Bank Secrecy Act AntiMoney Laundering

1
Bank Secrecy Act/ Anti-Money Laundering

• Florida Credit Union League
• Annual Convention Exposition
• Orlando, Florida
• June 13, 2007
• By Jeffrey L. Garner, Financial Specialist

2
(No Transcript)
3
Importance of BSA

• More time reviewing BSA on examinations
• Administrative Actions
• Board Resolutions
• Memorandums of Understanding
• Cease and Desist Orders
• Civil Money Penalties
• Criminal Penalties

4
Government Agencies

• U.S. Treasury - requires financial institutions
  to establish AML programs, file certain reports,
  and keep records of transactions
• Financial Crimes Enforcement Network (FinCEN) - a
  bureau of the U.S. Treasury, is the delegated
  administrator of the BSA
• Federal Financial Institutions Examination
  Council (FFIEC) - Formal interagency body
  empowered to prescribe uniform principles,
  standards, and report forms for the federal
  examination of financial institutions

5
FFIEC

• FFIEC consists of
• Board of Governors of the Federal Reserve System
  (FRB)
• Federal Deposit Insurance Corporation (FDIC)
• National Credit Union Administration (NCUA)
• Office of the Comptroller of the Currency (OCC)
• Office of Thrift Supervision (OTS)

6
BSA/AML Compliance Program

• NCUA Rules and Regulations Part 748.2
• Requires the BSA Compliance Program be written
  and Board approved. Minimum requirements
  include
• System of Internal Controls to assure ongoing
  compliance
• Independent testing
• Designate an individual or individuals
  responsible for day-to-day compliance
• Training for appropriate personnel

7
Internal Controls

• Risk-focused approach
• Board and management oversight
• Written policies and procedures
• Monitoring and due diligence
• Management succession
• Strong management information system

8
Independent Testing

• Performed by individuals independent from the
  compliance function
• Auditor should have sufficient knowledge of
  BSA/AML laws and regulations
• Risk-based audit program
• Transaction testing

9
BSA Officer

• Has policy/decision making authority
• Has sufficient resources
• Qualifications, knowledge, and training
• Communication line to Board of Directors
• Required for all new bank charters

10
Training

• For directors, senior management, and all staff
• Conducted at least annually by qualified source
• New employees should be trained ASAP
• Should include regulatory requirements and
  policies/procedures
• Example of teller selling monetary instrument to
  non-customer
• Document attendance (track those that have not
  attended and perform make up training)

11
Risk Assessment

• Two step process
• Identification
• Analysis
• Products/Services
• Customers/Entities
• Geographic location

12
(No Transcript)
13
Risk Assessment

• Common problems
• Incomplete list of products and services
• Failure to consider HIDTA
• Failure to update annually or when things change
• No explanation for the risk ratings
• No explanation of how the risk assessment
  translates to the BSA Program

14
USA PATRIOT Act

• Uniting and
• Strengthening
• America by
• Providing
• Appropriate
• Tools
• Required to
• Intercept and
• Obstruct
• Terrorism

• Section 326 - Customer Identification Program
  (CIP)
• Section 314 - Information Sharing

15
CIP Basic Requirements

• Collect minimum information (All Accounts)
• Name
• Address
• Date of Birth-if individual
• Identification Number
• Verify customer information timely
• Documentary
• Non-Documentary
• Additional Verification
• Maintain appropriate records
• Records Retention (5 years after account closed)
• Consult government terrorist lists
• Customer Notice
• Account opening method (Internet)

16
Customer Due Diligence (CDD)

• The concept of CDD begins with verifying the
  customers identity and assessing the risks
  associated with that customer
• Obtain information at account opening sufficient
  to develop an understanding of normal and
  expected activity for the customers occupation
  or business operations
• Common exceptions include incomplete forms
  (transaction activity)

17
Enhanced Due Diligence (EDD) for High-Risk
Customers

• Policies, procedures, and processes should be
  developed
• Understand anticipated transactions
• Implement monitoring system
• File SARs if applicable
• Common exceptions include
• Infrequent/inconsistent monitoring
• Lack of documentation of monitoring
• Not obtaining complete and accurate information
  at account opening (transaction activity)

