bsa/aml: usa patriot act - … · the requirements of the usa patriot act and the bank secrecy act,...

BSA/AML: USA PATRIOT Act

© 9/2017 American Bankers Association



Menu

Introduction

Overview of the Act

High-Risk Accounts

Foreign Correspondent Accounts

Private Banking Accounts

Information Sharing

Section 314(a) Requests

Wrap Up



Introduction

This course builds the customer identification and due diligence process for specific types of accounts believed to pose increased risks of money laundering and terrorist financing. It explains how the USA PATRIOT Act affects sharing of certain types of information between financial institutions and law enforcement officials.

Last updated: September 2017 Current version: 2.0

Last update: No substantial changes.

Overview Bankers play an important part in identifying and stopping illegal money laundering, which can be used to fund terrorist activities. This course provides the key aspects of the USA PATRIOT Act and what is needed to implement its provisions. It builds on existing knowledge of the customer identification and due diligence process, applying those concepts to specific types of accounts believed to pose increased risks of money laundering and terrorist financing. This course teaches how the USA PATRIOT Act affects sharing of certain types of information between financial institutions and law enforcement officials, to identify transactions that may involve terrorist activity or money laundering.

This is a high-level overview course intended for employees that do not necessarily need a deep dive into the requirements of the USA PATRIOT Act. Many of the lessons included in this course are covered in more depth in other BSA courses such as BSA/AML: CIP Basics, BSA/AML: CIP Advanced, BSA/AML Recordkeeping, and BSA/AML: Risk Assessment and Customer Due Diligence.

ABA course content does not provide, nor is it intended to substitute for, professional legal advice.

Page 1

ABA course content does not provide, nor is it intended to substitute for, professional legal advice.



Introduction

Following the September 2001 terrorist attacks, the United States acted quickly to restrain terrorist financing. As a result, financial institutions face new responsibilities under the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act (USA PATRIOT Act). You might think the Act has little to do with you or your job, but you would be wrong.

Although you are not a criminal investigator, following the USA PATRIOT Act policies and procedures developed by your bank is an important—and mandatory—part of your contribution to our country’s war against terrorism. By understanding the requirements of the USA PATRIOT Act and the Bank Secrecy Act, you are helping to stop money laundering and terrorist financing.

This course provides an overview of the purpose and background of the USA PATRIOT Act. It describes the types of accounts that pose the greatest risks to the bank for potential use by terrorists or those who fund terrorist activities. The course explains the required procedures for high-risk accounts and how to respond to requests for information from the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN). It also describes the process for sharing information with other financial institutions.

Objectives By the end of BSA/AML: USA PATRIOT Act, you will be able to

Describe the purpose of the USA PATRIOT Act and the penalties for noncompliance

Describe actions to take if you suspect that an account may fall within a high-risk category

Identify customer due diligence requirements for foreign correspondence accounts

Identify customer due diligence requirements for private banking accounts

Describe the information sharing requirements in Sections 314(a) and 314(b) of the USA PATRIOT Act

Page 2



Overview of the Act

Impact on terrorism Our nation’s war on terrorism has resulted in many changes. As bankers, our responsibilities have also changed. For many years, bankers have played an important role in detecting and identifying potential money launderers by complying with the Bank Secrecy Act (BSA). Historically, the targets of money laundering were persons or entities involved in drug-related activities or other white-collar crimes.

Today, in addition to stopping other forms of money laundering, detecting and preventing access to the United States’ banking system by individuals and entities that support terrorism and terrorist activities is a primary concern. On October 26, 2001, the President signed the USA PATRIOT Act into law. This law contains strong measures to prevent, detect, and prosecute terrorism and international money laundering.

Page 3



Overview of the Act

Scope of the Act The USA PATRIOT Act is broad in scope and covers a number of organizations and entities in addition to commercial banks and other depository institutions. There are ten "Titles" under the Act, but Title III is the one that applies to financial institutions and the provisions of Title III amend provisions of the Bank Secrecy Act. Although certain parts of the USA Patriot Act have expired, Title III has not expired and contains no “sunset” provisions.

