I. INTRODUCTION
The U.S. Congress enacted the “Bank Secrecy Act” [Titles I and II of P.L. 91-508 (1970), as amended – Title II is called the “Currency and Foreign Transactions Reporting Act.”] to deter “white collar” crime in the areas of money laundering, organized crime activities, drug trafficking and income tax evasion. The “Bank Secrecy Act (BSA) requires banks to retain records to trace details of financial transactions if investigators need to do so and requires banks to report certain financial transactions. The BSA also serves to provide information on the use of secret foreign bank accounts. The BSA was effective November 1, 1971 (31 U.S.C. §§ 5311-5322): regulations were implemented July 1, 1972, which continue to be revised (See, Title 31 Chapter X - Financial Crimes Enforcement Network).
The constitutionality of the BSA was challenged in California Bankers Assn. v. Shultz, 416 U.S. 21 (1974), wherein the U.S. Supreme Court rejected claims that various parts of the BSA violated constitutional due process requirements, the Fourth Amendment protection against unreasonable searches and seizures, and the Fifth Amendment privilege against self-incrimination. The Court noted that the information sought from reporting banks concerned transactions to which banks themselves had been parties. In a subsequent U.S. Supreme Court decision, U.S. v. Miller, 425 U.S. 435 (1976), an issue not addressed in California Bankers Assn. was settled when the court ruled that bank customers possess no privacy interests protected by the Fourth Amendment in records of their affairs maintained by the banks with which they deal.
President Reagan signed the “Omnibus Drug Enforcement, Education and Control Act of 1986” (P.L 99-570) into law, which in part amended the BSA to criminalize money laundering derived from criminal activity or to evade currency transaction report (CTR) requirements by adding a specific provision against “structuring” of transactions. In addition, the Act makes banks and bank employees liable to prosecution should they “knowingly” accept currency or property from illegal activities and requires individuals who are exempt from CTR requirements to sign a statement to that effect. Provisions of this Act had various effective dates, although most provisions took effect on January 27, 1987.
Bank recordkeeping burdens were further increased with the passage of the “Omnibus Drug Initiative Act of 1988.” Major provisions required banks to record the method of identification verification for issuing bank checks or drafts, traveler’s checks, money orders or cashier’s checks purchased by currency of $3,000 or more. The law allowed the Treasury Department to order targeted financial institutions, and in certain geographic regions, to file CTRs on amounts over $3,000. “Right to Financial Privacy Act” protections were removed for bank “insiders” including “major borrowers.” Disclosures for suspicious activities were also extended beyond individuals to include corporate activities. Penalties for willful violation of BSA recordkeeping regulations were increased up to $10,000 per day.
President Bush signed “The Housing and Community Development Act of 1992” which contained several money laundering provisions in Title XV (known as the “Annunzio-Wylie Anti-Money Laundering Act”), including procedures for removal of bank officers or directors, cancellation of deposit insurance and appointment of a bank receiver or termination of a national bank’s charter for either money laundering offenses or willful BSA violations. Negligent violation of the BSA could result in a $50,000 civil money penalty. The Act authorized the Treasury Department to require banks and it officers, employees or agents to report any suspicious transaction relevant to a possible violation of law or regulation and to provide that no person involved in such transaction be notified of the report. Also, any person who makes a report is shielded from criminal or civil liability for reporting (“safe-harbor” provision). The Act authorized Treasury to require that banks carry out anti-money laundering programs, authorized special record-keeping rules relating to funds transfer transactions, and created the BSA Advisory Committee. Finally, the Act made operation of an illegal money transmitting business a crime and required mandatory reexamination of the charters of federally-chartered or -insured depository institutions convicted of money laundering.
After its establishment in 1994, the BSA Advisory Group (consisting of 30 individuals drawn from the financial industry – including bankers, securities broker-dealers and other non-bank financial institutions – and federal and state regulatory and law enforcement agencies) has offered advice to Treasury on utilization of anti-money laundering programs to law enforcement and reducing the regulatory burden. Chaired by the Treasury Department’s Under Secretary for Enforcement, Group actions include the elimination of unnecessary reporting requirements, simplified reporting forms, and refinement of the funds transfer recordkeeping rules.
Further BSA amendments became effective when President Clinton signed the “Community Development and Regulatory Improvement Act of 1994” [containing the provisions of the “Money Laundering Suppression Act of 1994” (MLSA)]. Reporting procedures were changed and exemptions authorized to reduce the amount of CTR’s filed by at least 30%. The legislation was also designed to establish a single designee for receiving reports of suspicious transactions and called for improvements in the identification of money laundering schemes. The 1994 law also added negotiable instruments drawn on foreign accounts to the reporting requirements, whether or not they are in bearer form. Rules requiring uniform recordkeeping for funds transfers were issued, effective on May 28, 1996. As recommended by the BSA Advisory Group, the Financial Crimes Enforcement Network (FinCEN) revised the CTR to reduce the regulatory burden and increase the quality of information provided to law enforcement by requiring basic transactional information and listing broad categories of reportable transactions to make the form easier to complete and analyze. As a result of the MSLA, Suspicious Activity Reports (SAR) regulations replaced six overlapping ways to report financial information to law enforcement with a single uniform reporting form sent to a single government agency (FinCEN) while at the same time broadening the range of potential money laundering transactions to be reported. At the same time, the changes significantly reduced the paperwork for the banking community and increased the amount of useful information available to investigators in real time. Rules implementing provisions of the MSLA expanded BSA exemptions, thus eliminating CTRs having no value to law enforcement and reducing the regulatory burden on banks.
