bank secrecy act hot topics may 15, 2018...bsa/aml risk profile • polices and procedures contain...
TRANSCRIPT
MEMBER OF ALLINIAL GLOBAL, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS © 2018 Wolf & Company, P.C.
Bank Secrecy Act Hot Topics
May 15, 2018
Heather Johnson, CRCM
Regulatory Compliance Senior
• Today’s presentation slides can be downloaded at
www.wolfandco.com/webinars/2018
• The session will last about 45 minutes, and we will be
taking questions throughout the webinar the presentation.
• Our audience will be muted during the session.
• Please send your questions in using the “Questions Box”
located on the webinar’s control panel.
Before we get started…
About Wolf & Company, P.C.
• Established in 1911
• Offer Audit, Tax, and Risk Management services to over
250 financial institutions
• Offices located in:
– Boston, Massachusetts
– Springfield, Massachusetts
– Albany, New York
– Livingston, NJ
• Over 250 professionals
As a leading regional firm founded in 1911, we provide our clients
with specialized industry expertise and responsive service.
3
Financial Institution Expertise
• Over 85 Risk Management Professionals:
– IT Assurance Services Group
– Internal Audit Services Group
– Regulatory Compliance Services Group
– WolfPAC® Solutions Group
• Provide services to over 250 financial institutions:
– Approximately 90 FIs with assets > $1B
– Approximately 25 publicly traded FIs
– Constant regulatory review of our deliverables
• Provide Risk Management Services in 27 states and 2
U.S. territories
4
Introduction
Heather Johnson, CRCM
Regulatory Compliance Senior
Phone: (617) 428-5438
E-mail: [email protected]
5
6
Today’s Agenda
• Beneficial Ownership
– FDIC Exam Procedures
– Questions about FinCEN’s FAQs
– Best practices – Who is covered and How to
collect
– Identifying Triggering Events
• Other BSA Hot Topics
– Medical Marijuana
– Human Trafficking
– Cyber Events
– Bank Secrecy Act Examinations - Recent Issues
CDD Rule & Beneficial Ownership
• Customer Due Diligence Rule – 5th Pillar
– Customer Identification/Verification (already a
requirement)
– Beneficial Ownership Identification/Verification
(May 11, 2018)
– Customer risk profile – nature and purpose of
relationship (part of SAR reporting requirement)
– Monitoring for suspicious activity and updating of
customer information (part of SAR reporting
requirement)
7
FDIC Exam Procedures CDD
• Appropriate written risk-based procedures for
ongoing CDD
• Process to develop customer risk profiles
• CDD policies and procedures are in line with the
BSA/AML risk profile
• Polices and procedures contain management and
staff responsibilities
• Identifying higher risk customers
• Analysis for high risk customers
• Customer and beneficial ownership information is
used to meet regulatory requirements
8
FDIC Exam Beneficial Ownership
• Procedures for collecting and verifying information for
beneficial owners
• Risk-based procedures for updating and maintaining
customer and beneficial owner information
• Testing includes reviewing process for obtaining
information, verifying identities, resolving instances
where identity could not be verified, recordkeeping,
and filing SARs as appropriate.
9
Beneficial Ownership
FinCEN FAQs
• Beneficial Ownership Threshold (# 1, 2)
• Identification and Verification (# 4 – 6)
• Product/Service Renewals as triggering events (# 12)
• Updating beneficial ownership information (# 16)
10
Beneficial Ownership Threshold
Definition: §1010.230(d) Beneficial owner means
• Each individual, if any, who, directly or indirectly,
through any contract, arrangement, understanding,
relationship or otherwise, owns 25 percent or more of
the equity interests of a legal entity customer; and
• A single individual with significant responsibility to
control, manage, or direct a legal entity customer,
including:
1. An executive officer or senior manager
2. Any other individual who regularly performs
similar functions
11
Beneficial Ownership Threshold
• Risk Based Approach – What threshold is
appropriate for your institution?
• Complex Ownership Structures – Will you round up?
• Validating thresholds?
• Record Retention: thresholds and documentation.
12
Identification and Verification
• Methods of Verification: Same as CIP?
• Non-Documentary Verification and Permissible
Purpose
• Missing Identification/Verification:
– Reasonable period of time
– Procedures if cannot form a reasonable belief
13
Product / Service Renewals
• Loan Renewals
• Certificate of Deposit Renewals
– Proactive: Identify current customers
– Send Certification as part of renewal notice
– What if Certification is not returned?
• Subsequent renewals (after initial Certification)
14
Updating Information
• Re-certification requirements for new accounts or
triggering events
– Customer must certify/confirm accuracy of
information
– Verbal or in writing
• How will this be documented?
• What is the review process?
15
Triggering Events
• Beneficial Ownership information must be collected
when there is a significant, or triggering, event.
• An event could include:
– Addition of a new service, such as:
• Cash Management activities
• Remote Deposit Capture
• ACH Processing (i.e. Payroll)
• Online Banking
• Change in Flood Zone
16
Triggering Events
– Significant and unexplained change in transaction
activity
– Significant change in volume of activity
17
Beneficial Ownership
• Additional items to consider:
– If customer refuses to provide information, what
will the Bank do?
• Not open account?
• Close existing account (CD Renewals)?
• Refuse to provide service for triggering event?
• File SAR?
– Privacy issues
– Customer notification
18
BSA – Medical Marijuana
• Justice Department reversed the Cole memos in
January 2018
• May face risk of prosecution if dealing with these
customer types
• New legislation proposed by Senator Chuck Schumer
– Legalize use
– Support from both Republicans and Democrats
For now: Business as usual
19
BSA – Human Trafficking
• Approach in a variety of ways:
– Monitor transactions through AML software
– Include in training for frontline
– Combination of both
• Update BSA Procedures and Training to include
• File SARs as needed
– Include either “Advisory Human Smuggling” or
“Advisory Human Trafficking” in Narrative
• FinCEN Advisory (FIN-2014-A008)
20
BSA – Cyber Events
• SAR Updates – new form available June 2018
– “Cyber event” suspicious activity type category
– New text fields to accompany the IP Address field
– New category of fields to record up to 99 cyber
events
• FinCEN Advisory (FIN-2016-A005)
• Communication between IT and BSA
21
BSA – Exam Issues
• Examiners generally focused on systemic issues
rather than “one-offs”
• Risk Assessment: Lack of support for
conclusions
• Training: Ensure quality, scope, and frequency
• Suspicious Activity: Backlog of investigations
• AML Software Validation and Rules
Reasonableness
• BSA/AML Program: reactive and not proactive
• BSA Department: Lack of staffing and/or funding
22
Questions?
Heather Johnson, CRCM
Regulatory Compliance Senior
Phone: (617) 428-5438
E-mail: [email protected]
23