bank secrecy act compliance for experts june 27, 2012 · 2012. 6. 27. · presenters john misgen,...
TRANSCRIPT
-
Bank Secrecy Act
Compliance for Experts
June 27, 2012
-
Presenters
John Misgen, CPA
• Senior Compliance Consultant with CliftonLarsonAllen LLP for more
than six years
• Has provided regulatory compliance assistance, including
BSA/AML/OFAC testing, to financial institutions ranging from less
than $5 million in assets to more than $1 billion in assets.
Jeffrey Pratt
• Deputy Assistant Director, Office of Compliance, Financial Crimes
Enforcement Network
• The Office works to works to better ensure industry compliance with
the Bank Secrecy Act. The Office also tracks the performance of
financial institutions experiencing significant Bank Secrecy Act
compliance deficiencies.
-
Overview of the Regulations
Bank Secrecy Act
USA Patriot Act
Office of Foreign Assets Control
-
Staying Current With Changes
FinCEN provides a Weekly Digest Bulletin
via email
– https://public.govdelivery.com/accounts/USFI
NCEN/subscriber/new?preferences=true
NAFCU provides a daily compliance blog via
email
– http://nafcucomplianceblog.typepad.com/nafc
u_weblog/
https://public.govdelivery.com/accounts/USFINCEN/subscriber/new?preferences=truehttps://public.govdelivery.com/accounts/USFINCEN/subscriber/new?preferences=truehttps://public.govdelivery.com/accounts/USFINCEN/subscriber/new?preferences=truehttps://public.govdelivery.com/accounts/USFINCEN/subscriber/new?preferences=truehttps://public.govdelivery.com/accounts/USFINCEN/subscriber/new?preferences=true
-
BSA/AML Risk Assessment
• Many effective methods and formats for
conducting the risk assessment
• The development of the BSA/AML risk
assessment generally involves two steps
• Business accounts pose more risk;
additional time and resources are needed
to perform these assessments
-
BSA Compliance Program
Management should structure the financial
institution’s BSA/AML compliance program
to adequately address its risk profile
The BSA/AML compliance program must
provide for at least four requirements at a
minimum
-
CIP Requirements
• Each financial institution must implement a
written CIP
• The CIP must be incorporated into the
financial institution’s BSA/AML compliance
program
-
CIP Requirements
• Three basic rules – Verify
– Check
– Maintain
• Verifying identity requires five important
pieces of information
• Notice displayed where accounts are
opened
• Obtain information to assess account risk
-
CIP: Lack of Verification
• CIP must include procedures for when ID
can’t be verified
• Examples: – Unable to provide ID
– False/modified ID
– Online account opening
– Red Flags
-
CIP: Comparison with Govt Lists
The CIP must include procedures for
determining whether the member appears
on any federal government list of known or
suspected terrorists or terrorist
organizations. – OFAC Specially Designated Nationals (SDN) List
– Must be done at time of account opening or earlier
-
CIP: Use of Other Parties
Permitted to rely on another financial
institution if addressed in CIP certain
criteria are met.
Permitted to rely on third parties, but credit
union is ultimately responsible
-
Member Due Diligence
Must have procedures in place to have a
“reasonable expectation of the types of
transactions a member conducts.”
• At account opening
• High-risk members and their transactions
should be reviewed more closely
-
Member Due Diligence
• Determine which reports currently being
used will address any of the risks needing
monitoring
• Business accounts create additional
inherent risk and need additional
monitoring
• Every institution has specific risks.
• Member due diligence procedures should
be documented
-
Suspicious Activity Monitoring
Most common is money laundering
Other common types of suspicious activity • Check Fraud
• Check Kiting
• Counterfeit Check
• Counterfeit Credit/Debit Card
• Credit/Debit Card Fraud
• Loan Fraud
• Wire Transfer Fraud
• Identity Theft
-
Detecting Suspicious Activity
• Examples of Suspicious Activity
• Credit unions should have a means for
front line staff to report suspicious activity
to a supervisor or BSA Officer
immediately.
-
Detecting Suspicious Activity
• Need adequate monitoring system – Determining whether manual or automated software
is needed
– Understanding the filtering criteria of a surveillance
monitoring system is critical
• Should establish policies, procedures, and
processes for identifying and monitoring
subjects of law enforcement requests
-
17
Shared Branching
17
CTR Requirements
-“By, through, or to” -FinCEN Ruling 2001-1 Establish written protocols Aggregation
-
18
Shared Branching
18
SAR Requirements
-“By, at, or through” -Confidentiality
Determine Risk Importance of Communication
-
19
Shared Branching
19
Agent status 314(b) Money Laundering/Terrorist Financing FIN-2009-G002 “information relating to transactions that may involve the proceeds of one or more specified unlawful activities remain within the protection of the section 314(b) safe harbor from liability”
-
20
Shared Branching
20
SAR Joint Filing
-
21
Electronic Filing Dates
21
Mandatory Electronic Filing July 1, 2012 New CTR and New SAR required March 31, 2013
-
FinCEN’s View on Monitoring
Manual vs. Automated
-
Reporting Suspicious Activity
Do you know when a SAR is required to be
filed?