The USA Patriot Act(acronym of the Uniting and Strengthening America by ProvidingAppropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001) was signed into law by President Bush on October 26, 2001. Title III of the Act, the International Money Laundering Abatement and Financial Anti-Terrorism Act of 2001, is of most significance for financial institutions in that it amended primarily the Bank Secrecy Act to provide the federal government with greater authority to identify, deter and punish money laundering activities. It contains the most comprehensive reform of money laundering laws since the 1970s. Title III is slated to terminate after September 30, 2004, if the U.S. Congress enacts a joint resolution to do so. The following is a list of provisions, with effective dates, that affect financial institutions.
Prohibition on United States Correspondent Accounts with Foreign Shell Banks (§ 313) – Effective Date: December 25, 2001.
Forfeiture of Funds in United States Interbank Accounts; Production of Bank Records (§ 319) – Effective Date: December 25, 2001.
Special Due Diligence for Correspondent Accounts and Private Banking Accounts (§ 312) – Effective Date: July 23, 2002.
Special Measures for Jurisdictions, Financial Institutions or International Transactions of Primary Money-Laundering Concern (§ 311) – Effective Date: To be determined by future orders and regulation. Gives financial regulators the authority to require domestic financial institutions to perform special recordkeeping and reporting (“special measures”) with respect to foreign jurisdictions, foreign financial institutions, international transactions or types of accounts if the U.S. Treasury determines that are of “primary money-laundering concern.”
Verification of Identification (§ 326) – Effective Date: Treasury regulations were slated to be issued by October 26, 2002 and mandatory compliance date established by regulation. Requires regulations regarding minimum standards that financial institutions must follow to verify customers’ identity, both foreign and domestic, when a customer opens an account. Financial institutions must consult governmental agency lists of known or suspected terrorists or terrorist organizations and keep records of the information used to verify identity.
Cooperative Efforts to Deter Money Laundering (§ 314) – Effective Date: Treasury Regulations issued by February 23, 2002. Encourages cooperation among financial institutions, financial regulators and law enforcement officials for the purpose of sharing information regarding individuals, entities and organizations “engaged in or reasonably suspected, based on credible evidence, of engaging in” terrorist acts or money-laundering activities; permits law enforcement and regulatory authorities to share such information with financial institutions; and allows information sharing among financial institutions about possible terrorist or money-laundering activity upon notice to U.S. Treasury.
Concentration Accounts at Financial Institutions (§ 325) – Effective Date: Determined by future Treasury regulation. Allows regulations regarding the maintenance of “concentration accounts” to prevent a financial institution’s customers from anonymously directing funds into or through such accounts; Prohibits a financial institution: from allowing its clients to move personal funds through concentration accounts and from giving its customers information about the financial institution’s concentration accounts; Requires a financial institution to have written procedures to document all transactions in a concentration account.
Amendments Relating to Reporting of Suspicious Activities (§ 351) – Effective Date: October 26, 2001. Protects financial institutions from liability when making voluntary disclosures of suspicious activities (SARs) to government authorities. Financial institutions need not give notice to the person who is the subject of the disclosure and will not be liable for failure to give such notice; amended the prohibition on disclosure of SARs and the safe harbor for liability so that information that has been reported as suspicious may be disclosed by a financial institution in a written employment reference or a written termination notice provided to a self-regulatory agency. Although information may be disclosed under such circumstances, a financial institution may not disclose the fact that a SAR was filed.
Authorization to Include Suspicions of Illegal Activity in Written Employment References (§ 355) – Effective Date: October 26, 2001. Allows a depository institution to include information, in a response to a request for an employment reference by a second depository institution, about the possible involvement of a former institution-affiliated party in potentially unlawful activity; provides a safe harbor from civil liability unless the first institution acts with malicious intent.
Anti-Money-Laundering Programs (§ 352) – Effective Date: April 24, 2002. Requires financial institutions to have a Bank Secrecy Act program containing the four basic components of a typical BSA program.
Reporting of Suspicious Activities by Securities Brokers and Dealers; Investment Company Study (§ 356) – Effective Date: Treasury regulation published by July 1, 2002. Provides for regulations requiring registered securities brokers and dealers to file SARs.
Penalties for Violations of Geographic Targeting Orders and Certain Recordkeeping Requirements, and Lengthening Effective Period of Geographic Targeting Orders (§ 353) – Effective Date: Effective for future violations.
Increase in Civil and Criminal Penalties for Money Laundering (§ 363) – Effective Date: Effective for future violations. Increases from $100,000 to $1,000,000 the maximum civil and criminal penalties for a violation of §§ 311 and 312.
Establishment of Highly Secure Network (§ 362) – Effective Date: Network operational by July 26, 2002. The U.S. Treasury must establish a secure network within FinCEN to allow financial institutions to file SARs online and make certain of such information available to financial institutions.
