MEMBER OF ALLINIAL GLOBAL, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS © 2018 Wolf & Company, P.C.

Bank Secrecy Act Hot Topics

May 15, 2018

Heather Johnson, CRCM

Regulatory Compliance Senior

• Today’s presentation slides can be downloaded at

www.wolfandco.com/webinars/2018

• The session will last about 45 minutes, and we will be

taking questions throughout the webinar the presentation.

• Our audience will be muted during the session.

• Please send your questions in using the “Questions Box”

located on the webinar’s control panel.

Before we get started…

About Wolf & Company, P.C.

• Established in 1911

• Offer Audit, Tax, and Risk Management services to over

250 financial institutions

• Offices located in:

– Boston, Massachusetts

– Springfield, Massachusetts

– Albany, New York

– Livingston, NJ

• Over 250 professionals

As a leading regional firm founded in 1911, we provide our clients

with specialized industry expertise and responsive service.

3

Financial Institution Expertise

• Over 85 Risk Management Professionals:

– IT Assurance Services Group

– Internal Audit Services Group

– Regulatory Compliance Services Group

– WolfPAC® Solutions Group

• Provide services to over 250 financial institutions:

– Approximately 90 FIs with assets > $1B

– Approximately 25 publicly traded FIs

– Constant regulatory review of our deliverables

• Provide Risk Management Services in 27 states and 2

U.S. territories

4

Introduction

Heather Johnson, CRCM

Regulatory Compliance Senior

Phone: (617) 428-5438

E-mail: hjohnson@wolfandco.com

5

6

Today’s Agenda

• Beneficial Ownership

– FDIC Exam Procedures

– Questions about FinCEN’s FAQs

– Best practices – Who is covered and How to

collect

– Identifying Triggering Events

• Other BSA Hot Topics

– Medical Marijuana

– Human Trafficking

– Cyber Events

– Bank Secrecy Act Examinations - Recent Issues

CDD Rule & Beneficial Ownership

• Customer Due Diligence Rule – 5th Pillar

– Customer Identification/Verification (already a

requirement)

– Beneficial Ownership Identification/Verification

(May 11, 2018)

– Customer risk profile – nature and purpose of

relationship (part of SAR reporting requirement)

– Monitoring for suspicious activity and updating of

customer information (part of SAR reporting

requirement)

7

FDIC Exam Procedures CDD

• Appropriate written risk-based procedures for

ongoing CDD

• Process to develop customer risk profiles

• CDD policies and procedures are in line with the

BSA/AML risk profile

• Polices and procedures contain management and

staff responsibilities

• Identifying higher risk customers

• Analysis for high risk customers

• Customer and beneficial ownership information is

used to meet regulatory requirements

8

FDIC Exam Beneficial Ownership

• Procedures for collecting and verifying information for

beneficial owners

• Risk-based procedures for updating and maintaining

customer and beneficial owner information

• Testing includes reviewing process for obtaining

information, verifying identities, resolving instances

where identity could not be verified, recordkeeping,

and filing SARs as appropriate.

9

Beneficial Ownership

FinCEN FAQs

• Beneficial Ownership Threshold (# 1, 2)

• Identification and Verification (# 4 – 6)

• Product/Service Renewals as triggering events (# 12)

• Updating beneficial ownership information (# 16)

10

Beneficial Ownership Threshold

Definition: §1010.230(d) Beneficial owner means

• Each individual, if any, who, directly or indirectly,

through any contract, arrangement, understanding,

relationship or otherwise, owns 25 percent or more of

the equity interests of a legal entity customer; and

• A single individual with significant responsibility to

control, manage, or direct a legal entity customer,

including:

1. An executive officer or senior manager

2. Any other individual who regularly performs

similar functions

11

Beneficial Ownership Threshold

• Risk Based Approach – What threshold is

appropriate for your institution?

• Complex Ownership Structures – Will you round up?

• Validating thresholds?

• Record Retention: thresholds and documentation.

12

Identification and Verification

• Methods of Verification: Same as CIP?

• Non-Documentary Verification and Permissible

Purpose

• Missing Identification/Verification:

– Reasonable period of time

– Procedures if cannot form a reasonable belief

13

Product / Service Renewals

• Loan Renewals

• Certificate of Deposit Renewals

– Proactive: Identify current customers

– Send Certification as part of renewal notice

– What if Certification is not returned?

• Subsequent renewals (after initial Certification)

14

Updating Information

• Re-certification requirements for new accounts or

triggering events

– Customer must certify/confirm accuracy of

information

– Verbal or in writing

• How will this be documented?

• What is the review process?

15

Triggering Events

• Beneficial Ownership information must be collected

when there is a significant, or triggering, event.

• An event could include:

– Addition of a new service, such as:

• Cash Management activities

• Remote Deposit Capture

• ACH Processing (i.e. Payroll)

• Online Banking

• Change in Flood Zone

16

Triggering Events

– Significant and unexplained change in transaction

activity

– Significant change in volume of activity

17

Beneficial Ownership

• Additional items to consider:

– If customer refuses to provide information, what

will the Bank do?

• Not open account?

• Close existing account (CD Renewals)?

• Refuse to provide service for triggering event?

• File SAR?

– Privacy issues

– Customer notification

18

BSA – Medical Marijuana

• Justice Department reversed the Cole memos in

January 2018

• May face risk of prosecution if dealing with these

customer types

• New legislation proposed by Senator Chuck Schumer

– Legalize use

– Support from both Republicans and Democrats

For now: Business as usual

19

BSA – Human Trafficking

• Approach in a variety of ways:

– Monitor transactions through AML software

– Include in training for frontline

– Combination of both

• Update BSA Procedures and Training to include

• File SARs as needed

– Include either “Advisory Human Smuggling” or

“Advisory Human Trafficking” in Narrative

• FinCEN Advisory (FIN-2014-A008)

20

BSA – Cyber Events

• SAR Updates – new form available June 2018

– “Cyber event” suspicious activity type category

– New text fields to accompany the IP Address field

– New category of fields to record up to 99 cyber

events

• FinCEN Advisory (FIN-2016-A005)

• Communication between IT and BSA

21

BSA – Exam Issues

• Examiners generally focused on systemic issues

rather than “one-offs”

• Risk Assessment: Lack of support for

conclusions

• Training: Ensure quality, scope, and frequency

• Suspicious Activity: Backlog of investigations

• AML Software Validation and Rules

Reasonableness

• BSA/AML Program: reactive and not proactive

• BSA Department: Lack of staffing and/or funding

22

Questions?

Heather Johnson, CRCM

Regulatory Compliance Senior

Phone: (617) 428-5438

E-mail: hjohnson@wolfandco.com

23