bank secrecy act for operations...

of 15/15
Bank Secrecy Act for Operations Staff Presented by Jan Vogel, Center for Professional Development WilliamsTown Communications, Contributing Writer #TR1118

Post on 03-May-2020

1 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

  • Bank Secrecy Actfor Operations Staff

    Presented by Jan Vogel, Center for Professional Development

    WilliamsTown Communications, Contributing Writer

    #TR1118

  • 2

    l

    What Is the Bank Secrecy Act?

    Not surprisingly, the first step to BSA compliance is understanding just what the Bank Secrecy Act in-volves and why it was enacted in the first place. In its current form, the BSA is more than just a single act of Congress; rather, it is a combination of multiple laws that have been passed during the last four decades. These laws were enacted to assist law enforcement officials in the investigation of activities and crimes such as money laundering, tax evasion, and financing of terrorist groups. Collectively, these acts and their related regulations require that financial institutions obtain specific information, maintain certain records, and report certain financial transactions to the federal government.

    Today, BSA enforcement is the responsibility of an agency called the Financial Crimes Enforcement Network, or FinCEN. FinCEN is a bureau of the United States Department of the Treasury.

    IntroductionWelcome to CUNA’s Bank Secrecy Act for Operations

    Staff Training on Demand course! Compliance with the Bank Secrecy Act, otherwise

    known as the BSA, is a critical task for each and every credit union in the United States, so all credit union employees must be familiar with BSA requirements. To that end, this course provides an overview of the Bank Secrecy Act, including specific actions that you, as a member of your credit union’s operations staff, must take to be BSA compliant.

    Of course, you also need to be sure that you know the BSA policy and procedures at your credit union. This is key to being in compliance with the require-ments of the Bank Secrecy Act.

    Let’s get started!

    ObjectivesThe Bank Secrecy Act applies to all credit unions,

    and it requires that employees in these institutions carry out certain tasks. But what exactly does the BSA entail, and how does it affect operations staff in particular? By the end of this Training on Demand course, you’ll know the answers to these questions. In fact, upon completing the course, you will be able to:

    • Explain the Bank Secrecy Act (BSA);

    • Know when to file Currency Transaction Reports (CTRs) and Suspicious Activity Reports (SARs);

    • Explain the requirements for wire transfer pay-ment orders and monetary instrument purchases;

    • Understand how to apply Customer/Member Identification Programs; and

    • Explain the purpose of 314(a) and 314(b) infor-mation sharing.

  • 3

    Laws That Comprise the Bank Secrecy Act

    As described earlier, the Bank Secrecy Act is not a single law, but rather a combination of multiple laws that have been enacted at the federal level. Some of the most important of these laws include the following:

    • The Bank Secrecy Act of 1970;

    • The Anti-Drug Abuse Act of 1986;

    • The Money Laundering Control Act of 1986; and

    • The USA PATRIOT Act of 2001.

    Although each of these laws deals with a different topic, each also has the same basic purpose: to create a paper trail for currency transactions. Let’s take a look at each of these laws in greater detail.

    Bank Secrecy Act of 1970The Bank Secrecy Act of 1970 is the foundation

    upon which the current version of the BSA was built. So, what did this act entail? In short, the primary purpose of this law was to prevent financial institu-tions — including credit unions — from being used as intermediaries in currency transactions that might be linked to money laundering, tax evasion, and other criminal activities. To accomplish this goal, the Bank Secrecy Act of 1970 standardized recordkeeping and reporting requirements for all financial institutions in the United States. Many of these requirements will be discussed in greater detail later in this book.

    Anti-Drug Abuse Act of 1986 A second major law that helped shape today’s BSA

    was the Anti-Drug Abuse Act of 1986. This law was passed during a period of rising concern about the many negative effects of illicit drugs on American society. Therefore, the act sought to strengthen the U.S. government’s “War on Drugs” efforts by:

    • Helping law enforcement thwart illicit drug crops;

    • Stopping international drug trafficking;

    • Improving the enforcement of existing anti-drug laws; and

    • Establishing more effective drug abuse and pre-vention programs.

