cuna bank secrecy act re-certification fall...
TRANSCRIPT
9/22/2016
1
CUNA Bank Secrecy Act Re-Certification
Fall 2016
Colleen Kelly & Valerie Moss
CUNA Compliance
AGENDA
• Customer Due Diligence Rule
• Money Service Business Accounts
• Marijuana Business Accounts
• Other New Developments
• Frequently Asked Questions (FAQs)
• Review of Basic Requirements
BSA: COMBAT ILLICIT FINANCIAL TRANSACTIONS
9/22/2016
2
BSA Reporting
• Homeland Security: The only way to stop ISIL is to cut off their money supply
• FBI: Approximately 18% of the Bureau’s international terrorism cases had related BSA filings in 2014.
The New CDD Rule
GOOD NEWS:
• Applies to “legal entity” accounts
• Compliance date: May 11, 2018
• Only for new accounts
9/22/2016
3
Beneficial Owner Due Diligence
• Identification & Verification of Beneficial Owners
• Certification Form
• Written Procedures
• Recordkeeping &
Retention
9/22/2016
4
9/22/2016
5
Money Service Businesses
Money Services BusinessesThe following are considered MSBs:
– Currency dealers or exchangers
– Check cashers
– Issuers or sellers of traveler’s checks or money orders
– Providers of prepaid access
– Money transmitters
– US Postal Service (low risk)
9/22/2016
6
Money Services Businesses
Monetary thresholds for:• Currency Dealers or Exchangers
• Check Cashers
• Issuers or Sellers of traveler’s checks or money orders
► Must be transactions in excess of $1000 per person, per day (single or aggregated transactions) to be considered an “MSB”
What do you think?
Your credit union cashes checks and sells money orders.
Are you a money services business?
MSBs: NCUA Expectations• Properly identify member accounts as MSBs;
• Assess the potential risk posed by the member relationship;
• Conduct adequate and ongoing due diligence of the MSB relationship; and
• Ensure the MSB member accounts are appropriately included in the credit union’s suspicious activity monitoring and reporting system.
9/22/2016
7
Money Services Businesses
• Credit unions are expected to apply their risk-based BSA standards to MSBs.
• MSBs should be prepared to produce basic information such as:– Basic identification
– State licensing, if applicable
– FinCEN registration
– Additional helpful information
MSB: Due Diligence
Minimum Expectations:
• Apply CIP (MIP);
• Confirm FinCEN registration;
• Confirm state or local license;
• Confirm agent status; and
• Risk Assessment
MSB: Risk Assessment
To determine level of risk, consider:
• Types of products/services offered by the MSB;
• Location and market served by MSB;
• Anticipated account activity;
• Purpose of the account.
9/22/2016
8
Money Services Businesses
MSBs are subject to BSA regulatory controls:
• Anti-money laundering
• Suspicious Activity Reports
• Currency Transaction Reporting
• Customer Identification Programs
NCUA Expectations
• CU must provide for added costs and staff resources related to MSB accounts;
• Staff must have extensive knowledge and training to service these accounts;
• CU management must consider these issues before adding MSB accounts;
9/22/2016
9
STATES FEDS
High Risk : Marijuana-Related Businesses
Department of Justice:
• IF marijuana use is legal in the state, and
• IF the state has strong and effective state regulatory and enforcement systems;
• THEN prosecuting these businesses is not an efficient use of federal resources
DOJ’S PRIORITIES
9/22/2016
10
FinCEN Guidance
FinCEN: BSA Expectations Regarding Marijuana-Related Businesses, February 2014
Marijuana Limited SAR
Marijuana Priority SAR
Marijuana Termination SAR
Serving Marijuana Businesses: Next Steps
Other New Developments
• Culture of Compliance
• OFAC Updates
• SAR Advisories
• Updated Examination Manual
• GTO Targeting
9/22/2016
11
Culture of Compliance
“Regardless of its size and business model, a financial institution with a poor culture of compliance is likely to have shortcomings in its BSA/AML program.”
-FinCEN Advisory to U.S. Financial Institutions on Promoting a Culture of Compliance (FIN-2014-A007)
Culture of Compliance
1. Your leadership actively supports and understands compliance efforts.
2. Efforts to manage and mitigate BSA/AML deficiencies and risks are not compromised by revenue interests.
3. Relevant information from the various departments within the credit union is shared with compliance staff to further BSA/AML efforts.
Culture of Compliance
4. The credit union devotes adequate resources to its BSA/AML compliance function.
5. The compliance program is effective by, among other things, ensuring that it is tested by an independent and competent party.
6.Your leadership and staff understand the purpose of your BSA/AML efforts and how BSA reports are used.
