Bank Secrecy Act

CUNA

Must Know Mondays

November 17, 2014

1

2

David A. Reed

Attorney at Law

Reed & Jolly, PLLC

Fairfax, Virginia

david@reedandjolly.com

(703) 675-9578

2

3

The contents of this presentation are intended

to provide you with a general understanding

of the subject matter. However, it is not

intended to provide legal, accounting, or

other professional advice and should not be

relied on as such.

BSA Laws

• Anti-Drug Abuse Act of 1986

• Money Laundering Control Act of 1986

• Bank Secrecy Act of 1970

• Currency and Foreign Transactions Reporting

Act

• NCUA Rules and Regulation Part 748.2

• Financial Recordkeeping and Reporting of

Currency and Foreign Transactions rules

• Title III of the USA PATRIOT Act

4

BSA Compliance Issues

• Board’s Role in BSA Compliance

• Anti-Money Laundering Policy

• Reportable Cash Transactions/CTRs

• CTR Exemptions

• Suspicious Activity Reports

• Monetary Instruments Recordkeeping

• Documentation of Funds Transfers

• USA PATRIOT Act – CIP/MIP and Information Sharing

• Record Retention

• Penalties

5

What’s New with BSA?

• It continues to be a high examination priority.

• New CTR and SAR forms (March 31, 2013).

• Mandatory electronic filing of CTR and SAR forms.

• New leadership at FINCEN6

NCUA Rule 701.4

• Clarification and standardization of key

FCU director duties in one place.

• Only applies to FCU directors!

• Best practices for ALL directors.

7

Duties of a Director(1) Carry out his or her duties as a director in good

faith, in a manner such director reasonably believes to be in the best interests of the membership of the Federal credit union as a whole, and with the care, including reasonable inquiry, as an ordinarily prudent person in a like position would use under similar circumstances;

(2) Administer the affairs of the Federal credit union fairly and impartially and without discrimination in favor of or against any particular member;

8

Duties of a Director

(3) At the time of election or appointment, or within a reasonable time thereafter, not to exceed six months, have at least a working familiarity with basic finance and accounting practices, including the ability to read and understand the Federal credit union's balance sheet and income statement and to ask, as appropriate, substantive questions of management and the internal and external auditors; and

(4) Direct management's operations of the Federal credit union in conformity with the requirements set forth in the Federal Credit Union Act, this chapter, other applicable law, and sound business practices.

9

The All Seeing Eye

10

1

1

Board Responsibilities - The Buck

Stops With You!

• Being a Board member is NOT a spectator sport!

• Directors are the ultimate decision makers

• You can delegate the task, not the associated responsibility

1

2

Things to consider

• How is the compliance function supported

at your credit union?

• BSA Compliance – What’s in your

system?

• Product development and delivery

systems

• Compliance committee

• What’s the worse that can happen?

12

1

3

What the Examiner Wants to See

• An effective compliance management system is

commonly comprised of three interdependent

elements:

– Board and management oversight

– Compliance program

– Compliance audit

• When all elements are strong and working together,

an institution will be successful at managing its

compliance responsibilities and risks now and in the

future.

The Moving Parts of Security

• Part 748 Security Program

• Part 748.1 Filing of Reports

– Compliance Report

– Catastrophic Act

– Suspicious Activity Report

• Part 748.2 BSA Compliance

– Establish a compliance program

– CIP

• Appendix A Safeguarding Member Information

• Appendix B Response Program – Unauth. Access

1

5

Board Responsibilities

• Board, appropriate committee, or designated employee in senior management should:

– Assign specific responsibility for the Program’s implementation

– Approve initial Program and changes and record in the board's minutes

– Review annual reports regarding compliance

– Have staff responsible for Program report to the board

The Certification

“The chairperson of the Credit Union’s Board of Directors is required to certify compliance with Part 748 each year. The statement of compliance is provided at the bottom of the Credit Union Profile Form that is submitted annually to the regional director following the credit union’s election of officials.”

Source: NCUA CU Profile Form 6/14

I hereby certify to the best of my knowledge and belief that this credit union has developed and administers a security program that equals or exceeds the standards prescribed by Part 748.0of the NCUA Rules and Regulations; that such security program has been reduced to writing, approved by this credit union's Board of Directors; and this credit union has provided for the installation, maintenance, and operation of security devices, if appropriate, in each of its offices. Further, I certify that I am the president or managing official of the credit union or that the president or managing official has authorized me to make this submission on his/her behalf.