    Most notably for the purposes of this course, the Anti-Drug Abuse Act of 1986 also set the stage for the first piece of legislation to outlaw money laun-dering: the Money Laundering Control Act of 1986.

  • 4

    l

    ent areas in its efforts to root out and prevent terror-ism, one particular area of concern relates to the fi-nancing of terrorist activities. Accordingly, the PATRIOT Act authorized the U.S. Department of the Treasury to issue regulations requiring all financial institutions in the United States to:

    • Have minimum standards to verify the identity of new members when opening accounts;

    • Have anti-money laundering programs in place;

    • Search their records for information if requested by FinCEN; and

    • Compare the names of new members with a govern-ment list of known or suspected terrorists.

    Currently, this particular list has not yet been re-leased. For the time being, all credit unions should screen their new members against the list of Specially Designated Nationals and Blocked Persons (SDN list) released by the U.S. Office of Foreign Assets Control, or OFAC.

    How the BSA Affects Credit UnionsThe National Credit Union Administration (NCUA) is

    responsible for ensuring that all credit unions comply with the provisions of the Bank Secrecy Act. In particu-lar, during their periodic review of a credit union’s op-erations, NCUA examiners ensure that the credit union has all five elements of an effective BSA program in place. These elements are as follows:

    1. A system of internal controls —including policies and proce-dures —to ensure ongoing BSA compliance;

    2. A BSA officer — in other words, a staff member with appropriate resources and authority who is responsible for coordinating and monitoring BSA compliance;

    Money Laundering Control Act of 1986

    As previously described, the Money Laundering Control Act of 1986 strengthened the BSA by making money laundering a federal crime. In particular, the Money Laundering Control Act resulted in regula-tions that:

    • Criminalized the act of money laundering;

    • Prohibited the act of structuring transactions to evade currency transaction report (CTR) filings; and

    • Introduced both civil and criminal penalties for violations of the BSA.

    More information about CTR filings is provided later in this book.

    USA PATRIOT Act of 2001Finally, yet another piece of legislation that played

    a significant role in shaping the BSA was the USA PATRIOT Act of 2001. This law’s full name is the “Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act,” and it was passed in the wake of the terrorist attacks of September 11, 2001.

    Although the PATRIOT Act focuses on many differ-

  • 5

    3. A program that trains employees with regard to BSA compliance; and

    4. An independent testing program to monitor internal compliance.

    5. Risk-based procedures for ongoing member/customer due dilligence.

    During an NCUA examination, all employees can be asked to prove that they know and understand BSA re-quirements. In other words, compliance with the Bank Secrecy Act isn’t just the duty of the BSA officer — it’s everyone’s responsibility.

    Currency Transaction Reports

    What must you and your credit union do to comply with the BSA? You must always follow the BSA regula-tions related to Currency Transaction Reports, or CTRs. Under current federal regulations, all financial institu-tions — including credit unions — are required to file a CTR any time they process a deposit, withdrawal, or exchange of cash in excess of $10,000. In other words, a CTR is required for each and every cash transaction

    of $10,000.01 or more. This amount includes multiple same-day cash transactions completed at any credit union branch by, or on behalf of, the same individual or entity. For the purposes of a CTR, deposits made at night, over a weekend, or on a holiday are treated as if they are received on the next business day.

    The following transactions are similar to those you are likely to encounter at your credit union. These should help you determine when to file a CTR.

    Scenario 1: Betty comes into your credit union’s Main Street branch with $12,000 in currency and wants to deposit that money into her savings account. Do you need to file a CTR?

    This is an easy one! Because the transaction involves more than $10,000 in currency, you must file a CTR for this transaction.

    Scenario 2: John withdraws $11,500 in currency in the morning. Later that day, he deposits $6,000 in cur-rency back into his account, saying he didn’t need all of the money. Should you file a CTR?

    Yes, you should. Even though the total dollar amount going out of John’s account is only $5,500, you still need to file a CTR for the original $11,500 cash with-drawal.

