By this stage, it is exceedingly difficult to distinguish legal and illegal funds
Stages of Money Laundering
Source
• The Currency Transaction Report (CTR) records cash transactions that exceed $10,000.
• Current CTR Form-http://sdtmut.fincen.treas.gov/news/FinCENBCTR.pdf
• CTR FAQ-http://www.fincen.gov/whatsnew/html/ctr_faqs.html
Filing Reports
Source
• The Suspicious Activity Report (SAR)records any known or suspected federal violation of federal law.
• Current SAR Form-http://sdtmut.fincen.treas.gov/news/FinCENBSAR.pdf
• SAR FAQ-http://www.fincen.gov/whatsnew/html/sar_faqs.html
Filing Reports
Source
• A SAR must be filed on any known or suspected federal violation of law. Suspicious activity requires reporting if it involves: Criminal violations involving insider abuse in
any amount. Criminal violations aggregating $5,000 or more
when a suspect can be identified. Criminal violations aggregating $25,000 or
more regardless of a potential suspect.
SAR
Source
• Activity is not consistent with the customer’s business
• Unusual characteristics or behavior• Customer attempts to avoid reporting or
record keeping requirements• Insufficient information is provided by the
customer
Business goes from depositing funds once a week to several times a day at different branches. Customer visits safe deposit box each time before making a deposit. A customer asks the reporting amount for a CTR. A customer who gives no record of past or present employment is making frequent large cash transactions. The cash to be deposited smells like marijuana, cash absorbs smells.
SAR
Source
• Detecting Suspicious Activity Is the activity reasonable for that
customer? Whether the action is ultimately
fraudulent is up to law enforcement to decide.
SAR
Source
• The records related to the identity of a customer must be maintained for five years after the account (e.g., loan, deposit, or trust) is closed.
• Additionally, on a case-by-case basis (e.g., U.S. Treasury Department Order, or law enforcement investigation), a financial institution may be ordered or requested to maintain some of these records for longer periods.
Maintaining Records
Source
• Financial institutions are required to have a written policy which provide for: Internal controls Independent testing An individual responsible for
BSA/AML compliance Training for appropriate personnel
BSA Compliance Program
Source
• The board of directors, acting through senior management, is ultimately responsible for ensuring that the financial institution maintains an effective BSA/AML internal control structure, including suspicious activity monitoring and reporting.
• The board of directors and senior management should create a culture of compliance to ensure staff adherence to the financial institution’s BSA/AML policies, procedures, and processes.
• The level of sophistication of the internal controls should depend on the size, structure, risks, and complexity of the financial institution.
Internal Controls
Source
• Internal controls should:
Identify products, services, customers, entities, and geographic locations more vulnerable to abuse by money launderers and criminals
Provide for periodic updates to the financial institution’s risk profile and provide for a BSA/AML compliance program tailored to manage risks
Inform the board of directors and senior management of compliance initiatives, identified compliance deficiencies, corrective action taken and when SARs are filed
Internal Controls
Source
• Internal controls should:
Meet all regulatory recordkeeping and reporting requirements
Identify a person or persons responsible for BSA/AML compliance
Provide for dual controls and the segregation of duties Train employees to be aware of their responsibilities
under the BSA regulations and internal policy guidelines
Internal Controls
Source
• Independent testing (audit) should be conducted by the internal audit department, outside auditors, consultants, or other qualified independent parties every 12 to 18 months.
• Evaluate the overall adequacy and effectiveness of the BSA/AML compliance program
• Review the financial institution’s risk assessment • Perform risk-based transaction testing to verify the
financial institution’s adherence to the BSA recordkeeping and reporting requirements (e.g., CIP, SARs, CTRs and CTR exemptions)
• Review staff training for adequacy, accuracy, and completeness
Independent Testing
Source
• Evaluate senior management’s efforts to resolve violations and deficiencies noted in previous audits and regulatory examinations
• Review the effectiveness of the suspicious activity monitoring systems used for BSA/AML compliance (for example, suspicious activity monitoring report, large currency aggregation report, monetary instrument records, funds transfer records, NSF reports, large balance fluctuation reports and kiting reports)
• Assess the overall process for identifying and reporting suspicious activity, including reviewing filed or prepared SARs to determine their accuracy and timeliness
Independent Testing
Source
• The board of directors must designate a qualified individual to serve as the BSA compliance officer to coordinate and monitor day-to-day BSA/AML compliance. However, the board of directors is ultimately responsible for the financial institution’s BSA/AML compliance.
• The board of directors is responsible for ensuring that the BSA compliance officer has sufficient authority and resources (monetary, physical, and personnel) to administer an effective BSA/AML compliance program based on the financial institution’s risk profile.
BSA Officer
Source
• The BSA compliance officer should be fully knowledgeable of the Bank Secrecy Act and all related regulations. The BSA compliance officer should also understand the financial institution’s products, services, customers, entities, and geographic locations, and the potential money laundering and terrorist financing risks associated with those activities.