Consideration of Anti-Money-Laundering Record in Certain Applications (§ 327) – Effective Date: for applications submitted after December 31, 2001. Requires financial institution regulators to consider the effectiveness of a bank holding company or a financial institution in combating money-laundering activities (including in overseas branches) in ruling on an application by a financial institution or bank holding company under these acts.
II. RECORDKEEPING REQUIREMENTS
A. Taxpayer Identification Numbers
For savings and demand deposit accounts, the bank must maintain a record of the customer’s Taxpayer Identification Number (TIN) or Social Security Number (SSN). The information must be obtained within 30 days but an extension is available for customers applying for either a TIN or SSN. If an opened account has more than one name, the bank must obtain the number of a least one individual who has a financial interest in the account. TINs must be obtained from accounts for trusts, charitable organizations, clubs and other similar entities. Failure to obtain a TIN within 30 days will not violate the Act if the bank made a “reasonable” effort to secure identification and the bank maintains a list of the names, addresses and account numbers of parties from whom the bank has not obtained information. The list must be made available to the Secretary of the Treasury.
TINs are not needed for the following accounts:
(See NBA Compliance Handbook, Vol II, Deposit Accounts section and Vol III, Secured Transactions and Lending sections,“Internal Revenue Service” articles for further reporting requirement information.)
B. Sale of Monetary Instruments Over $3,000
1. The Law
Congress amended the BSA with the passage of the “Omnibus Drug Initiative Act of 1988”, which contains additional recordkeeping and reporting requirements for the banking industry. Identification and recordkeeping requirements are required for financial institutions that sell certain monetary instruments of $3,000 or more (31 U.S.C. 5325). No financial institution may issue or sell a bank check; cashier’s check, traveler’s check, or money order to any individual in amounts of $3,000 or more or in contemporaneous transactions that total of $3,000 or more unless:
2. The Regulation
31 C.F.R. Chapter X § 10.415(a)-(c) implements provisions of the “Anti-Drug Abuse Act of 1988” (P.L. 100-690) which amended § 5325 of the BSA to prohibit financial institutions from issuing or selling cashier checks, travelers checks, money orders and bank checks in amounts of $3,000 or more in currency, unless the financial institution verifies and records the identity of the purchaser as the Secretary of Treasury shall prescribe by regulation. The original regulation was effective August 13, 1990, but on October 17, 1994, the Treasury Department further revised it.
Under the revised regulation, all financial institutions subject to the BSA must obtain and maintain records of their sales of bank checks and drafts, cashier checks, money orders and travelers checks to customers who purchase these instruments with currency in amounts of $3,000-$10,000 inclusive. If the purchase of monetary instruments with currency is greater than $10,000, a CTR must be filed. When a monetary instrument is purchased with currency greater than $3,000, but equal to or less than $10,000, then a record of the purchase must be made and a CTR need not be filed. The regulation differentiates records which must be maintained dependent upon whether the customer is a deposit accountholder or a non-deposit accountholder.
a. Deposit Account Customers of the Bank If the purchaser has a deposit account with the financial institution, the following information must be obtained for each issuance or sale of bank checks and drafts, cashier checks, money orders, and travelers checks purchased with currency in amounts of $3,000 – $10,000:
In addition, the financial institution must verify that the individual is a deposit accountholder or must verify the individual’s identity. Such verification may either be made through a signature card or other file or record at the financial institution, if the deposit accountholder’s name and address were verified at the time the account was opened, or at any subsequent time, and that information was recorded on the signature card or other file or record; or by examination of a document that contains the name and address of the purchaser and normally is acceptable within the banking community as a means of identification when cashing checks for non-depositors.
If the deposit account holder’s identity has not been previously verified, or if the financial institution is unable to determine whether the individual’s identification has been previously verified, then the financial institution shall verify the deposit accountholder’s identity by examination of a document that contains the name and address of the purchaser and normally is acceptable within the banking community as a means of identification when cashing checks for non-depositors, and shall record the specific identifying information (e.g., state of issuance and number of driver’s license).
Financial institutions should note that all purchasers falling within the regulation, other than deposit account holders who have had their identity previously verified and recorded, must be identified in the same manner, and that the identification requirements are similar to the requirements for identifying persons who conduct cash transactions exceeding $10,000 (See, 31 C.F.R. Chapter X § 1010.312). Thus, previous Treasury interpretations of how identification is verified for currency transactions exceeding $10,000 may be looked to for guidance. For example, a financial institution may rely on the identification presented to the teller, unless the financial institution has reason to believe that it is false. Moreover, if a financial institution has previously verified a customers identity and included the identifying information in its records, it need not ask the same purchaser each time for the required information.
b. Non-Account Holder of the Bank If the purchaser does not have a deposit account with the financial institution the following information must be obtained for each issuance or sale of bank checks and drafts, cashier checks, money orders, and travelers checks which involve currency in the amounts of $3,000 – $10,000:
In addition, the financial institution shall verify the purchaser’s name and address by examination of a document that contains the name and address of the purchaser and normally is acceptable within the banking community as a means of identification when cashing checks for non-depositors and shall record the specific identifying information on the log (e.g., state of issuance and number of driver's license).