The USA PATRIOT Act reiterates the requirement for banks to have a robust BSA compliance program. In addition, the USA PATRIOT Act requires banks to take the following steps:

Establish mandatory identification procedures for all customers establishing an account relationship with the bank—your bank’s Customer Identification Program (CIP)

Conduct enhanced due diligence for certain high-risk categories of accounts including foreign correspondent accounts, private banking accounts, and accounts for senior foreign political officials

Prohibit the opening or maintenance of foreign correspondent account relationships for foreign shell banks

Institute procedures for sharing information between the government and financial institutions and between financial institutions

Note: Although requirements to establish a Customer Identification Program were added by the USA PATRIOT Act, due to their significance to Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance, the topics of customer identification and customer due diligence are addressed separately in the BSA/AML: CIP Basics, BSA/AML: CIP Advanced, and BSA/AML: Risk Assessment and Customer Due Diligence Frontline courses. Accordingly, this course assumes an understanding of the customer identification and customer due diligence obligations of U.S. financial institutions.

Glossary terms:

Sunset provisions A clause in a statute that provides for an automatic repeal of all or part of the law once a specific date is reached unless Congress acts to extend it.



BSA compliance program

A bank’s BSA program must be in writing and include the following four pillars:

A designated and board-approved BSA officer

Documented and board-approved BSA policy, including appropriate provisions to meet the regulatory requirements of the USA PATRIOT Act

Independent testing of compliance

Appropriate training for all personnel, including senior management and the bank’s Board of Directors Effective May 2018 the customer due diligence requirements will add a fifth pillar.

Page 4



Overview of the Act

Penalties for noncompliance Consequences for noncompliance with the USA PATRIOT Act are described below.

Penalty

The U.S. Treasury Department can impose penalties of up to $1 million.

Civil and criminal penalties can also be enforced under certain circumstances.

Forfeiture

The USA PATRIOT Act expanded the circumstances under which funds in a U.S. interbank account may be subject to forfeiture.

If a deposit of funds in a foreign bank outside of the U.S. is subject to forfeiture, and the foreign bank maintains an interbank account at a covered bank, U.S. law enforcement can seize the funds in the U.S. account as a substitute for the foreign deposit.

By understanding the requirements of the USA PATRIOT Act and following the policies and procedures established by your bank to implement these requirements, you support our country’s efforts to detect, prevent, and prosecute terrorist financing.

Glossary term:

Interbank account An Interbank account is any account that is held by one bank for another bank. In most cases, the bank for which the deposit is being held is referred to as the correspondent bank.

Page 5



Overview of the Act

Self Check Quiz

The USA PATRIOT Act reiterates the requirement for banks to have a robust BSA program. Which two statements accurately describe bank requirements under the USA PATRIOT Act?

» Select the correct answers and click Submit.

A) Establish identification procedures only for loan customers

B) Encourage the opening of foreign correspondent account relationships for foreign shell banks

C) Prohibit the opening or maintenance of foreign correspondent account relationships for foreign shell banks

D) Institute procedures for sharing information between the government and financial institutions and between financial institutions

C and D are correct.

A is incorrect because it is incomplete. The USA PATRIOT Act requires that banks establish identification procedures for all persons establishing an ongoing relationship with the bank. B is incorrect because the USA PATRIOT Act prohibits the opening or maintenance of foreign correspondent account relationships for foreign shell banks.

Page 6



High-Risk Accounts

The U.S. banking system attracts investors from all over the world. Most of this business is legitimate and beneficial to the U.S. economy. However, sometimes people and organizations attempt to use U.S. banks for illegal purposes, including funding terrorism. By identifying the types of accounts that present the greatest risk of abuse and following your bank’s policies and procedures for identifying and monitoring those accounts, you can help prevent the inadvertent funding of terrorist activity through transactions flowing through these accounts.

In this lesson, you will build on your knowledge of the customer identification and due diligence process, applying those concepts to specific types of accounts believed to pose increased risks of money laundering and terrorist financing.

Page 7



High-Risk Accounts

One central goal of the USA PATRIOT Act is to prevent terrorists from gaining access to the United States financial system by requiring banks to obtain certain records and maintain due diligence programs for accounts deemed to pose a higher risk of money laundering. As a frontline employee, you should be familiar with the types of accounts designated by the USA PATRIOT Act as a high-risk account.

High-risk accounts include the following categories:

Foreign correspondent accounts

Private banking accounts (for non-U.S. persons)

Accounts controlled by senior foreign political figures

At an account opening, if you suspect that an account may fall within one of these at-risk categories, you should consult with your manager or BSA officer.

In addition, the USA PATRIOT Act prohibits banks from establishing, administering, or managing correspondent accounts with certain foreign shell banks. The prohibition, however, does not apply to shell banks that are affiliated with either a U.S. or foreign bank that has a physical presence in the United States and is subject to supervision by a regulatory authority.

