Bank Secrecy Act (BSA)/Anti-Money Laundering (AML) Compliance Update

Kim Stock, CRCM

The Bank Secrecy Act (BSA)

• The Bank Secrecy Act (BSA) requires all financial institutions, casinos, and certain other businesses to: Monitor customer behavior File reports on transactions that meet

certain dollar amounts or on transactions that are suspicious

Maintain records of certain transactions

• Financial Crimes Enforcement Network (FinCEN): Bureau of the United States Department of the

Treasury whose mission is to safeguard the financial system from illicit use and combat money laundering and promote national security through the collection, analysis, and dissemination of financial intelligence and strategic use of financial authorities.

Final interpreter of the Bank Secrecy Act https://www.fincen.gov/

Anti-Money Laundering (AML)

• Anti-Money Laundering (AML) A set of procedures, laws or

regulations designed to stop the practice of generating income through illegal actions.

Requires financial institutions and other regulated entities to prevent, detect, and report money laundering activities.

• Anti-Money Laundering (AML) Financial institutions aid U.S.

government agencies and law enforcement by uncovering criminal activities such as money laundering, drug trafficking, tax fraud, human trafficking and possible terrorist financing.

• High Intensity Drug Trafficking Areas Refer to Handout - High Intensity Drug

Trafficking Areas Program Counties https://www.whitehouse.gov/ondcp/h

igh-intensity-drug-trafficking-areas-program

• Money Laundering When illegal money is brought into mainstream

circulation. Launderers hide the source of these illegal funds by making a series of intricate transactions. The true source of the money is “washed away.”

It has been estimated that more than $300 billion is laundered each year in the U.S. alone. More than 81,000 people are convicted of money laundering on some level each year in the U.S.

• Placement First stage in the washing cycle Money laundering involves a “cash intensive”

business generating vast amounts of cash from illegal activities (for example, dealing drugs where payment takes the form of cash).

The cash is placed into the financial system, and to avoid detection is transformed into other asset forms, such as purchasing monetary instruments like money orders.

"Dirty" money is most vulnerable to detection and seizure during placement.

• Layering Middle stage in the washing cycle Separating the illegally obtained money

from its source through a series of financial transactions that makes it difficult to trace the origin

A few of the many mechanisms that may be misused during layering are currency exchanges, wire transmitting services, prepaid cards that offer global access to cash via automated teller machines and goods at point of sale.

• Integration Final stage in the washing cycle Where illegal funds are converted into a

seemingly legitimate form. Integration may include the purchase of

businesses, automobiles, real estate and other assets. Integration of the "cleaned" money into the economy is accomplished by the launderer making it appear to have been legally earned.

By this stage, it is exceedingly difficult to distinguish legal and illegal funds.

Filing Reports

• The Currency Transaction Report (CTR) Records cash transactions that exceed

$10,000. Current CTR Form-User Test System-

http://sdtmut.fincen.treas.gov/news/FinCENBCTR.pdf

CTR FAQ-http://www.fincen.gov/whatsnew/html/ctrfaqs.html

• The Suspicious Activity Report (SAR) Records any known or suspected federal

violation of federal law. Current SAR Form-User Test System-

http://sdtmut.fincen.treas.gov/news/FinCENBSAR.pdf

SAR FAQ-http://www.fincen.gov/whatsnew/html/sarfaqs.html

https://www.fincen.gov/news_room/rp/files/SAR02/SAR_Stats_2_FINAL.pdf

• SAR Stats Publication

Rank State/Territory Filings (Overall) Percentage (Overall)

1 283,295 14.69%

2 188,850 9.79%

3 149,381 7.75%

4 147,171 7.63%

5 119,477 6.20%

Detecting Suspicious Activity

• Detecting Suspicious Activity A SAR must be filed on any known or

suspected federal violation of law Criminal violations involving insider abuse in

any amount Criminal violations aggregating $5,000 or

more when a suspect can be identified Criminal violations aggregating $25,000 or

more regardless of a potential suspect

• Detecting Suspicious Activity Activity not consistent with the

customer’s business Unusual characteristics or behavior Customer attempts to avoid reporting

or record keeping requirements Insufficient information is provided by

the customer

• Detecting Suspicious Activity If you receive a subpoena for a SAR,

notify FinCEN and your regulatory agency.

Whether the action is ultimately fraudulent is up to law enforcement to decide.