• Pertinent BSA-related information, including the reporting of SARs filed with FinCEN, should be reported to the board of directors or an appropriate board committee so that these individuals can make informed decisions about overall BSA/AML compliance.
BSA Officer
Source
• Include regulatory requirements and the financial institution’s internal BSA/AML policies, procedures, and processes
• Should be tailored to the person’s specific responsibilities• An overview of the BSA/AML requirements typically should
be given to new staff during employee orientation• Teller training, for example, would focus on large currency
transactions or other suspicious activities• The BSA compliance officer should receive periodic training
that is relevant to changing regulatory requirements
BSA Training
Source
• Lender training, for example, would provide scenarios involving money laundering through lending arrangements
• Training programs which include training and testing materials, the dates of training sessions, and attendance records should be documented and maintained and be available for examiner review
• Board of directors training should explain the importance of BSA/AML regulatory requirements, the ramifications of noncompliance, and the risks posed to the financial institution.
BSA Training
Source
• Customer Identification Program (CIP) is the minimum standards required under the USA PATRIOT ACT for identifying and verifying the identity of persons opening accounts
• After September 11th, President Bush signed into law the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act
• One way to combat money laundering is for financial institutions to know their customers.
• CIP must be applied to all new customers who open accounts. It does not apply to existing customers.
CIP
Source
• Provide customers with adequate notice that the bank is requesting information to verify their identities before the account is opened. Examples include posting a notice in the lobby, on a Web site, or within loan application documents.
• IMPORTANT INFORMATION ABOUT PROCEDURES FOR OPENING A NEW ACCOUNT — To help the government fight the funding of terrorism and money laundering activities, federal law requires all financial institutions to obtain, verify, and record information that identifies each person who opens an account. What this means for you: When you open an account, we will ask for your name, address, date of birth, and other information that will allow us to identify you. We may also ask to see your driver’s license or other identifying documents.
CIP
Source
• At a minimum, the following identifying information must be obtained from each customer before an account is opened: Name Date of Birth (for individuals) Residential or business street address Tax Identification Number
CIP
Source
• Procedures to be used to verify a customer’s identity A list of documents acceptable as primary
identification such as drivers license, valid passport, military ID, valid state I.D. Card or U.S. alien registration
A list of secondary identification such as an insurance card, social security card, utility bill or voters registration card
Allowed to make copies of drivers licenses. Not permitted to make copies of military ID’s, this is a federal crime. Can write the information down. Should not make copies of credit cards. Can write the last 4 numbers down. Secretary of State website – look to see if business is active and in good standing.
CIP
Source
• Procedures of non-documentary methods to be used Chex Systems Telecheck Credit Reporting Agencies Secretary of State Web Site for
Businesses
Subject to Fair Credit Reporting Act . Must have a permissible purpose to pull report or obtain written permission from the consumer in advance. If pull report on account owner, no written authorization is required. But need it if pull report on authorized signers on consumer & business accounts or if the consumer is acting as a fiduciary on any account.
CIP
Source
• Three Basic Rules Verify the identity of the person opening the
account Maintain records for 5 years after the account
is closed Check government lists (Office of Foreign
Assets and Control) (OFAC)
• CIP FAQ’shttp://www.ffiec.gov/bsa_aml_infobase/documents/BSA_AML_FAQ.pdf
CIP
Source
• 314 of the USA Patriot Act allows financial institutions to share customer information to assist law enforcement agencies. Law enforcement submits a formal request to FinCEN
naming individuals and businesses that are persons of interest.
FinCEN compiles a list, assigns tracking numbers and emails points of contact designated by financial institutions every other Tuesday notifying them that a new request list is available on the Secure Information Sharing System (SISS).
314 (a)
Source
• Searching customer records within 14 calendar days Transactions linked to an account must be searched for
the preceding 12 months Transactions not linked to an account should be
searched for the preceding 6 months Deposit records, loan records, trust department
account records, safe deposit records, securities transactions, remitters of monetary instrument sales, funds transfer records (originators and incoming recipients)
Document the searches
314 (a)
Source
• 314 (b) enables financial institutions to share information with each other if they are registered Must verify the registration of the other
institution involved Only if both institutions believe terrorist
activity, money laundering or unlawful activity is involved
Add to policy and procedures before you register
314 (b)
Source
• FFIEC BSA/AML Examination Manual Contains an overview of BSA/AML compliance program
requirements, risk management expectations, industry sound practices, and examination procedures. The development of this manual was a collaborative effort of the federal and state banking agencies. The Federal Financial Institutions Examination Council (FFIEC) was established in March 1979 to prescribe uniform principles, standards, and report forms and to promote uniformity in the supervision of financial institutions.