Glossary terms:

Foreign correspondent accounts An account established at one institution to receive deposits from or make payments on behalf of a second financial institution, or handle other financial transactions on behalf of the other institution.

Private banking accounts (for non-U.S. persons) Private banking accounts are defined as accounts having a minimum deposit requirement of $1 million which are assigned to or managed by a bank employee such as an account manager, who acts as a liaison between the financial institution and the beneficial owner(s) of the account.



Foreign shell banks A foreign-chartered bank without a physical presence in any country. A physical presence is a place of business maintained by a foreign bank and located at a fixed address, other than solely an electronic address or a post-office box, in a country in which the foreign bank is authorized to conduct banking activities, and at which locations the foreign bank displays the following characteristics:

Employs one or more individuals on a full-time basis

Maintains operating records related to its banking activities

Is subject to inspection by the banking authority that licensed the foreign bank to conduct banking activities.

Page 8



High-Risk Accounts

Question: While opening an account for a new customer, you suspect that it may fall within one of the high-risk categories. What should you do?

Answer: At an account opening, if you suspect that an account may fall within one of the at-risk categories, you should consult with your manager or BSA officer.

Page 9




The USA PATRIOT Act requires a bank that maintains a correspondent account in the United States for a foreign bank to comply with certain recordkeeping and due diligence requirements.

» Roll over each button to learn more about the recordkeeping and due diligence requirements for banks that maintain correspondent accounts in the United States for a foreign bank.

Recordkeeping requirements The U.S. bank must maintain records in the United States identifying the owners of the foreign bank and the name and address of agents in the United States designated to accept legal service of process.

Note: Compliance with the requirements above may be met by requiring “certification” (renewed every three years) by the foreign bank.

Due diligence requirements The U.S. bank must establish a due diligence program that enables the U.S. bank to assess the money laundering risk that the account presents. This due diligence program should enable the bank to understand the following areas:

The nature of the foreign bank’s business

The markets the foreign bank serves

Information about the anti-money laundering supervisory system of the foreign country in which the bank operates and the foreign bank’s record of AML compliance

The type of correspondent account opened and the anticipated activity that will flow through the account

The information gathered from this due diligence will enable the U.S. bank to establish appropriate, risk-based procedures and controls designed to enable the bank to detect and report known or suspected money laundering or suspicious activity conducted through the foreign correspondent account.

Page 10




Question: As part of recordkeeping requirements for foreign correspondent accounts, what information must a U.S. bank maintain in its records?

Answer: The U.S. bank must maintain records in the United States identifying the owners of the foreign bank and the name and address of agents in the United States designated to accept legal service of process.

Page 11




Private banking accounts for a non-U.S. person A bank that maintains a private banking account for a non-U.S. person must establish a risk-based due diligence program that includes policies, procedures, and controls designed to detect and report any known or suspected money laundering or suspicious activity conducted through the account. The due diligence program should include the following elements:

Identify all beneficial owners of the account

Conduct enhanced due diligence of the account, if any owner is a senior foreign political figure (often referred to as a politically exposed person, or PEP)

Identify the source of funds, purpose, and expected use of the account

Review account activity to ensure it is consistent with the information above

Banks must establish policies and procedures to identify private banking customers who meet the definition of a senior foreign political person. Upon identification of such a customer, the bank is required to conduct risk-based enhanced due diligence reasonably designed to detect and report transactions that may involve the proceeds of foreign corruption.

Glossary term:

Proceeds of foreign corruption Any asset or property acquired through theft or embezzlement, acts of bribery or extortion, or the unlawful conversion of property.

Page 12




A senior foreign political figure, or politically exposed person (PEP), is defined as an individual with substantial authority over policy, operations, or the use of government-owned resources. The individual can be a senior official serving in one of the following capacities:

In a country’s executive, legislative, military, or judicial branch

In a major political party

Of a government-owned commercial enterprise

The term senior foreign political person also includes the following entities and individuals:

A corporation, business, or other entity formed by or for the benefit of the senior foreign political person

An immediate family member of the senior foreign political person (spouse, parent, child, and a spouse’s parents and siblings)

A person widely and publicly known (or actually known by the bank) to be a close associate of the senior foreign political figure

Page 13




If a bank’s due diligence reveals that it maintains an account for a senior foreign political figure, the bank is required to conduct risk-based enhanced due diligence reasonably designed to detect and report transactions that may involve the proceeds of foreign corruption.