c. Refusal of Transactions The rule is clear that a financial institution may not issue or sell a bank check or draft, cashier check, money order or travelers check for $3,000 or more in currency unless the required information can be provided by the purchaser at the window or by the financial institution’s own previously verified records. If circumstances arise where the purchaser is unable to provide sufficient identification with a name and address such as a driver’s license or some other identifying information such as a social security number, then FinCEN should be contacted to inquire about particularized exemptions and special circumstance.
d. Contemporaneous Purchases of Instruments Contemporaneous purchases of the same or different types of instruments totaling $3,000 or more shall be treated as one purchase. Multiple purchases during one business day totaling $3,000 or more shall be treated as one purchase if an individual employee, director, officer, or partner of the financial institution has knowledge these purchases have occurred.
While a financial institution does not have to institute changes to its procedures or its computer systems or purchase new systems in order to capture multiple sales, if the financial institution computer system does produce information relating to multiple sales, then the financial institution may not ignore that information.
e. Deposit Account Definition The term “deposit account”, for purposed of this rule, includes all transaction accounts, savings accounts and other time deposits. Under the regulation, banks will notbe required toapply the non-account holder procedures to purchases by customers who hold “deposit accounts” as defined in the regulation.
f. Law Enforcement Officers If a bank sells or issues bank checks and drafts, cashier’s checks, money orders and traveler’s checks for currency between $3,000 to $10,000, to a federal, state, local or revenue enforcement officer in the performance of his or her duties, it should treat that officer as a non-deposit account holder. The bank may, however, make the following changes in obtaining all other information required:
C. Funds Transfer and Funds Transmittal Recordkeeping
The U.S. Department of the Treasury issued rules on recordkeeping requirements for funds transfers (effective May 28, 1996). Note: Rules apply not only to wire transfers, but also to other funds transfers that the bank may execute. Regulatory terminology used is similar to terms used in UCC Article 4A (See “A Review of UCC Article 4A: Funds Transfers” article in Volume II, Deposit Accounts section of the NBA Compliance Handbook).
1. Applicability
Generally, the regulation applies to funds involved in afunds transfer of $3,000 or more (or the equivalent in foreign currency). A funds transfer is defined as a “series of transactions, beginning with the originator’s payment order, made for the purpose of making payment to the beneficiary of the order.” A payment order may be transmitted orally, in writing, or electronically (e.g., telephone, e-mail, or fax). According to the regulation’s definition of payment order, it is not made conditional on any event (e.g., delivery of goods), except for the time of payment, and the bank that receives the payment order must be reimbursed for the sum the bank disburses to the beneficiary by debiting an account of the sender of the order, or otherwise receiving payment from the sender.
The regulation does not apply to funds transfers listed as follows:
The regulation makes a distinction between established customers and non-established customers. The definition of an established customer is a person having an account with the bank or obtains “financial services’ form the bank which the bank provides in reliance on a file that contains the person’s name, address, and TIN (or absent a TIN, an alien ID number or passport number and country of issuance). In other words, deposit accounts, loans, mutual fund accounts, trust accounts, other fiduciary accounts, and related services may be used to determine if a customer is established or not.
If any of the required information on the originator or the person placing the order cannot be obtained, the bank should note the lack of identifying information in the bank’s records. When the originating bank knows that the person placing the order is not the originator, the bank must obtain the originator’s TIN.
2. “Established Customers”
For originators who are “established customers” of the bank, the regulation requires that the originator’s bank retain paper, microfilm or electronic records of the following:
Any intermediary bank and the beneficiary’s bank must also keep records of the original payment order, or a microfilm, electronic or other copy of the order.
3. “Non-Established Customers”
For originators who are not established customers, the originator’s bank must retain additional records regarding funds transfers. When an order is placed in person, the bank must verify the person’s identity by examining a document (not the bank signature card) normally acceptable to the bank as identification for cashing noncustomer checks. The regulation prefers that the document contains the name, address and photograph of the originator, but also recognizes the use of an alien nonaddress-bearing passport. The person’s name, address, type and serial number of identity document accepted, and TIN (or absent a TIN, an alien ID or passport number, or notation of lack of number). If the bank knows that the person is not the originator, it must record the alien ID or passport number, or notation of lack of number. When an order is not placed in person, the bank does not have to record the type and number of the identity document. Similar requirements are placed, by the regulation, on the beneficiary’s bank for obtaining records on the identification of a beneficiary who is not an established customer.
4. Retrieval
Upon request, the originator’s bank must be able to retrieve funds transfer records, within a reasonable time, by reference to the originator’s name. If the originator is an established customer who uses an account for funds transfers, the originator’s bank must be able to retrieve information by account number. The beneficiary’s bank records must be retrievable by the beneficiary’s name, and if the beneficiary is an established customer who uses an account for funds transfers, the originator’s bank must be able to retrieve information by account number. Funds transfer records may be retain in any form and held for five years.