Do you know there is a safe harbor for SARs
filed?
-
Reporting Suspicious Activity
• A SAR must be filed within 30 days after
the initial detection if the suspect is known. • You have up to 60 days, if suspect is not known.
• Narrative—Be complete!
• Keep but do not file supporting documents
• Account should be monitored for
continuing activity
-
Reporting Suspicious Activity
• All investigations should be documented
• Required reporting to the board – Board or an appropriate board committee
– Regulations do not mandate a particular notification format
-
Confidentiality of SARs
• Highly confidential!
• Only those in the credit union who need to
know should be informed of a SAR
• DO NOT TELL MEMBER
• This should be included with each training
session (employees and board)
-
Currency Transaction Reporting
• Currency = coin and paper money of the
U.S. or any other country designated as
legal tender
• Cash Transactions > $10,000
• CTRs must be filed with FinCEN within 15
days after the date of the transaction – You have up to 25 calendar days if you are E-Filing
(until March 31, 2013)
-
CTR Reporting
All beneficiaries must be reported – Gets
confusing!
• For deposits, all those who are known to
benefit from the transaction must be
identified on the CTR.
• For withdrawals, only person conducting
transaction unless…
• Examples
-
CTR Reporting
For businesses:
• sole proprietorships
• separate legal entity with a TIN - general
rule
• Separately incorporated entities are
presumed to be independent persons,
unless information shows otherwise
• Examples
-
CTR Exemptions
• Not required to exempt
• 2 phases – Phase I and Phase II – Phase I
– Phase II
-
Currency Purchases of
Monetary Instruments
• Recordkeeping only required if daily
purchases aggregate to $3,000 or more
• Requirements for member purchases
• Non-members = need more
• Need to have a process in place to
aggregate multiple purchases at multiple
branches < $3,000 if daily aggregation is
$3,000 or more
-
Funds Transfers Recordkeeping
• Originator responsibilities
• Beneficiary responsibilities
• Must be retrievable by name and account
number for five years
• Must have a process to monitor funds
transfers for suspicious activity
-
OFAC
Should conduct an OFAC risk assessment
Should have policy and procedures • Designate an OFAC officer
• Independent testing
• Screening requirements
• How to determine and document whether OFAC hit is
valid or false-positive
• Procedures for reporting blocked funds to OFAC
• Training
-
Commonly Cited Violations
In the news: • 2010: Wachovia Bank $110,000,000
• 2010: Pamrapo Savings Bank $5,000,000
• 2010: ANB AMRO Bank $500,000,000
• 2011: Zions First Nat’l Bank $8,000,000
• 2011: Oceans Bank $10,900,000
• 2011: Mendoza (individual) $25,000 and 6
months prison
• 2012: Citibank, N.A. Cease and desist
• 2012: ING Bank N.V. $619,000,000
-
Commonly Cited Violations
What we see: • BSA/AML risk assessment not detailed
• MDD procedures not specifically documented
• Inadequate MDD on MSBs
• Inadequate MDD on share branching/3rd party
• SARs not completed correctly (narrative)
• CTRs not listing all those benefiting
• No specific OFAC risk assessment
• Weak or undocumented OFAC policy/procedures
• No procedures for reviewing law enforcement requests
• Training deficiencies
-
Penalties for Non-Compliance
Failure to comply with the BSA can have
serious consequences for you and for your
institution. • BSA violations involve civil, criminal, and intangible
penalties
• The federal banking agencies and FinCEN can bring civil
money penalty actions
In addition to above, individuals may be
removed from banking
-
Changes in Next 12 Months
Known: • Exemption changes for payroll members – Immediate
• E-filing requirements – July 1, 2012
• BSA implications on non-bank mortgage lenders –
August 13, 2012
• New CTR, SAR, and DOEP forms – March 31, 2013
– Testing site: http://sdtmut.fincen.treas.gov/main.html
http://sdtmut.fincen.treas.gov/main.html
-
Changes in Next 12 Months
Expected: • Member Due Diligence Requirements
-
39
Available Resources
The SAR Activity Review, Trends, Tips, and Issues
SAR reporting guidance
Advisories/Bulletins/FAQs/Fact Sheets
Analytic Assessments – Mortgage Loan Fraud, Commercial Real Estate Fraud, Identity Theft
FinCEN web site – Law Enforcement Cases and Success Stories
39
-
40
Contact Information
FinCEN Regulatory Helpline
1-800-949-2732
Financial Institutions Hotline
1-866-556-3974 www.fincen.gov
E-Filing Service Desk Number
1-866-346-9478 (Option 1)
40
http://www.fincen.gov/mailto:[email protected]
-
Questions?
John Misgen, CPA
Senior Compliance Consultant
CliftonLarsonAllen LLP
507-434-7032
mailto:[email protected]