9/22/2016
12
OFAC Updates
• Amended Cuban Assets Control Regulations
• Sectoral Sanctions Identifications List
• Foreign Sanction Evaders List
• Consolidated Sanctions List
www.treasury.gov/resource-center/sanctions
SAR Advisories• E-Mail Compromise Fraud Schemes (FIN-2016-
A003)
• Human Smuggling & Human Trafficking (FIN-2014-A008)
• Tax Refund Fraud (FIN-2013-A001 & FIN-2012-A005)
• Risks Associated with 3rd Party Payment Processors (FIN-2012-A010)
• Mortgage Loan Fraud (FIN-2012-A009)
• Account Takeover Activity (2011-A016)
9/22/2016
13
1969 Pontiac GTO
Geographic Targeting Order
FinCEN may issue additional recordkeeping and reporting requirements on one or more domestic financial institutions in a geographic area.
9/22/2016
14
FAQs• CTRs & Joint Accounts
• CTR Exemptions
• Businesses with Common Ownership
• CIP & Power of Attorney
• “Initial detection” and SAR filings
• Notifying board of SAR filings
FAQ: CTR & Joint Accounts
Deposits: CTR should list all joint owners on account
Withdrawals: List only the individual who is making the withdrawal UNLESS you have facts to suggest that all or additional joint owners will benefit from the transaction.
FAQ: CTR Exemption
There are two types of exemptions under BSA:
Phase I - credit unions & banks, government agencies, any entity exercising government authority, entities whose common stock is listed on the stock exchange, and any subsidiary of these listed entities.
Phase II – Non-listed businesses,
Payroll members
9/22/2016
15
Summary of Phase I Requirements
Type of Customer Trans Freq
Waiting Period
Ineligible Activity
File DOEP Report
Annual Review
Credit unions & banks
N/A None N/A No No
Govt departmts., agencies, or authorities
N/A None N/A No No
Entities listed on stock exchange
N/A None N/A Yes Yes
Subsidiaries of those listed on stock exchange
N/A None N/A Yes Yes
Source: FIN-2012-G003
Summary of Phase II Requirements
Type of Customer
Trans. Freq.
Waiting Period
Ineligible Activity
File DOEP Report
Annual Review
Non-listed businesses
5 or more transaction /year
2 months, or less after risk based analysis
No more than 50% of gross revenues from ineligible activity
Yes Yes
Payroll Customer
5 or more transaction /year
2 months, or less after risk based analysis
N/A Yes Yes
Source: FIN-2012-G003
CTR EXEMPTIONSPhase II:
Non-listed businesses that:
• Have maintained a transaction account for at least 2 months or granted an exemption after a risk assessment
• Frequently (5/year) engage in currency transactions over $10,000,
• Are organized under a U.S. federal or state law AND
• No more than 50% gross revenue from “ineligible business”
Payroll customers that:
• Have maintained a transaction account for at least 2 months or granted an exemption after a risk assessment
• Regularly withdraw more than $10,000 to pay employees, AND
• Are organized under a U.S. federal or state law
This exemption only applies to payroll withdrawals
9/22/2016
16
FAQs: Businesses with Common Ownership
Rebuttable Presumption: Separately incorporated entities are independent persons.
The currency transactions of separately incorporated businesses should not automatically be aggregated as being on behalf of any one person simply because those businesses are owned by the same person.
FAQ: Power of Attorney & CIP
• Account is opened for a person who lacks legal capacity - the individual with Power-of-Attorney is the “member” for MIP purposes.
• Account is opened for a competent person - the named owner of the account is the “member” for MIP purposes.
FAQ: “Initial Detection”
CUs must file a SAR no later than 30 calendar days from the date of the “initial detection of facts that may constitute a basis for filing a SAR.”
• The phrase “initial detection” does not mean the moment a transaction is highlighted for review.
• The 30-day period does not begin until an appropriate review is conducted and a determination is made that the transaction warrants a SAR filing.
9/22/2016
17
FAQ: Notifying Board of SAR Filings
• Management must “promptly” (e.g., at least monthly) notify the CU’s board (or designated committee) of any SAR filings.
• No required format for sharing SAR information with the board (e.g., summary, spreadsheet, etc.).
• No prohibition on providing actual copies of SARs, however, be mindful of confidentiality requirements.
BSA/AML REQUIREMENTS REVIEW
• Suspicious Activity Reports (SAR)
• Record Keeping
• Information Sharing
• OFAC
• Member Identification Program (MIP)
• Member Due Diligence
• Currency Transaction Reports (CTR)
• BSA Officer
• BSA Training
• Risk Assessment
9/22/2016
18
When to file a SAR?
• Insider abuse involving any amount.
• $5,000+ where a suspect can be identified.
• $25,000+, regardless of a potential suspect.
• $5,000+ that you suspect:
o May involve potential money laundering or other illegal activity (e.g., terrorism financing).
o Are designed to evade the BSA or its implementing regulations (e.g., structuring to evade currency transaction reporting).
o Has no business or apparent lawful purpose.
SAR Timing
• File SAR no later than 30 calendar days from the date of the “initial detection” of facts that may constitute a basis for filing a SAR.”
• No identified suspect? Time period extended to 60 days.
• Continuing suspicious activity? 90-day review, filing deadline of 120 days after the date of the previously related SAR filing.