5. “Travel Rule”
Whenever a funds transfer is originated or received by the bank, it must also obtain specific information on payment orders it executes as an originator or intermediary bank. The inclusion of this information is referred to as the “travel rule.” When the bank transmits a payment order, it must include the following information:
When the bank serves as an intermediary bank, information to be obtained and included is identical, except that the transmittor’s account number always will be required. (See NBA Compliance Handbook, Vol. I, Security tab, “Guidance for Financial Institutions on the Transmittal of Funds ‘Travel’ Regulations” article).
D. Other Records
Under the BSA, retained records may be those made in the ordinary course of business, and if no record is made “in the ordinary course” of any transaction that records are required to be retained, then a record must be made in writing. In general, the retention period for all records is five years. Banks are required to retain the “original or a microfilm or other copy or reproduction,” both front and back, of the following:
1. (a) Credit extensions over $10,000 (except for real property secured transactions); notations must be made as to the general purpose of loan (no new purpose statement is required for consolidation, renewals, and refinancings where the purpose has not changed);
(b) A record of each advice, request, or instruction received or given regarding any transaction resulting (or intended to result and later canceled) in the transfer of currency or other monetary instruments, funds, checks, investment securities, or credit, of more than $10,000 to or from any person, account, or place outside the United States:
(c) A record of each advice, request, or instruction given to another financial institution or other person located within or without the United States, regarding a transaction intended to result in the transfer of funds, or of currency, other monetary instruments, checks, investment securities, or credit, of more than $10,000 to a person, account or place outside the United States;
2. Signature authority documents, statements, ledger cards or other records showing complete account activities;
3. Checks, drafts, money orders or debit advances over $100 drawn on the bank or issued and payable by it, except those drawn on accounts which ordinarily average more than 100 checks per month and relate to payroll, dividends, employee benefits, insurance claims, medical benefits, government agencies, brokers or dealers in securities, fiduciary accounts, pensions or annuities and checks drawn on other financial institutions;
4. Advances or requests for transfers of currency, other monetary instruments, checks, credit or investment securities over $10,000 to a person, account or place outside the U.S.;
5. Items over $10,000 remitted or transferred to a person, account or place outside the U.S.;
6. Checks or drafts over $10,000 drawn on or issued by a foreign bank that the domestic bank has paid or presented to a non-bank drawee for payment;
7. Items such as checks, drafts, transfers of credit, currency, other monetary instruments and investment securities over $10,000 received directly from a bank, broker or dealer in foreign exchange outside the U.S.;
8. All records, including deposit tickets, needed to reconstruct demand deposit accounts and trace checks over $100 deposited in demand deposit accounts through the domestic processing system or to supply a description of a deposited check over $100;
9. Record containing the name, address and TIN, if available, of the buyer of each CD, with a description of the instrument, notation of method of payment and date of transaction;
10. Record of any person presenting a CD for payment, including a description of the instrument and date of transaction; and
11. Deposit slips or credit tickets reflecting a transaction over $100 or equivalent record for direct deposit or other wire transfer deposit transaction. The slip or ticket shall record the amount of currency involved.
III. CURRENCY TRANSACTIONS
A. Currency Transaction Reports
Filing of Currency Transaction Reports are required by the BSA. A bank must file a CTR for each deposit, withdrawal, exchange of currency or other payment or transfer. by, through, or to such financial institution which involves a transaction in currency of more than $10,000. Multiple currency transactions shall be treated as a single transaction if the financial institution has knowledge that they are by or on behalf of any person and result in either cash in or cash out totaling more than $10,000 during any one business day.
The CTR must be filed within 15 days of the date of the transaction. “Transaction in currency” involves the physical transfer of currency from one person to another, but does not include a transfer of funds by means of bank check, bank draft, wire transfer, or other written order that does not include the physical transfer of currency. Reports are not required of transactions with Federal Reserve Banks, the Federal Home Loan Banks, or transactions between domestic banks. Multiple currency transactions by or for any person which result in either “cash in” or “cash out” in the aggregate of over $10,000 in any one business day are treated as a single transaction if the bank is aware of them.
“Person” is defined as an individual or corporation, partnership, trust or estate, joint stock company, syndicate, joint venture or other unincorporated organization or group and entities recognized as legal persons or entities.
Compliance Note: The following are common CTR filing errors you want to avoid:
B. State Currency Transaction Reports Repealed
LB 999 (§ 56), effective April 16, 2004, repealed Nebraska’s state CTR filing law. The Nebraska State Patrol now receives CTR information directly from FinCEN. Under previous law, all entities, including banks, were required to file a duplicate copy of any filed federal CTR with the Nebraska State Patrol to satisfy State reporting and recordkeeping requirements. The state reporting law [LB 571 of 1990)] was part of the Nebraska’s effort to combat drug and criminal money laundering activities.
C. Exemptions from Currency Transaction Reports
Exempt Persons and Exemption Procedures. The Money Laundering Suppression Act of 1994 amended the BSA to provide that the Secretary of the Treasury must exempt bank CTR reporting, if properly designated and documented, for the following transactions in currency: with another depository institution; with a department or agency of the United States, any State, or any political subdivision of any State; and with businesses or category of businesses the reports on which have little or no value for law enforcement purposes.