» Roll over each button to learn more about the additional requirements.

Information Consulting publicly-available information (i.e., news sources) about the home country, the individual, and the political environment.

Branches Contacting branches of a U.S. bank operating in the home country to obtain information about the individual and the political environment.

Activity Reviewing transaction activity in the account(s).

Page 14




Exercise

Review each of the scenarios below and determine if each is consistent with USA PATRIOT Act due diligence procedures.

Scenario 1 The bank’s procedures require you to complete a new account form requesting information about new account applicants. A new private banking relationship is being opened for a customer in Mexico. The customer is insulted by the banker's questions and refuses to cooperate and provide the information. Due to the large size of the deposit and new relationship, the banker decides to waive the requested information in order to keep the applicant satisfied and obtain the new business.

Scenario 2 Review of the bank’s wire transfer reports caused the wire department’s manager to be concerned that there may be suspicious activity occurring on an account the bank maintains for a correspondent bank. The manager felt uncomfortable about bringing this to the attention of the account officer and chose to ignore the concerns.

Scenario 3 Review of the CIP information gathered on a new private banking customer reveals that the individual is a member of a foreign country’s legislative body. The manager of private banking notified the bank’s Bank Secrecy Act officer as directed by the bank’s BSA policy and procedures.

» Click the Suggested Results button to see if the scenarios are consistent with the USA PATRIOT Act.

Suggested Results

Scenario 1: This is inconsistent with USA PATRIOT Act due diligence procedures.

Scenario 2: This is inconsistent with USA PATRIOT Act due diligence procedures.

Scenario 3: In this scenario the banker acted correctly. She protected the bank and herself by appropriately following bank procedures and routing the suspicious activity information to the appropriate person at her bank.

Page 15




Self Check Quiz

What three elements must be included in a due diligence program when a bank maintains a private banking account for a non-U.S. person?

» Select the correct answers and click Submit.

A) Identify all beneficial owners of the account

B) Conduct enhanced due diligence of the account, particularly if any owner is a senior foreign political figure

C) Identify the source of funds, purpose, and expected use of the account

D) Identify the relatives of the beneficial owners of the account

A, B, and C are correct.

D is incorrect because a beneficial owner's relative’s information is generally not required (however, the bank may need to collect information concerning the relatives of a PEP).

Page 16



Information Sharing

One of the goals of the USA PATRIOT Act is to make it easier for banks to share information with law enforcement and other government authorities and to share information with other financial institutions in appropriate circumstances. However, safeguarding the privacy of sensitive customer information also is important. Various privacy laws require that your bank keep customer information secure and confidential. The USA PATRIOT Act attempts to balance the need to protect customer information with the need to share information with law enforcement and other financial institutions to help combat money laundering and terrorist financing.

Financial Crimes Enforcement Network (FinCEN) The U.S. Department of the Treasury established FinCEN in 1990 to provide a government-wide financial intelligence and analysis network. The organization’s operation was broadened in 1994 to include regulatory responsibilities for administering the Bank Secrecy Act.

Following its creation in 1990, FinCEN was an office within Treasury’s headquarters. That changed as a result of the USA PATRIOT Act, which made FinCEN a full-fledged bureau, granting it a budget of its own and a degree of independence. Since its creation, FinCEN has worked to maximize information sharing among law enforcement agencies and its other partners in the regulatory and financial communities.

Section 314(a) of the USA PATRIOT Act authorizes law enforcement agencies, through cooperation with FinCEN, to obtain information from financial institutions about individuals and entities suspected of engaging in terrorist financing, money laundering, and other criminal activities; section 314(b) permits the voluntary sharing of information about these entities between U.S. banks.

Page 17



Information Sharing

True or False?

FinCEN was originally an office within the U.S. Department of Treasury, but was made a full-fledged bureau as a result of the USA PATRIOT Act.

» Select the correct answer.

True False

The statement is true.

Page 18





Federal law enforcement agencies investigating terrorist activity or money laundering may request FinCEN to solicit information from financial institutions about individuals or entities suspected to be engaged in terrorist activity or money laundering. FinCEN’s regulations enable federal, state, local, and foreign (European Union) law enforcement agencies, through FinCEN, to reach out to more than 43,000 points of contact at more than 22,000 financial institutions to locate accounts and transactions of persons that may be involved in terrorism or money laundering.