______________________________________________

YOUR NAME HERE

Anti-Money Laundering Policy

and Program

• NCUA Rules and Regulations, Part 748

– Designation of BSA Compliance Officer

– Development of internal controls,

procedures, and policies

– Ongoing training

– Independent audit function/testing of

program

1

8

1

9

Risk Assessment: It All Starts Here

• The risk assessment should be considered

the foundation of a BSA/AML compliance

program.

• Without a comprehensive risk analysis of

its business, it is highly unlikely that a

credit union can design an effective

program well suited to manage the risks of

that particular institution.

19

Currency Transaction Reports

• Credit unions are required to report:

– Deposits, withdrawals, transfers and other

transactions

– Involving currency (cash)

– Exceeding $10,000

• Includes single or multiple transactions made on

the same day (aggregate weekends, ATM and

night deposit transactions)

2

0

Currency Transaction Reports

• Includes transactions made by the member or on behalf of the member

• Joint accounts – CTR should list all joint owners on account for deposits. In the case of account withdrawals, list only the individual who is making the withdrawal unless you have facts to suggest that all or additional joint owners will benefit from the transaction.

• CTR forms must be filed within 15 days of the transaction.

2

1

Completing and Filing the CTR

• FinCen Form 104

• Part I - Person(s) involved in the transaction

– Section A

– Section B

• Part II – Amount and type of transfer

• Part III – Credit union information

• Filing

2

2

Proper Identification

• Person presenting a reportable transaction

– Name

– Address

• Person on whose behalf a reportable

transaction is made

– Identity

– Account number

– SSN/TIN

2

3

Suspicious Activity Reporting

• FinCen Form TD-F- 90-22.47

• When to file a Suspicious Activity Report?– Insider abuse involving any amount

– Violations aggregating $5,000 or more where a suspect can be identified

– Violations aggregating $25,000 or more, regardless of a potential suspect

– Transaction aggregating $5,000 or more that involve potential money laundering or violations of the BSA

2

4

Suspicious Activity Reports

• Credit unions are also advised to file a SAR:

– whenever it suspects that identity theft has

occurred, or

– if it detects money laundering or structuring

transactions to evade currency transaction

reporting.

– if there is reason to suspect a transaction is

relevant to a possible violation of law or

regulation– the “catch-all” provision.

2

5

What’s suspicious activity?

• There are a number of activities that

should raise a “red flag” as possibly

facilitating money laundering or terrorist

financing.

• “Red flags” warrant closer scrutiny,

which will sometimes include filing a SAR .

2

6

Red Flags

• A member uses unusual or suspicious

identification documents that cannot be

readily verified.

• A member makes frequent or large

transactions and has no record of past or

present employment experience.

2

7

Red Flags

• A member tries to persuade a credit union

employee not fill out a CTR or maintain

required records.

• A member separates a cash transaction

over $10,000 in to several transactions in

an attempt to avoid the CTR reporting

threshold.

2

8

Red Flags

• When establishing a new account, a

member is reluctant to provide complete

information about the nature and purpose

of his business, anticipated account

activity, prior relationships with financial

institutions, information on the location of

the business or the names of its officers

and directors.

2

9

Suspicious Activity

• Transactions involving illegal funds

• Structuring

• Uncooperative members

• Evasion of BSA reporting requirements

• Inconsistent member activity

• Computer Intrusion

• Terrorist activity

• Identity theft

3

0

Notifying the Board of SAR Filings

• Management must “promptly” notify the

CU’s board of directors (or designated

committee) of any SAR filings.

• “Promptly” means at least monthly, e.g.,

the monthly board meeting.

3

1

Notifying the Board of SAR Filings

• There is no required format for sharing

SAR information with the board:

– May use a spreadsheet or otherwise

summarize the SARs that were filed.

– May also share a copy of the actual SAR with

the board; however, remember SAR

confidentiality if an insider was involved in the

reported activity!

3

2

Confidentiality Is Essential!