Exemptions. Effective October 21, 1998, regulations exempt currency reporting transactions in excess of $10,000 for entities that are defined as “exempt persons.”
The following entities are in the Phase I categories:
COMPLIANCE NOTE: The publicly-traded exemption only applies to transactions by listed entities and may not apply to transactions conducted by entities which own franchises of listed entities, e.g., “McDonald’s Corporation” is exempt since it is a listed corporation; however, a local corporation whose stock is not publicly-traded owning a McDonald’s franchise is not exempt.
The following entities are in the Phase II categories:
COMPLIANCE NOTE: A Sole Proprietorship may be eligible for treatment as an exempt person if it meets either the non-listed business or payroll customer definition. The bank is charged with taking reasonable and prudent steps to assure itself that the sole proprietorship is a bona fide business.
Waiting Period Required to Consider Phase II Entities for Exemption
FinCEN has adopted a hybrid approach to that permits depository institutions to exempt an otherwise eligible Phase II customer after two months, or prior to the passing of two months’ time if the institution conducts a risk-based analysis of the customer that allows the institution to form and document a reasonable belief that the customer has a legitimate business purpose for conducting frequent large cash transactions.
1. Conducting a Risk-Based Analysis.
When conducting a risk-based analysis to determine the Phase II exemption eligibility of a customer, the depository institution should form a reasonable belief that the customer has a legitimate business purpose for conducting frequent transactions in currency. Factors the depository institution might consider in order to form a reasonable belief include, but are not limited to: whether the depository institution had a past relationship with the customer, certain specific characteristics of the customer’s business model that may be pertinent, the types of business in which the customer engages, and where the business is operating. Exempting an otherwise eligible Phase II customer prior to two months' time may be particularly appropriate when, for example: a returning customer reopens a previously maintained exempt transaction account with the institution; a customer that would now be eligible for Phase II exemption but under the current regulations was previously not eligible because the customer had conducted fewer than eight, but at least five, large cash transactions; or, when a customer that was a publicly listed company or a subsidiary becomes ineligible for exemption under Phase I, but may be designated for exemption under Phase II.
2. Frequent Transactions.
The BSA definition of those customers commonly referred to as Phase II customers requires that they “frequently” engage in transactions subject to the CTR requirement. Prior FinCEN requested guidance interprets “frequently” as eight or more large cash transactions per year. Under the final rule, FinCEN is changing its current guidance interpreting “frequently” to only require five or more transactions per year. As a result, depository institutions may designate an otherwise eligible customer for Phase II exemption after the customer has within a year conducted five or more reportable cash transactions. In addition to having conducted at least five or more reportable cash transactions within a year, the customer must have maintained a transaction account for two months, or the depository institution may conduct a risk based analysis of the customer’s eligibility for Phase II exemption. For example, if the customer does not conduct five reportable cash transactions until it has maintained an account for three months, the depository institution would not be able to exempt that customer until that time. FinCEN has clarified that the interpretation of "frequently" applies to payroll customers which allows a bank to exempt the currency transactions of a payroll customer if the customer withdrawals currency five or more times a year in order to pay its employees.
FinCEN further clarified that to retain eligibility for a Phase II exemption, a customer must have actually conducted at least five reportable cash transactions in each full year following the customer’s initial designation. For example, if a depository institution discovers during the annual review of a Phase II exempt customer that the customer had conducted only four reportable cash transactions during the year under review, the depository institution going forward may no longer treat the customer as exempt until the customer conducts at least five reportable cash transactions in an ensuing year and is otherwise eligible for exemption. The depository institution, however, is not required to back file CTRs with respect to a designated Phase II customer that had met the eligibility requirements in a preceding year, but was subsequently found not to have conducted five or more transactions in the year under review.
A designation must be made separately by each bank that treats the person in question as an exempt person. An exception is allowed for affiliated banks, for which a parent bank holding company or one of its bank subsidiaries may make the “exempt person” designation on behalf of all bank subsidiaries of the holding company, provided the designation lists each bank subsidiary to which the designation will apply. The designation requirement applies whether or not the particular exempt person to be designated has previously been treated as exempt by the bank from the currency transaction reporting requirements.
Amended CTR exemption interim regulation includes money market deposit accounts. The Financial Crimes Enforcement Network (FinCEN) published an Interim Rule in the Federal Register on July 28, 2000, that amends the Currency Transaction Report (CTR) exemption regulation [See, 31 C.F.R. Chapter X § 1020.315(a)]. The Interim Rule, effective on July 31, 2000, addresses many issues raised by financial institutions regarding compliance with and implementation of the reformed CTR exemption regulations. The Interim Rule makes the following adjustments to the exemption regulations:
An exemption for a non-listed business customer or a payroll customer applies to these customers’ MMDAs that are used for business purposes in addition to their transaction accounts. For an MMDA of a non-listed business or a payroll customer to be exemptible, such a customer must have maintained an eligible transaction account in addition to the MMDA for at least 12 months and met all other requirements of the CTR exemption regulations. Note that an exemption for payroll customers applies only to account withdrawals for payroll purposes.