FinCEN receives requests from law enforcement and upon review, sends notifications to designated contacts within financial institutions across the country once every two weeks, informing them new information has been made available via a secure Internet website. The requests contain subject and business names, addresses, and as much identifying data as possible to assist the financial industry in searching their records. The financial institutions must query their records for data matches, including accounts maintained by the named subject during the preceding 12 months and transactions conducted within the last six months. Financial institutions have two weeks from the posting date of the request to respond with any positive matches. If the search does not uncover any matching of accounts or transactions, the financial institution is instructed not to reply to the 314(a) request.

Each bank must designate a bank employee to serve as the point of contact to receive these requests. This person will also serve as the contact for any future requests or follow-up communications involving individuals or entities identified by the bank as matches. You should know who at your bank serves as the point of contact for section 314(a) information requests from FinCEN.

Glossary term:

314(a) request These information requests often are called “section 314(a) information requests" which refers to that section of the USA PATRIOT Act that authorizes the information sharing with law enforcement.

Page 19





When a financial institution receives a Section 314(a) information request, it must conduct a one-time search of its records to identify accounts or transactions of a named suspect. Unless the information request instructs otherwise, the financial institution searches for the following accounts and transactions:

Current account of a named suspect

Account maintained for a named suspect during the preceding 12 months

Transaction outside of an account conducted by or on behalf of a named suspect within the last six months

Sidebar:

It is important to note that use of the word “transaction” means a deposit, withdrawal, transfer between accounts, exchange of currency, loan, extension of credit, purchase or sale of any stock, bond, CD, or other monetary instrument or any other payment, transfer, or delivery by or through or to a financial institution, by any means. The term does not include transactions conducted through an account; for example, each check written by an account owner does not need to be searched as part of a bank’s 314(a) investigation since those transactions are conducted through an account.

Page 20





A financial institution that identifies an account or transaction must report the fact that it has a match to FinCEN. Once the financial institution finds a match, it should stop its search on that subject; it is not required to search its records further unless instructed by the requesting federal law enforcement agency to provide additional information.

If no match is found, no other action is required by the financial institution.

A financial institution may not disclose to any person or entity the fact that FinCEN requested the information. Banks must have procedures in place to protect the security and confidentiality of information contained in section 314(a) requests and responses.

Page 21




Section 314(b) Requests

Section 314(b) voluntary information sharing between banks A bank may share information with another bank or group of banks regarding individuals, entities, organizations, and countries for the purpose of identifying and reporting suspected money laundering or terrorist activity. When done properly and following the rule, the institution that shares information is granted a “safe harbor” and protected from civil liability.

Institutions that intend to share information must take the following actions:

Provide notice to FinCEN of their intent to share information using the form provided by FinCEN (the notice is valid for one year)

Designate a point of contact and establish a process for sending and receiving information

Verify that the other institution(s) has provided a similar notice to FinCEN

Maintain adequate procedures to protect the security and confidentiality of shared information

It is important for you to know who in your bank holds the responsibility for sharing information with other banks. You should also have a clear understanding of your bank’s procedures for ensuring the security and confidentiality of this information.

If, as a result of this information sharing, a bank knows or suspects that an individual or entity is engaged in money laundering or terrorist activity, the bank must file a suspicious activity report.

Page 22




Self Check Quiz

You receive a request for information regarding a customer from FinCEN or you receive a request to share information regarding a particular customer from another financial institution. You believe you have identified a transaction or activity that appears suspicious. What should you do?

» Select the correct answer and click Submit.

A) Provide the information requested without question in an effort to comply with the USA PATRIOT Act

B) Tell a friend that day at lunch about the unusual customer

C) Follow your bank’s internal policies and procedures to route this information accurately to the person responsible for handling these situations, and keep the information confidential

D) Send a memo to the bank president

C is correct.

A, B, and D are incorrect because you should follow your bank’s internal policies and procedures to route this information promptly and correctly to the person responsible for handling these situations while keeping the information confidential.

Page 23



Wrap Up

By completing BSA/AML: USA PATRIOT Act, you are now able to explain the purpose and background of the USA PATRIOT Act and describe the types of accounts that pose the greatest risks to the bank for potential use by terrorists or those who fund terrorist activities. You are also able to explain the required procedures for at-risk accounts and how to respond to requests for information from FinCEN. In addition, you can now describe the process for sharing information with other financial institutions.

Click Exit to close this course.

Page 24

bsa/aml: usa patriot act - … · the requirements of the usa patriot act and the bank secrecy act,...

Documents