• Human Trafficking Use “ADVISORY HUMAN TRAFFICKING” in

the Narrative of the SAR There is no specific check box, so must

check “Other Box” https://www.fincen.gov/statutes_regs/guid

ance/pdf/FIN-2014-A008.pdf Refer to Handout - APPENDIX B: Human

Trafficking Red Flags

• Human Trafficking

• Human Trafficking Backpage.com, then select your state, then city,

then adult Financial institutions are in a unique position to

spot red flags in transaction activity and report them to law enforcement.

Homeland Security Awareness Training – Blue Campaign

https://www.dhs.gov/xlibrary/training/dhs_awareness_training_fy12/hta01/module.htm?refresh=1&

Record Retention

• Maintaining Records The records related to the identity of a customer

must be maintained for five years after the account (e.g., loan, deposit, or trust) is closed.

Additionally, on a case-by-case basis (e.g., U.S. Treasury Department Order, or law enforcement investigation), a financial institution may be ordered or requested to maintain some of these records for longer periods.

BSA Compliance Program

• BSA Compliance Program Internal controls Independent Testing An individual responsible for BSA/AML

compliance Training for appropriate personnel

Internal Controls

• Internal Controls The Board of Directors (BOD) is

ultimately responsible for BSA Creating a culture of compliance Depends on size, structure, risks, and

complexity of the financial institution

• Internal Controls should: Identify products, services, customers,

entities and geographic locations Provide periodic updates to the risk

profile Inform the BOD of compliance

initiatives, deficiencies, corrective action taken and when SARS are filed

• Internal Controls should: Meet all regulatory recordkeeping and

reporting requirements Identify a person or persons responsible for

BSA/AML compliance Provide for dual controls and the

segregation of duties Train employees to be aware of their

responsibilities under the BSA regulations and internal policy guidelines

Independent Testing

• Independent Testing should: Be conducted every 12 to 18 months Evaluate the BSA/AML compliance program Review the financial institution’s risk

assessment Verify adherence to the BSA recordkeeping

and reporting requirements (e.g., CIP, SARs, CTRs and CTR exemptions)

Review staff training for adequacy, accuracy, and completeness

• Independent Testing should: Evaluate efforts to resolve violations and

deficiencies noted in previous audits and regulatory examinations

Review the effectiveness of the suspicious activity monitoring systems used for BSA/AML compliance

Assess the overall process for identifying and reporting suspicious activity

Same person should not conduct BSA training

BSA Officer

• Designating a BSA Officer The BOD must designate a qualified individual to

serve as the BSA compliance officer to coordinate and monitor day-to-day BSA/AML compliance.

The BOD is responsible for ensuring that the BSA compliance officer has sufficient authority and resources to administer an effective BSA/AML compliance program based on the financial institution’s risk profile.

• A BSA Officer should: Be fully knowledgeable of the Bank Secrecy

Act and know the bank’s products, services, customers, entities, geographic locations and the related risks involved

Receive periodic training that is relevant to changing regulatory requirements

Report SARs filed with FinCEN to the BOD so that they can make informed decisions about overall BSA/AML compliance

BSA Training

• BSA Training should: Be conducted annually and include

regulatory requirements and the financial institution’s internal BSA/AML policies and procedures

Be tailored to the person’s specific responsibilities

Be given to new staff during employee orientation

• BSA Training should: Be documented and include training and

testing materials, the dates of training sessions, attendance records and be available for examiner review

Be provided to the BOD on an annual basis and documented in the board minutes along with a copy of the training material

Customer Identification Program (CIP)

• CIP After September 11th, President Bush

signed into law the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act

The minimum standards required under the USA PATRIOT ACT for identifying and verifying the identity of persons opening accounts

• CIP Provide customers with adequate notice that

information will be requested to verify their identities before the account is opened.

IMPORTANT INFORMATION ABOUT PROCEDURES FOR OPENING A NEW ACCOUNT — To help the government fight the funding of terrorism and money laundering activities, federal law requires all financial institutions to obtain, verify, and record information that identifies each person who opens an account. What this means for you: When you open an account, we will ask for your name, address, date of birth, and other information that will allow us to identify you. We may also ask to see your driver’s license or other identifying documents.