    Scenario 3: Fred deposits $6,000 in cash into his share draft account in the morning. Later that day, his broth-er wants to deposit $5,000 cash into Fred’s share draft account. Do you file a CTR?

    Yes, a CTR must be filed, because all cash transactions made in the same day to the same account either by the account holder or for the account holder must be ag-gregated.

    One easy way to remember when to file a CTR is by re-calling the following phrase:

    “More than $10,000 today, a CTR is on the way.”

    http://www.fincen.gov/forms/bsa_forms/

  • 6

    Filing CTRs Completed CTRs must be filed no later than the fif-

    teenth day following the date of the cash transaction. When you recognize that a CTR needs to be com-

    pleted, you may inform the member that you are filing a report. However, it’s usually best to keep the details of the filing to yourself! Also, whenever you complete a CTR, be sure to verify the member’s basic information, including name, address, and taxpayer ID number.

    Remember, it’s essential that you follow your credit union’s specific policies regarding who completes and files CTRs!

    Suspicious Activity Reports

    Another important tool involved in the prevention and detection of money laundering is the Suspicious Activity Report, or SAR. Under federal regulations, you are required to file an SAR for any suspicious transaction activity — no matter whether it involves cash, check, wire transfer, or Automated Clearinghouse (ACH).

    But under what circumstances should you complete an SAR? Per federal guidelines, this form must be filed in any of the following situations:

    • The credit union has been the victim of a criminal violation involving an aggregated amount of $25,000 or more, and a suspect has not been identified.

    • The credit union has been the victim of a crimi-nal violation involving an aggregated amount of $5,000 or more, and a suspect has been identified.

    • The credit union has conducted a transaction of $5,000 or more and knows, suspects, or has reason to suspect that money laundering or BSA violations have occurred.

    • The credit union has been the victim of insider abuse involving funds in any amount.

    Filings SARs Whenever an SAR is required, it must be filed with

    FinCEN within 30 days of the suspicious activity. However, if a suspect has not yet been identified, filing can be delayed for up to 30 additional days. SAR filings are confidential—this means that applicants may not be informed that a filing has occurred. In fact, if an ap-plicant even asks whether an SAR has been filed, that inquiry must be reported as well.

    Within your credit union, everyone is respon-sible for detecting and reporting suspicious activ-ity. Federal “Safe Harbor” legislation means that you cannot be prosecuted for filing an SAR in good faith — so don’t be afraid to do so! Still, be absolute-ly sure that you know and follow your credit union’s procedures regarding who actually completes and files your organization’s SARs.

    Reasons to File an SARAs you can imagine, there are many reasons why a

    credit union might decide to file an SAR. Some exam-ples include:

    • Check fraud;

    • Computer intrusion;

    • Credit or debit card fraud;

    • Embezzlement;

    • Mortgage loan fraud;

    • Identity theft; and

    • Terrorist financing.

    Two of the most common reasons for filing are trans-action structuring and wire transfer fraud. Because

  • 7

    these reasons are so common, we’ll take a closer look at both of them in the following sections.

    Transaction StructuringAs previously mentioned, transaction structuring is

    one of the most frequent reasons why credit unions file SARs. But what exactly is “structuring”? In short, structuring occurs whenever an individual tries to evade CTR filing by splitting a reportable transaction into multiple, smaller dollar-amount transactions, each of which falls under the $10,000.01 threshold.

    Sometimes structuring is easy to spot. For ex-ample, say that Joe comes into your credit union with $15,000 in currency but decides to only deposit $6,000 into his share account when he learns that a CTR will be filed. This is clearly structuring, so the credit union must file an SAR on the transaction.

    In other cases, structuring may not be so easy to detect. For instance, say that Betty deposits $3,000 in currency into her share draft account on Monday, $4,000 in currency on Wednesday, and another

    $4,000 in currency on Thursday. This makes a total aggregated cash deposit of $11,000. In this scenario, the credit union would not file a CTR because the deposits were not made on the same business day. However, the credit union would want to monitor the account to see whether Betty’s ongoing activity in-dicates a pattern of structuring to avoid CTR filings. Then, after reviewing Betty’s account activity, the credit union’s BSA officer would need to determine if an SAR should be filed.