SARs & Continuing Activity
Day 0: Identification of suspicious activity and subject
Day 30: Deadline for initial SAR filing
Day 120: End of 90 day review
Day 150: Deadline for continuing activity SAR with subject information (120 days from the date of the initial filing on Day 30)
If the activity continues, this timeframe will result in 3 SARs filed over a 12-month period (FinCEN SAR FAQs, Q&A #16).
•
9/22/2016
19
Law Enforcement Requests
• SAR supporting documentation is considered a part of the SAR and must be made available to the CU’s regulator and/or appropriate law enforcement without a subpoena or court order.
• The Right to Financial Privacy Act does not apply to these requests.
Recordkeeping
In general, BSA requires CUs to retain records for 5 years:
• Records related to transactions: 5 years
• SAR/CTR: 5 years from filing date.
• Records related to the identity of a member: keep for 5 years after the account is closed.
• Records related to credit card accounts: 5 years after the account is closed or becomes dormant.
Recordkeeping: Monetary Instruments
• Records of monetary instrument sales in amounts between $3,000-$10,000 must be retained for 5 years, and can be maintained in either a manual or electronic format.
• The physical log requirement was eliminated in the mid-1990s.
9/22/2016
20
Recordkeeping: Funds Transfers
CUs must retain records in connection with funds transfers (e.g., wires) of $3,000 or more for 5 years. The rule does not cover:
• EFTs as defined by the EFTA & Reg E
• ACH transactions
• Transfers where the originator and beneficiary are:
o A domestic bank or credit union
o A federal/state/local government agency or instrumentality
o The same person, and the originator’s & beneficiary’s institution are the same institution.
314(a) Information Sharing
Conduct a one-time search of the CU’s records to identify accounts or transactions of a named suspect. Unless otherwise instructed, search records for:
• Current accounts;
• Accounts maintained during the preceding 12 months; and
• Transactions conducted outside of an account by or on behalf of a named suspect during the preceding 6 months.
314(a) Information Sharing
• Credit union must have a contact person to receive requests from FinCEN
• Requests for information sent every 2 weeks
• Credit union has 14 days to search records
• Report only positive matches to FinCEN
• Must maintain evidence of compliance
• Keep documentation confidential & secure
• Cannot disclose FinCEN request
9/22/2016
21
314(b) Information Sharing
• Complete a notice to share information with FinCEN, which is effective for one year.
• Designate a point of contact for receiving and providing information.
• Establish a process for sending and receiving information sharing requests
• Take reasonable steps to verify that the other institution has also submitted the required notice to FinCEN before sharing any information.
• Have procedures in place to ensure the security and confidentiality of information received from other 314(b) institutions.
OFAC Reporting
• Blocked and rejected transactions must be reported to OFAC within 10 business days from the date that property is blocked or transaction is rejected.
• Potential match: 1-800-540-OFAC (6322)
• Can also report electronically at https://abarrslite.ofac.treas.gov/login.aspx
What to do w/ blocked funds?
• Funds must be held in a “blocked account” where only OFAC-authorized debits are allowed.
• Funds must earn interest at a commercially reasonable rate.
• All holders of blocked property must file a comprehensive annual report on blocked property held as of June 30 by September 30 each year.
•
9/22/2016
22
MIP Requirements
• Must obtain at least 4 pieces of information
• Must verify ENOUGH information to know true identity of member
• MIP procedures must be comprehensive and include difficult situations
Member Due Diligence
• Member’s normal and expected transaction activity
• Changes in the member’s risk profile
• Periodically monitor information to keep it up to date
• Collect from all members – not just high risk
Currency Transaction Reports
Credit unions are required to report:
• Deposits, withdrawals, transfers and other transactions
• Involving currency (cash or coin)
• Exceeding $10,000
Includes single or multiple transactions made on the same day (aggregate weekends, ATM and night deposit transactions)
9/22/2016
23
Currency Transaction Reports
• CTR triggers:– Deposits & Withdrawals
– Denomination exchanges
– Loan payments
– ATM transactions
– Purchase of share certificates
– Fund transfer paid for in currency
– Purchase of monetary instruments
CTR Reminder
• If the CTR deadline is missed, begin the process of completing the forms and contact the BSA Hotline for assistance;
• BSA Helpline: 1-800-949-2732 or [email protected]
BSA Compliance Officer
• Must be fully knowledgeable of the BSA and all related regulations.
• Must be fully knowledgeable of the credit union’s products, services, members, geographic location and money laundering risks.
• Should be in a position to regularly apprise the senior management staff and board of directors regarding BSA compliance.
9/22/2016
24
Bank Secrecy Act Training
• All personnel whose duties require knowledge of BSA
• Tailored to specific responsibilities
• New employee orientation
• Periodic training for BSA officers
Bank Secrecy Act Training
• Board of Directors should receive enough training to gain a general understanding to provide adequate oversight
• NCUA recommends BSA training every 12 to 18 months
• Keep records of training programs
BSA Risk AssessmentAssess: products & services,
members,
geographic location
Develop appropriate policies for your risk level,
Risk assessment must be comprehensive and ongoing.
9/22/2016
25
Questions?
• Please send any follow-up questions to [email protected]
• Include “BSA Recertification” in the subject line of your message.
• Good luck on your exam!