18
High-Risk Products/Services

• Electronic funds payment services m-payments,
  stored value cards, wires, third-party payment
  processors, remittance activity, automated
  clearing house transactions, and automated teller
  machines
• Electronic banking
• Private banking (domestic and international)
• Trust and asset management services
• Monetary instruments
• Foreign correspondent accounts
• Trade finance (letters of credit)
• Special use or concentration accounts
• Loans secured by cash collateral and marketable
  securities
• Non-deposit investment products and insurance

19
EDD Information

• Purpose of the account
• Source of funds and wealth
• Beneficial owners of the accounts
• Customers (or beneficial owners) occupation or
  type of business
• Financial statements/banking references
• Domicile (where the business is organized)
• Proximity of customers residence, place of
  employment, or place of business to the bank
• Description of the customers primary trade area
  and whether international transactions are
  expected to be routine
• Description of the business operations, the
  anticipated volume of currency and total sales,
  and a list of major customers and suppliers
• Explanations for changes in account activity
  (Implies ongoing monitoring)

20
Information Sharing

• Information Sharing Between Law Enforcement and
  Financial Institutions Section 314(a) of the
  Patriot Act (31 CFR 103.100)
• Voluntary Information Sharing Section 314(b) of
  the Patriot Act (31 CFR 103.110)

21
Section 314(a)

• One-time search
• Have 14 days to respond if necessary
• Must search
• current accounts
• accounts maintained during the preceding 12
  months
• transactions conducted outside of an account by
  or on behalf of a named suspect during the
  preceding six months

22
Section 314(a) (continued)

• Financial institutions are NOT required to search
  the following
• Checks processed through an account for a payee
• Monetary instruments for a payee
• Signature cards
• CTRs and SARs previously filed

23
Section 314(a) (continued)

• Common exceptions include
• Documentation
• Performing the search timely
• No policies/procedures
• Non-customer purchase of monetary instrument

24
Currency Transaction Reports

• A financial institution must file a Currency
  Transaction Report (CTR) (FinCEN Form 104) for
  each transaction in currency of more than 10,000
  by, through, or to the institution
• Deposit
• Withdrawal
• Exchange
• Other payment or transfer
• A completed CTR must be filed with FinCEN within
  15 days after the date of the transaction (25
  days if filed magnetically or electronically)

25
CTRs

• Common exceptions include
• Not filed timely
• Not completed correctly
• Lack of dual control and segregation of duties

26
CTR Aggregation

• Financial institution must treat multiple
  transactions as single transaction if it has
  knowledge that multiple transactions are by or on
  behalf of any person and transactions exceed
  10,000 during any one business day
• Aggregation not required if businesses are
  operated separately and independently
• However, financial institutions are still
  obligated to file a suspicious activity report
  if applicable
• http//www.fincen.gov/fincenruling2001-2.pdf

27
CTR Exemptions

• Phase I (31 CFR 103.22(d)(2)(i)-(v))
• Banks having U.S. activity
• Federal, state, or local governments
• Publicly Listed corporations subsidiaries
• Phase II (31 CFR 103.22(d)(2)(vi)-(vii))
• Non-listed Businesses
• Payroll Customer
• If maintained transaction account for 12 months
• Frequently engage in currency transactions over
  10,000

28
CTR Exemptions (continued)

• Certain businesses are ineligible for treatment
  as an exempt non-listed business
• A business that engages in multiple business
  activities may qualify for an exemption as a
  non-listed business as long as no more than 50
  of its gross revenues per year are derived from
  one or more of the ineligible business activities

29
Ineligible Business Activities

• Serving as financial institution or agents for a
  financial institution
• Purchasing or selling motor vehicles of any kind,
  vessels, aircraft, farm equipment, or mobile
  homes
• Practicing law, accounting, or medicine
• Auctioning of goods
• Chartering or operation of ships, buses, or
  aircraft
• Operating a pawn brokerage
• Engaging in gaming of any kind (other than
  licensed pari-mutuel betting at race tracks)
• Engaging in investment advisory services or
  investment banking services
• Operating a real estate brokerage
• Operating in title insurance activities and real
  estate closings
• Engaging in trade union activities
• Engaging in any other activity that may, from
  time to time, be specified by FinCEN