    Wire TransfersIn addition to structuring, wire transfer fraud is

    another major reason why credit unions file SARs. In fact, to help detect and prevent fraud in this area, credit unions are required to record and retain the following information for all wire transfers in amounts of $3,000 or more:

    • The name and address of the payment’s originator;

    • The amount and execution date of the payment order and any other instructions received;

    • The identity of the beneficiary’s financial institution; and

    • The beneficiary’s name, address, and account number (if provided).

    This information must be obtained at the time the payment order is accepted, and it must “travel” with the order to the receiving financial institution.

    Finally, it’s important to note that transfers for less than $3,000, transactions governed by the Electronic Fund Transfer Act and Regulation E (such as ATM and point-of-sale transactions), and ACH transactions are not covered by these rules.

  • 8

    Wire Transfers and SARsNow you know what information you need to record

    and retain for wire transfers—but do you know how to spot a transfer that would require you to file an SAR? In short, when reviewing wire transfers for signs of suspi-cious activity, be sure to stay alert for any and all trans-fers that fall outside the scope of a member’s normal account activity or line of business.

    For example, say that during the month of March, your credit union’s wire transfer department receives 29 wire transfers totaling $900,000 for deposit into Anderson Rental Service’s share draft account. Then, one day af-ter each of these transfers is completed, the associated funds are wired directly to Ed Johnson’s personal account at another financial institution. Here, based on your re-search on the company’s account, you determine that the received and subsequent transfers are outside the normal scope of Anderson Rental Service’s business. Therefore, these transactions should raise a red flag for your credit union’s BSA officer, and an SAR should be filed.

    Monetary InstrumentsAs yet another crime detection practice, current BSA

    regulations also require that credit unions document cash sales of certain monetary instruments. In par-ticular, if a credit union sells a cashier’s check, teller’s check, money order, traveler’s check, or other mon-etary instrument to a person in an amount from $3,000 to $10,000 and this purchase is made with cash, the credit union must collect and maintain certain informa-tion in its records.

    When the recordkeeping requirement for monetary instrument transactions was first established in 1988, this information had to be kept in a centralized log. The log requirement was eliminated in 1994. Today, credit unions are required to keep a record of the informa-

    tion in any format that is both accurate and easily ac-cessible. Specifically, for each cash purchase between $3,000 and $10,000, there must be a record of:

    • The purchaser’s name;

    • The date of the purchase;

    • The type of instrument that was purchased;

    • The serial number of the instrument; and

    • The dollar amount of the transaction.

    Although it is not required, it is also highly recom-mended that you verify the identity of the individual purchasing the instrument.

    But what about purchases of monetary instruments greater than $10,000? In these situations you do not need to obtain the information listed above; however, if the instrument is purchased with cash, then a CTR must be filed. In contrast, if the purchase does not involve cash, then the CTR rule does not apply. Note though, that some credit unions may have a policy that requires members to deposit cash prior to purchasing a mon-etary instrument in that amount. When this is the case, the credit union is required to obtain and retain the five pieces of information discussed earlier.

    The USA PATRIOT Act and BSA Compliance

    As mentioned near the beginning of this book, the USA PATRIOT Act of 2001 established several provi-sions that affect the way financial institutions do busi-ness. The provisions of greatest importance to credit union operations staff are those related to Member Identification Programs and to information sharing, both between financial institutions and between finan-cial institutions and the federal government.

  • 9

    Customer/Member Identification Programs

    Let’s start our discussion of the PATRIOT Act by fo-cusing on Section 326 of that statute. This section is important because it requires that all financial institutions establish what is known as a Customer Identification Program (CIP)—or, in the case of a credit union, a Member Identification Program (MIP). No mat-ter what name the program goes by, it must require the implementation of reasonable procedures to verify the identity of any person who seeks to open an account. As part of its CIP or MIP, the financial institution must record and maintain all of the information it used to verify a person’s identity.