https://www.ffiec.gov/bsa_aml_infobase/pages_manual/manual_online.htm
BSA/AML Resource
Source
• Inadequately monitoring suspicious activity• Failure to identify and monitor high risk
customers• Failure to conduct adequate risk
assessments
APPENDIX J: QUANTITY OF RISK MATRIXhttps://www.ffiec.gov/bsa_aml_infobase/pages_manual/OLM_110.htm
Common BSA Findings
Source
• Inadequate BSA/AML training for the employees and the board
• Failure to obtain independent testing• Failure to file a CTR• Failure to search records for 314(a) in a
timely manner• Failure to identify and monitor Money
Service Business (MSB) customers
• Instead of asking customer if they are a MSB, ask them if they ever cash 1 or more checks totaling $1,000 or more for one customer in a single day
Common BSA Findings
Source
• Failure to obtain minimum CIP information
• Failure to file a timely SAR• Failure to monitor wire transfers• Failure to monitor monetary
instrument sales• BSA Officer lacks expertise and
knowledge of the regulations
Common BSA Findings
Source
• Violations of BSA requirements may hold the following penalties: Civil penalties of $1000 per day for each day of
noncompliance A penalty of $500 per violation of the recordkeeping
requirements of the BSA Willful violations may cause civil penalties in an amount
equivalent to that of the transaction or $25,000, whichever is greater
If a required CTR is not filed within 15 days, a $10,000-per-day civil penalty may be imposed until it is filed
Continued noncompliance can result in the issuance of a “Cease & Desist” order from the FDIC
BSA/AML is not a compliance issue but a safety and soundness issue which affects your camel rating and the growth of your institution, for example, an application to open a new branch could be denied
Penalties for Noncompliance
Source
• Any individual who willfully violates the structuring provisions may be fined $250,000 and/or imprisoned for five years.
• Any individual who willfully violates the structuring provisions while violating another federal law, may be fined $500,000 or imprisoned for ten years.
Penalties for Noncompliance
Source
• It is extremely important for financial institutions to inform their employees that it is not necessarily the financial institution that will suffer the penalty for non-compliance, but it could actually be the employee paying the fine and going to jail.
Penalties for Noncompliance
Source
• Federal Deposit Insurance Corporation (FDIC) determined that a financial institution in West Virginia failed to implement an effective BSA/AML Compliance Program over an extended period of time
• $4.5 million civil money penalty assessed on June 15, 2015, against the financial institution with $96 million in assets
• Inadequate internal controls resulted in unacceptable risk to the financial institution in terms of unlawful financial transactions
• Financial institution failed to file multiple currency transaction reports and suspicious activity reports associated with this risk
Civil Money Penalties
Source
• FDIC determined that a financial institution in California failed to implement an effective BSA/AML Compliance Program over an extended period of time
• $140 million civil money penalty assessed on July 22, 2015, against the financial institution with $500 million in assets
• Failure to retain a qualified and knowledgeable BSA officer • Failure to maintain adequate internal controls reasonably
designed to detect and report unlawful financial transactions and other suspicious activities
• Failure to provide sufficient BSA training and conduct effective independent testing
• Citigroup Inc. in October was planning to close its three-branch Banamex USA subsidiary in San Jose, Los Angeles and Houston
Civil Money Penalties
What’s Next?
Source
• Effective Date Unknown Still a proposal, comments were due last
October 3, 2014 Will become effective one year from the
date the final rule is issued It is expected that FinCEN will move
forward and require the identification of beneficial owners
Customer Due Diligence (CDD)
Source
• Enhanced Requirements Establishing and verifying the identity of
customers Establishing and verifying the identity of
beneficial owners Understanding the nature and purpose of
customer relationships Monitoring to maintain and update customer
information and to identify and report suspicious transactions
Develop understanding of normal expected activity to differentiate between low and high risk customers. For example, lawyers have erratic payments so they pose a higher risk
Customer Due Diligence (CDD)
Source
• Collection of Beneficial Ownership Facilitates tax reporting Increases the transparency of U.S. legal
entities Facilitates global implementation of
international standards Increases efficiency in monitoring
accounts for suspicious activity
Customer Due Diligence (CDD)
Source
• Beneficial Owner Definition is two-pronged – focusing on ownership and
control Ownership – any individual who directly or indirectly
owns 25% or more of the equity interests of a legal entity customer (no more than four individuals)
Control – one individual with significant responsibility to control, manage or direct a legal entity, including an executive officer, senior manager or anyone who performs similar functions
Customer Due Diligence (CDD)
Source
• Standard Certification Form Requires an individual at account opening
to provide each beneficial owner’s name, date of birth, address and social security number (for U.S. persons or other similar identification for foreign persons)
Requires an individual to certify the genuineness of the information provided
Customer Due Diligence (CDD)
Source
• Standard Certification Form Financial institutions should retain this
form and any related identifying information collected for five years after the date an account is closed
Located on pg. 22 at the following link-http://www.fincen.gov/statutes_regs/files/CDD-NPRM-Final.pdf
Customer Due Diligence (CDD)
Source
• Amendments to the “Pillars” of the AML Program Add a Fifth Pillar: Appropriate risk-based procedures
for conducting ongoing CDD that include:• Understanding the nature and purpose of the
customer relationship in order to develop a customer risk assessment
• Conducting ongoing monitoring to maintain and update customer information and to identify and report suspicious transactions
Customer Due Diligence (CDD)
Questions?