If you have mistakenly applied an exemption to a customer’s MMDA before the issuance of the Interim Rule under the assumption that the term “transaction account” included an MMDA, FinCEN will not require backfiling of CTRs related to such a customer, if the provisions of the Interim Rule were otherwise met when the exemption was first applied.
Ineligible Businesses. Certain categories of businesses are ineligible for treatment as Non-Listed businesses. FinCEN Advisory, Issue 10 (October, 1998) gives guidance as follows:
A business engaged primarily in one or more . . . [ineligible business activities] may not be treated as non-listed business for purposes of the reformed exemption procedures (although it may be treated as an exempt person if it otherwise meets the definition of another class of exempt person – e.g., a casino whose stock is listed on the New York Stock Exchange may be treated as an exempt person). A business that engages in multiple business activities may be treated as a non-listed business so long as no more than 50% of its gross revenues per year is derived from one or more of the ineligible business activities listed below.
Ineligible business activities are:
As indicated above, a customer that engages in multiple business activities may qualify for an exemption as a non-listed business provided that no more than 50 percent of its annual gross revenues are derived from one or more ineligible business activities. FinCEN has issued guidance to assist banks in determining the appropriateness of exempting from currency transaction reporting (CTR) requirements non-listed business customers that derive some portion of their annual gross revenues from ineligible business activities, indicating that the decision to exempt the business from currency transaction reporting was based upon a reasonable determination that the customer derives no more than 50 percent of its annual gross revenues from ineligible business activities.
Although there is no expectation that a bank will be able to establish the exact percentage of a non-listed business customer’s annual gross revenues that are derived from ineligible business activities, a bank must consider and maintain materials and other supporting information that allow it to substantiate that the decision to exempt the customer from currency transaction reporting was based upon a reasonable determination that the customer derives no more than 50 percent of its annual gross revenues from ineligible business activities. Such a reasonable determination should be based upon its understanding of the nature of the customer’s business, the purpose of the customer’s accounts, and the actual or anticipated activity in those accounts.
In instances where it is apparent – through a bank’s implementation and application of due diligence policies, procedures, and processes to all customers – that a non-listed business customer derives a clear minority of its annual gross revenues from ineligible business activities, the bank could reasonably and appropriately exempt that customer from currency transaction reporting based solely upon materials and information collected and considered in the ordinary course of conducting customer due diligence.
However, in those instances where it is less clear whether a non-listed business customer derives no more than 50 percent of its annual gross revenues from ineligible activities, a bank should obtain such additional supporting materials and information that would allow it to make a reasonable determination that it may appropriately exempt that customer from currency transaction reporting.
In particular, in such cases a bank could reasonably make such a determination based upon customer completion of a bank checklist/form or receipt of a self-certification statement/letter signed by the customer containing credible information regarding its annual gross revenues, which checklist/form or statement/letter would be substantiated by corroborating information.
If available, a bank is encouraged to request and review a business customer’s audited financial statements; however, other information may be similarly relied upon providing that it allows the bank to make a reasonable determination regarding the portion of the customer’s annual gross revenues that are derived from ineligible business activities.
For example, in many cases a bank could – again, based upon its understanding of the nature of the customer’s business, the purpose of the customer’s accounts, and the actual or anticipated activity in those accounts – also come to such a reasonable determination based upon reviewing other reliable information, such as: the customer’s most recent tax returns that have been filed with the applicable federal and state authorities; the customer’s unaudited financial statements; or documents relating to a bank’s lending relationship with the customer.
In certain exceptional instances – although there is no requirement to do so – a bank might consider, when deciding to exempt certain business customers, visiting a customer’s place of business to develop a greater understanding of the nature of the customer’s business activities and then recording relevant information in the customer’s file.
The information supporting each designation of an exempt non-listed business customer must be reviewed and verified by a bank at least once per year.
Periodic Reviews and Filings. Once an initial designation of a listed business as an “exempt person” is made, the bank has no continuing responsibilities (other than monitoring for suspicious activity) as long as the exempt person remains eligible for the exemption. FinCEN has eliminated the requirement that depository institutions file an initial designation form (FinCEN Form 110) for Phase I eligible customers that are depository institutions, federal, state, or local governments, or entities exercising governmental authority; and has removed the requirement that depository institutions conduct an annual review of the continued eligibility of these customers.
While depository institutions will no longer be required to make an initial designation of exemption for the Phase I customers referenced above, depository institutions should take the same steps to ensure themselves of the customer’s initial eligibility for exemption, and to document the basis of its conclusions, that a reasonable and prudent bank would take to protect itself from loan or other fraud or loss based on misidentification of a person’s status. If a bank is able to determine a customer’s eligibility for an exemption in the course of complying with other BSA obligations, such as the requirement to maintain a Customer Identification Program (CIP), then the bank may make notations within its other BSA documentation, and need not maintain additional, separate documentation for the sole purpose of complying with the Phase I or Phase II exemption requirements. Also, while depository institutions must still comply with their SAR reporting obligations should any of their Phase I customers engage in a suspicious activity, they are not required to review and confirm the continued exemption eligibility of Phase I customers that are banks, government agencies, or entities exercising governmental authorities.