    Who Should Be Subject to Your CIP/MIP? How do you determine whether someone should or

    should not be subject to your credit union’s Member Identification Program? Thankfully, there are guide-lines for making this determination:

    1. Every individual who seeks to open a new ac-count should be subject to your credit union’s MIP. Generally, existing members are not subject to MIP requirements. However, if the credit union is not comfortable that it “knows” the member based on previously obtained information, the credit union should consider obtaining additional or more recent information. For example, credit union members who opened accounts before the current standards were put in place may not have provided the more extensive identification information re-quired under the USA PATRIOT Act. In addition, it’s important to remember that each person named on a joint account is considered a member and their identity must be verified.

    2. Entities that are not legal persons are subject to the credit union’s MIP. Examples include clubs, estates, and unincorporated businesses. (Note, however, that a business may be considered a “legal person” in some instances.) When deal-ing with these sort of entities, your credit union must verify the identity of the organization’s representative, as well as the identities of any other individuals who will be conducting trans-actions on the organization’s account.

    3. For the purpose of MIPs, legal entities are con-sidered members too. This means that prior to opening a legal entity account, you must verify the identity of the legal entity, all those who will conduct transactions on the account, and the beneficial owners of the legal entity. A legal entity is any corporation, LLC, or other company that is created by filing with the Secretary of State or similar office. A beneficial owner is any person that has 25% or more ownership inter-est in the entity, and one person with significant control of the day to day operations on the en-tity.

    4. All individuals who lack legal capacity— including minors—are subject to your credit union’s MIP. For instance, when working with minors, a credit union has a number of verifica-tion options. One option is to verify the identity of the minor’s parent, legal guardian, or next of kin. Alternatively, if identification is avail-able (such as a student ID), the credit union may positively identify the minor or allow someone else (usually a parent or guardian) to vouch for the minor’s identity.

    Of course, not all people and organizations that ap-ply for an account at your credit union will be subject

  • 10

    to its MIP. In particular, the stringent identification rules associated with MIPs do not apply to the follow-ing account applicants:

    • Persons with an existing account with the credit union—provided that the credit union has a rea-sonable belief that it knows the member’s true identity;

    • Signatories (or authorized signers) on accounts;

    • Other financial institutions; or

    • Government agencies.

    Information RequiredYou’ve determined an account applicant is sub-

    ject to your credit union’s Member Identification Program. Now what? At a minimum, you are required to obtain the following four pieces of information from the individual:

    1. First, you must obtain the person’s legal name. Note that even if the applicant will be “doing

    business as” a different name, you must still get the legal name of the potential account holder.

    2. Second, you must obtain the applicant’s date of birth, including month, day, and year.

    3. Third, you must obtain the applicant’s address.

    4. And fourth, you must obtain an identification number for the applicant.

    Because the exact type of address and ID information you require varies depending on the type of applicant, let’s take a closer look at these requirements.

    Identification Numbers As mentioned earlier, you must obtain the identifica-

    tion number of any applicant for a new account. You have several options available to you, depending on the applicant’s citizenship and residency status:

    • If the person is a U.S. citizen or is authorized to work in the United States, you should generally ask for his or her Social Security Number.

    • If, however, the applicant does not have a Social Security Number, you should obtain his or her Individual Taxpayer Identification Number (ITIN), Alien Identification Number, and/or passport num-ber, along with the country of issuance. When using a document issued by a foreign government, make sure it evidences nationality or residence and bears a photograph or other safeguard. If the applicant is an entity rather than an individual, you should obtain the applicant’s Employer Identification Number (EIN).

    Address Requirements As previously mentioned, the third piece of critical

    information you must obtain when verifying identity is

  • 11

    the applicant’s address. The exact requirements vary depending on whether the applicant is an individual or an entity:

    • For individuals, the credit union must obtain a resi-dential or business street address. A post office box is not acceptable, although it can be used for mail-ing purposes.

    • For individuals without a residential or business street address, you may accept an Army Post Office (APO) box number, a Fleet Post Office (FPO) box number, or the residential or business street ad-dress of the person’s next of kin or other contact individual.