30
Annual Review

• The information supporting each designation of a
  Phase I exempt person must be reviewed and
  verified at least once per year
• The information supporting each designation of a
  Phase II exempt person must be reviewed and
  verified at least once per year. Management
  should document the annual review. Also must
  review/verify that management monitors Phase II
  accounts for suspicious transactions.
• Biennial Renewal - For Phase II exemptions,
  FinCEN Form 110 must be filed every two years, on
  or before March 15

31
Suspicious Activity Reporting

• Criminal violations involving insider abuse in
  any amount
• Criminal violations aggregating 5,000 or more
  when a suspect can be identified
• Criminal violations aggregating 25,000 or more
  regardless of a potential suspect
• Transactions aggregating 5,000 or more, if the
  institution knows, suspects, that the
  transaction
• Involves illegal activity
• Is designed to evade BSA regulations
• Has no business or apparent lawful purpose

32
Timing of a SAR Filing

• The SAR rules require that a SAR be filed no
  later than 30 calendar days from the date of the
  initial detection of facts that may constitute a
  basis for filing a SAR
• If no suspect can be identified, the time period
  for filing a SAR is extended to 60 days

33
SARs

• Must be reported to the Board of Directors
• Directors can dictate how much information
• Must document decisions not to file
• Policies/procedures concerning subjects of law
  enforcement requests should address
• Monitoring transaction activity
• Identifying unusual/suspicious activity
• Filing SARs if applicable

34
SARs

• Common exceptions include
• Lack of detail in narrative
• Forms not completed correctly
• Not filed timely
• Attachments to SARs should be maintained at the
  institution (See SAR Instructions)

35
Purchase and Sale of Monetary Instruments
Recordkeeping

• Under 31 CFR 103.29 banks are required to verify
  the identity of persons purchasing monetary
  instruments for currency in amounts between
  3,000 and 10,000, inclusive, and to maintain
  records of all such sales

36
If The Purchaser Has A Deposit Account

• Name of the purchaser
• Date of purchase
• Types of instruments purchased
• Serial numbers of each of the instruments
  purchased
• Dollar amounts of each of the instruments
  purchased in currency
• Specific identifying information

37
If The Purchaser Does Not Have A Deposit Account

• Name and address of the purchaser
• Social Security or alien identification number of
  the purchaser
• Date of birth of the purchaser
• Date of purchase
• Types of instruments purchased
• Serial numbers of each of the instruments
  purchased
• Dollar amounts of each of the instruments
  purchased
• Specific identifying information for verifying
  the purchasers identity (state of issuance and
  number on drivers license)

38
Wire Transfer Recordkeeping

• For each payment order in the amount of 3,000 or
  more accepted as originator, the institution must
  obtain and retain the following records (31 CFR
  103.33(e)(1)(i))
• Name and address of the originator
• Amount of the payment order
• Date of the payment order
• Any payment instructions
• Identity of the beneficiarys institution
• As many of the following items as are received
  with the payment order
• Name and address of the beneficiary
• Account number of the beneficiary
• Any other specific identifier of the beneficiary

39
Wire Transfers

• Frequency and dollar volume
• Domestic vs. International
• Separation of duties
• Written agreements for customers who frequently
  call or fax wire requests
• OFAC checks

40
Automated Clearing House (ACH)

• Frequency and dollar volume
• Monitor high-risk customers using ACH
  transactions
• ACH transactions that are originated through a
  TPSP (Originator not a direct customer of the
  ODFI) increase BSA/AML risks
• All parties to an ACH transaction are subject to
  OFAC requirements

41
Office of Foreign Assets Control (OFAC)

• Office of the Treasury that administers and
  enforces economic sanctions
• Prohibits transactions with Specially Designated
  Nationals and Blocked Persons
• If found, must block/freeze targeted property

42
OFAC

• Management should have policies and procedures to
  monitor compliance
• If institution fails to block transactions,
  subject to substantial penalties
• Common exceptions include
• OFAC not searched timely
• OFAC search not performed on all principals
• OFAC search performed but not documented
• Non-customer transactions

43
(No Transcript)
44
For More Information Contact

• Sharon Whiddon, Bureau Chief
• (850) 410-9536
• Sharon.Whiddon_at_fldfs.com
• John Salem, Area Financial Manager-North FL
• (904) 798-4929
• John.Salem_at_fldfs.com
• Larry Peters, Area Financial Manager-South FL
• (813) 218-5363
• Larry.Peters_at_fldfs.com
• Copy of presentation available at www.flofr.com