• CIP Name Date of Birth (for individuals) Residential or business street address Tax Identification Number

• CIP Procedures to Verify Identity A list of documents acceptable as primary

identification such as drivers license, valid passport, military ID, valid state I.D. Card or U.S. alien registration

A list of secondary identification such as an insurance card, social security card, utility bill or voters registration card

• CIP Procedures of Non-Documentary Verification Chex Systems Telecheck Credit Reporting Agencies Secretary of State web site for businesses Site visit

• CIP – Three Basic Rules Verify the identity of the person opening

the account Maintain records for 5 years after the

account is closed Check government lists (Office of Foreign

Assets and Control) (OFAC)• CIP FAQ’shttp://www.ffiec.gov/bsa_aml_infobase/documents/BSA_AML_FAQ.pdf

314 (a)

• 314 (a) of the USA Patriot Act Law enforcement submits a formal request to

FinCEN naming individuals and businesses that are persons of interest.

FinCEN compiles a list, assigns tracking numbers and emails points of contact designated by financial institutions every other Tuesday notifying them that a new request list is available on the Secure Information Sharing System (SISS).

https://www.fincen.gov/statutes_regs/patriot/pdf/leinfosharing.pdf

• 314 (a)

Required to search records within 14 days Deposit records, loan records, trust

department account records, safe deposit records, securities transactions, remitters of monetary instrument sales, funds transfer records (originators and incoming recipients)

Document searches Appoint back-up point of contact

314 (b)

• 314 (b) Enables financial institutions to share information

with each other if they are registered Must verify the registration of the other institution

involved Only if both institutions believe terrorist activity,

money laundering or unlawful activity is involved Add to policy and procedures before you register Effective for one year FinCEN provides participating financial institutions

with access to a list of other participating financial institutions and their related contact information

BSA/AML Resource

• FFIEC BSA/AML Examination Manual Provides overview of BSA/AML compliance program

requirements, risk management expectations, industry sound practices, and examination procedures. This manual was a collaborative effort of the federal and state banking agencies. The Federal Financial Institutions Examination Council (FFIEC) was established in March 1979 to prescribe uniform principles, standards, and report forms and to promote uniformity in the supervision of financial institutions.

https://www.ffiec.gov/bsa_aml_infobase/pages_manual/manual_online.htm

Common BSA Findings

• Common BSA Findings Inadequately monitoring suspicious activity Failure to identify and monitor high risk customers Failure to conduct adequate risk assessments

APPENDIX J: QUANTITY OF RISK MATRIXhttps://www.ffiec.gov/bsa_aml_infobase/pages_manual/OLM_110.htmBSA/AML Risk Assessment - Overview https://www.ffiec.gov/bsa_aml_infobase/pages_manual/OLM_005.htm

• Common BSA Findings Inadequate BSA/AML training for the

employees and the BOD Failure to obtain independent testing Failure to file a CTR Failure to search records for 314(a) in

a timely manner Failure to identify and monitor Money

Service Business (MSB) customers

• Common BSA Findings Failure to obtain minimum CIP

information Failure to file a timely SAR Failure to monitor wire transfers Failure to monitor monetary

instrument sales BSA officer lacks expertise and

knowledge of the regulations

Penalties for Noncompliance

• Violations of BSA requirements may hold the following penalties: Civil penalties of $1000 per day for each day

of noncompliance A penalty of $500 per violation of the

recordkeeping requirements of the BSA Willful violations may cause civil penalties in

an amount equivalent to that of the transaction or $25,000, whichever is greater

• Violations of BSA requirements may hold the following penalties: If a required CTR is not filed within 15 calendar

days, a $10,000-per-day civil penalty may be imposed until it is filed

Continued noncompliance can result in the issuance of a “Cease & Desist” order from the FDIC

BSA/AML is a safety and soundness issue which affects your camel rating and the growth of your institution

• Penalties for Noncompliance: Any individual who willfully violates the

structuring provisions may be fined $250,000 and/or imprisoned for five years.

Any individual who willfully violates the structuring provisions while violating another federal law, may be fined $500,000 or imprisoned for ten years.

• Penalties for Noncompliance: It is extremely important for financial

institutions to inform their employees that it is not necessarily the financial institution that will suffer the penalty for non-compliance, but it could actually be the employee paying the fine and going to jail.

• Penalties for Noncompliance:Most recently in March of this year, the Office of the

Comptroller of the Currency (OCC) issued a consent order for the payment of a $2,500 civil money penalty and order to cease and desist to the former chief compliance/risk officer of Gibraltar Private Bank and Trust Company in Florida.

The OCC previously issued a $4 million civil money penalty order to Gibraltar Private Bank and Trust Company for willful anti-money laundering compliance violations.