    • For corporations, partnerships, or trusts, your cred-it union must record the address of the applicant’s principal place of business, local office, or other physical location.

    Remember, these four pieces of information—name, date of birth, address, and ID number—represent a minimum requirement. In all cases, you should get as much information as you need to establish a reasonable belief that you know the true identity of the account applicant.

    Verifying Information: The Documentary Method

    You now know what four critical pieces of informa-tion must be obtained as part of any CIP or MIP. But how can you verify that this information is authentic? According to federal regulations, your credit union’s MIP must contain procedures describing when vari-ous pieces of information will be verified through government-issued documents, as well as which types of documents it will accept. This manner of using government-issued documents is known as the docu-mentary method of verification.

    Federal regulations are specific about what counts as a “document” in the context of an MIP, and they provide different lists of acceptable documents for individuals and for corporations, partnerships, and trusts. In particular:

    • When applying for new accounts, individuals must present unexpired government-issued identification evidencing nationality or resi-dence and bear- ing a photo. Examples of acceptable documents include a person’s passport or driver’s license.

    • In contrast, corporations, partnerships, and trusts must present one or more documents prov-ing their existence as an entity. Acceptable docu-ments include certified articles of incorporation, government-issued business licenses, partner-ship agreements, and trust instruments.

  • 12

    Verifying Information: The Nondocumentary Method

    But what if an account applicant cannot provide any of the documents we discussed? Can your credit union still verify the applicant’s identity? According to the USA PATRIOT Act, the answer to this question is yes—you just have to rely on an alternate method of verification known as the nondocumentary meth-od. This method of verification is appropriate in situ-ations where:

    • An individual is unable to present unexpired, government-issued identification;

    • The credit union is not familiar with the docu-ments the applicant presents;

    • The account is not being opened in person; or

    • The type of account being opened increases the risk that the credit union will not be able to iden-tify the applicant using documents. (This would include accounts opened by mail and via online banking.)

    As you might expect, the nondocumentary method involves consideration of information other than government-issued documents. With this method, your credit union can independently verify an ap-plicant’s identity by comparing the information the applicant provides against items such as utility bills, statements from other financial institutions, rental agreements, or public databases. However, the most common methods involve running a credit report on the applicant and/or running the applicant’s infor-mation through a check verification service.

    Usually, more than one nondocumentary piece of identification is required before an account can be opened, depending on your credit union’s policy. Also, remember that even seemingly “official” docu-ments can be obtained illegally and may be fraudu-

    lent, so it is often wise to use a combination of both the documentary method and the nondocumentary method to verify identity, especially in cases where you are un-comfortable with the documents being provided.

    What If an Applicant’s Identity Can’t Be Verified?

    As described in the previous sections, documentary and nondocumentary methods can be used to verify the identity of an account applicant. But what if nei-ther method proves an applicant’s identity? Your cred-it union’s MIP needs to explain what to do in these situations. In fact, your MIP should address all of the following:

    • When the credit union should not open an account;

    • The terms under which members may use an ac-count while their identities are still being verified;

    • When the credit union should close an account after attempts to verify a member’s identity have failed; and

    • When the information received during the verifi-cation process should trigger the filing of an SAR.

  • 13

    Information to Record What type of information should be included in your

    credit union’s records? In short, your records must in-clude a description—and not a copy—of any document you relied on to verify an applicant’s identity. This de-scription should detail the following:

    • The type of document used;

    • The identification number listed on the document;

    • The document’s place of issuance;

    • The document’s date of issuance;

    • The document’s expiration date; and

    • A description of any substantive discrepancies that were discovered when verifying the information received from the applicant.

    Remember, this information must be kept for five years after a record of it is made! Your credit union can store this information on paper, or use electronic means to satisfy its MIP retention requirements. If it opts for the second method, all electronic records must

    be accurate and accessible within a “reasonable pe-riod” of time.

    No matter what method your credit union uses, though, it is critical that you familiarize yourself with the organization’s record retention procedures and follow them at all times!