• FINCEN emphasized this fact in their 3/12 bulletin:

“FinCEN reminds financial institutions to be vigilant in maintaining the confidentiality of SARs. This includes ensuring all employees, agents, and individuals appropriately entrusted with information in a SAR are informed of the individual obligation to maintain SAR confidentiality. This obligation applies not only to the SAR itself, but also to information that would reveal the existence (or non-existence) of the SAR. Likewise, such persons should be informed of the consequences for failing to maintain such confidentiality, which could include civil and criminal penalties as explained herein.”

3

3

Your Experience Matters

• Review the credit union’s CTRs and SARs

history.

• How many are filed each year?

• Are the numbers increasing or decreasing?

• What are the recurring themes?

3

4

Money Laundering Red Flags

• Appendix F of the FFIEC BSA Manual

• Contains examples of suspicious activity

• Red flags don’t mean illegal activity, only

the need for additional due diligence

• Great resource for your BSA program

3

5

Monetary Instrument

Recordkeeping

• Sales of monetary instruments involving

$3,000 - $10,000 cash

– Cashier’s checks

– Teller checks

– Money orders

– Traveler’s checks

3

6

USA PATRIOT Act• Customer/Member Identification Program

(CIP/MIP)

1)Verify the identity of any person seeking to open an account.

2)All information used to verify the person’s identity must be recorded and maintained.

3)Each new member’s name must be screened against any government list of known or suspected terrorists.

4)Member Identification Program must be approved by the credit union’s Board of Directors.

3

7

BSA Forms

• Remember

– CTRs do not have to be confidential

– SARs are confidential

– When completing these forms, do

not write “I don’t know”

• Unavailable or unknown

3

8

3

9

BSA - Bank Secrecy Act

INTRODUCTION AND PURPOSE

REPORTS

PENALTIES

RECORD RETENTION REQUIREMENTS

REGULATORY REFERENCES

Risk Assessment / Scoping Yes/No Comments

1.0.0 Does review of the AIRES Compliance Violations module indicate that all

prior violations are resolved?

2.0.0 Has the credit union received correspondence from law enforcement or

outside regulatory agencies relating to BSA compliance since the last

examination?

3.0.0 Does the credit union maintain a list of high risk accounts?

4.0.0 Has the credit union completed an appropriate assessment of BSA AML risk?

4.0.a a. If response to Question 4.0.0 is no, assess BSA risk using examiner

judgment and note exam BSA risk assessment in Comments box.

Basic Requirements - Policy Yes/No Comments

5.0.0 Has the board of directors established an appropriate written program to

assure the CU meets BSA reporting and recordkeeping requirements?

Does the written BSA compliance program address:

5.0.a a. Internal Controls (748.2(c)(1))

5.0.b b. Independent Testing (748.2(c)(2))

5.0.c c. Responsible Individual (748.2(c)(3))

5.0.d d. Training (748.2(c)(4))

5.0.e e. Customer Identification (748.2(b))

4

0

4

1

Most Common Violations

• Training

– Not recent

– Not documented

• Independent Testing

– Not covering all credit union operations

– Not recent (12 to 18 months)

4

2

Most Common Violations

• Internal Controls

– Risk assessment not updated

– Suspicious Activity Monitoring System inadequate

• Information Sharing (FinCEN 314(a) lists)

– Not checking the lists

– No documentation

– Self certification

4

3

Most Common Violations

• Notification of SAR filings to BOD

– Not included in minutes

– Not referenced in policy

Penalties

• Individuals who intentionally violate the

BSA could face criminal penalties of not

more than $500K and imprisonment not to

exceed 10 years.

• Currency and other monetary instruments

are subject to seizure and forfeiture if

certain violations are committed.

4

4

4

5

• The FFIEC Bank Secrecy Act/Anti-Money

Laundering Examination Manual

• Available online at

http://www.ffiec.gov/bsa_aml_infobase/defaul

t.htm

• Considered the “BSA bible” by examiners!

Be sure to read!!!

Online Resources

– National Credit Union Administration

www.ncua.gov

– Financial Crimes Enforcement Network

www.fincen.gov

– MSB Resources found at www.msb.gov or

www.fincen.gov

– Office of Foreign Assets Control

www.treas.gov/offices/enforcement/ofac

4

6

4

7

QUESTIONS?