• Penalties for Noncompliance:The chief compliance/risk officer was found to have

failed to timely file suspicious activity reports after being informed by the BSA officer of suspicious activity of a customer who was later convicted of operating an illegal Ponzi scheme.

The OCC also found that the chief compliance/risk officer’s failure to file the SARs were part of a pattern of misconduct that caused more than a minimal loss to the bank. He was ordered to share a copy of the Consent Order with the BOD of any financial institution with which he becomes affiliated.

• Penalties for Noncompliance: The Federal Deposit Insurance Corporation

(FDIC) determined the Bank of Mingo in West Virginia failed to implement an effective BSA/AML Compliance Program over an extended period of time

$4.5 million civil money penalty assessed on June 15, 2015, against the financial institution with only $96 million in assets

• Penalties for Noncompliance: Inadequate internal controls resulted in

unacceptable risk to the financial institution Financial institution failed to file multiple currency

transaction reports and suspicious activity reports associated with this risk

The branch manager pled guilty to making false statements to federal agents regarding suspicious banking activity conducted by a business customer and was sentenced to three years probation and fined $5000.

• Cease and Desist: The Federal Reserve recently issued a Cease

and Desist Order on April 12, 2016 to CommerceWest Bank in Irvine, California.

Examiners identified significant deficiencies in risk management and compliance relating to anti-money laundering including the Bank Secrecy Act, resulting in a compliance program violation.

• The plan shall address: Strengthen board oversight of the bank’s

compliance with BSA/AML requirements Submit an enhanced written BSA/AML compliance

program which contains enhanced internal controls, independent testing, effective training and a risk assessment that identifies and considers all products, services, customer types and geographic locations

Submit a revised program for conducting appropriate levels of customer due diligence

• The plan shall address: Submit an enhanced program for monitoring and

reporting suspicious activity Conduct a review of account and transaction

activity associated with high risk customers Submit a written program for review of new

products, services and business lines and assess potential compliance, reputational, fraud and credit risks including approval by the BOD

Submit an enhanced program for accurately filing CTRs

What’s Next?

Changes to Currency Transaction Report (CTR)

• FinCEN is proposing changes to the CTR A new part of the CTR to record separate

locations for where the report is filed and where the transaction took place

Rename “courier service” to “common carrier”

Facilitate reporting dollar values of multiple transactions without filing multiple CTRS

• FinCEN is proposing changes to the CTR Indicate shared branching transactions Clarify which employees count as a teller Comments were due April 4, 2016

https://www.federalregister.gov/articles/2016/02/02/2016-01825/proposed-collection-comment-request-bank-secrecy-act-currency-transaction-report-bctr-revised-layout

Customer Due Diligence

• Customer Due Diligence Effective Date Unknown Still a proposal, comments were due

last October 3, 2014 Will become effective one year from

the date the final rule is issued It is expected that FinCEN will move

forward and require the identification of beneficial owners

• Enhanced Requirements Establishing and verifying the identity of

customers Establishing and verifying the identity of

beneficial owners Understanding the nature and purpose of

customer relationships Monitoring to maintain and update

customer information and to identify and report suspicious transactions

• Collection of Beneficial Ownership Facilitates tax reporting Increases the transparency of U.S.

legal entities Facilitates global implementation of

international standards Increases efficiency in monitoring

accounts for suspicious activity

• Beneficial Owner Definition is two-pronged – focusing on ownership

and control Ownership – any individual who directly or

indirectly owns 25% or more of the equity interests of a legal entity customer (no more than four individuals)

Control – one individual with significant responsibility to control, manage or direct a legal entity, including an executive officer, senior manager or anyone who performs similar functions

• Standard Certification Form Requires an individual at account opening to

provide each beneficial owner’s name, date of birth, address and social security number (for U.S. persons or other similar identification for foreign persons)

Requires an individual to certify the genuineness of the information provided

• Standard Certification Form Financial institutions should retain this

form and any related identifying information collected for five years after the date an account is closed

Located on pg. 22 at the following link-http://www.fincen.gov/statutes_regs/files/CDD-NPRM-Final.pdf

Refer to Handout

• Amendments to the “Pillars” of the AML Program Add a Fifth Pillar: Appropriate risk-based

procedures for conducting ongoing CDD that include: Understanding the nature and purpose of the

customer relationship in order to develop a customer risk assessment

Conducting ongoing monitoring to maintain and update customer information and to identify and report suspicious transactions

Questions?

Kim Stock, CRCMSenior Compliance Analyst

kstock@shazam.net(800) 537-5427 Ext. 2971