    Notice RequirementsBefore you can record any information, however,

    your credit union must provide notice to potential members that certain information will be collected during the verification process. This requirement, which is a result of the PATRIOT Act and its related regulations, states that notice must be given in a manner “reasonably designed” to ensure that the ap-plicant is able to view or receive the notice prior to opening an account. For example, the credit union can post a notice regarding ID requirements in the lobby, on its website, on a handout, or on the new ac-count application form, depending on how the credit union allows individuals to apply for new accounts. Members of the credit union’s staff can also orally provide notice to account applicants.

    Member/Customer Due Diligence Programs

    Financial institutions are also expected to have a due diligence program in place that goes beyond the standard MIP requirements. In fact, a due diligence program is considered the cornerstone of a strong BSA compliance program.

    A good due diligence program must be designed to enable a credit union to obtain enough informa-tion at account opening to develop an understanding of the normal and expected activity for a particular member and/or account. This will allow the credit union to predict which types of transactions are “nor-

  • 14

    l

    mal” for that member or that account. As you might expect, periodic monitoring of mem-

    ber accounts is a requirement for any due diligence program. This allows the credit union to stay current with any substantial changes to the information originally gathered regarding the member and the account. In addition, regular monitoring makes it easier for the credit union to detect transactions that seem unusual or suspicious.

    Be sure to read and understand all of the proce-dures outlined in your credit union’s member due diligence program.

    Information Sharing Under the USA PATRIOT Act

    As mentioned earlier, one other topic of particular concern to credit union operations staff is informa-tion sharing. When it comes to information sharing,

    Sections 314(a) and 314(b) of the PATRIOT Act are especially important. Section 314(a) deals with infor-mation sharing between financial institutions and the federal government, whereas Section 314(b) focuses on information sharing between financial institutions. Let’s take a closer look at each section.

    Section 314(a)Under Section 314(a) of the USA PATRIOT Act, FinCEN

    is authorized to request information from financial institutions throughout the United States on behalf of law enforcement agencies that are investigating money laundering or terrorist activity. These requests are made once every two weeks, and all financial institu-tions—including credit unions—are required to have a designated contact person who receives FinCEN’s re-quests.

    Once a credit union receives an information request, it must scan its records for possible matches. If the credit union identifies a match, it must then report that fact to FinCEN.

    Credit unions have two weeks from the transmission date of the request to respond to FinCEN. Also, credit unions are prohibited from disclosing the fact that FinCEN has requested or obtained information under the rule, except to the extent necessary to comply with the request.

    Section 314(b) Section 314(b) of the PATRIOT Act also deals with

    information sharing. This section allows credit unions and other financial institutions to share information with each other after filing notification with FinCEN. It’s critical to remember that the notice to FinCEN must be filed before any information sharing takes place! In ad-dition, the financial institutions that are sharing data must have procedures in place to protect the security

  • 15

    and confidentiality of the shared information. So, when is this sort of data sharing permitted? In

    short, financial institutions may share information for purposes of detecting, identifying, or reporting activi-ties that involve possible money laundering or terror-ism. Also, the sending institution must verify that the receiving institution is on an approved government list before transmitting any information to that institution.

    You can view the Info Sharing Notice by visiting the FinCEN website: https://www.fincen.gov/314b/314b_notification.php

    Summary Congratulations on completing CUNA’s Bank Secrecy

    Act for Operations Staff Training on Demand course! You should now be able to:

    • Explain the Bank Secrecy Act (BSA);

    • Know when to file Currency Transaction Reports (CTRs) and Suspicious Activity Reports (SARs);

    • Explain the requirements for wire transfer payment orders and monetary instrument purchases;

    • Understand how to apply Customer/Member Identification Programs; and

    • Explain the purpose of 314(a) and 314(b) information sharing.

    Above all, remember this: Knowing and following your credit union’s BSA policy and procedures is criti-cal to being in compliance. Take time to review those documents!

    Final ExamTo register for the final exam go to

    training.cuna.org and click on CPDOnline under LOG IN at the left hand side of the screen.