For “exempt person” Phase II Categories of non-listed businesses and payroll customers, the bank is responsible for ongoing duties beyond monitoring for suspicious activity. The bank must review and verify at least annually the information supporting each exemption designation and the application to each account of such exempt persons of its suspicious activity monitoring system. FinCEN has eliminated the previous requirement that depository institutions biennially file a designation of exempt person for non-listed and payroll customers. Depository institutions will continue to be required to notify FinCEN of any change in control of a Phase II customer, and to report to FinCEN a decision to revoke the designation of an otherwise eligible customer for exemption. However, the reporting of change in control information is no longer a part of the CTR exemption system due to the limited utility and reporting change in control by checking a box on FinCEN Form 110.
Suspicious Activity Monitoring System. Exemptions do not create any exemption from the requirement that banks file suspicious activity reports (SAR). Consistent with its obligation to report suspicious transactions that a bank knows, suspects or has reason to suspect, a bank must remain vigilant to detect unusual changes in currency transactions for its customers that have been designated as exempt persons and report them accordingly on the SAR form.
In connection with its annual review obligations discussed above, a bank must establish and maintain a monitoring system that is reasonably designed to detect, for each account of a non-listed business or payroll customer, those transactions in currency involving such account that would require a bank to file a suspicious activity report.
Limitation on Exemption. The scope of the exempt person exemption is limited to transactions involving that person’s own funds. The exemption does not apply to situations in which an exempt person is engaging in a transaction as an agent on behalf of another. In essence, an exempt person cannot lend its status, for a fee or otherwise, to another person’s transactions.
Limitation on Liability. Bank compliance with the exemption rule generally protects it from penalty for failure to file a CTR with respect to a currency transaction by an exempt person. Protection does not apply if the bank knowingly files false or incomplete information relating to the exempt person (e.g., on a designation filing) or with respect to the transaction (e.g., on a SAR). Protections do not apply if the bank has reason to believe at the time the exemption is granted that the customer does not satisfy the exempt person definition or if the transaction is not a transaction of the exempt person.
“Designation of Exempt Persons” Form. FinCEN issued a “Designation of Exempt Person” Form (FinCEN Form 110, August 2005 – formerly TD F 90-22.53) to assist banks in employing FinCEN rules aimed at reducing the amount of CTR filings on most business customers with routine needs for currency. The “Designation of Exempt Person” Form and instructions are available in FinCEN’s website under “BSA Forms” at www.fincen.gov/.
Regulatory procedures require banks to inform the Treasury Department of each customer that the banks exempt on the new “Designation of Exempt Person” Form, beginning on January 1, 1999. This Form may also be used by banks to revoke or amend an existing exemption as required by regulatory procedures. Reformed exemption procedures eliminate the previous requirement that banks determine whether daily transactions exceed a predetermined exemption amount and eliminate the requirement that banks obtain signed exemption statements from each exempt customer. A bank may use the Form to designate an exempt person by filing it within 30 days of the first reportable transaction in currency with the person sought to be exempted from reporting. In filing an initial designation of exempt person, the bank need not include specific information regarding the nature and amount of the transaction in currency itself.
D. Financial Institution Targeting
Under 31 U.S.C. § 5326, the Secretary of the Treasury has the ability to order a specifically targeted financial institution or a group of financial institutions in a geographic area to obtain information and maintain a record about any transaction and any person participating in a transaction over $3,000 involving cash or monetary instruments. Such targeted investigations are limited to 60 days maximum. The law also allows for targeting to be requested by any state or federal agency.
E. Treasury Anti-Structuring Regulation
1. Introduction
On January 23, 1989, the Office of Financial Enforcement of the Department of the Treasury issued regulations: (a) to clarify that when a person conducts a currency transaction on behalf of another person, the bank must report on the CTR the name of the person on whose behalf the transaction was conducted; and (b) to add a definition of “structuring” to the anti-structuring law which prohibits a person from structuring or assisting in structuring (or attempting to do so) any transaction for the purpose of evading reporting requirements.
2. Transactions on Another’s Behalf
Under the regulation, a person structures a transaction if that person acting alone, or in conjunction with,or on behalf of, other persons, conducts or attempts to conduct one or more transactions in currency, in any amount, at one or more financial institutions, on one or more days, in any manner, for the purpose of evading the reporting requirements of the regulation. Banks should report apparent “structuring” violations to the appropriate federal law enforcement agencies by filing a Suspicious Activity Report (SAR) with FinCEN (See NBA Compliance Handbook, Vol I, Security tab, “Suspicious Activity Reports” article).
The regulation makes it clear the CTR should be used to identify any person or entityon whose behalfareportable currency transaction has been conducted, “regardless of whether an account was affected.” A reportable currency transaction must exceed $10,000 to use a CTR. Regardless of the amount involved in the transaction or transactions, in all cases where the bank detects a possible violation or evasion of the “Bank Secrecy Act’s” reporting or recordkeeping requirements, a SAR must be filed.
According to the Treasury, it is the bank’s responsibility to file complete and accurate CTRs for reportable currency transactions. One way that a bank can obtain information about the true identity of the person on whose behalf a transaction is being conducted is to ask the person conducting the transaction whether he is acting for himself or on behalf of another person. Only if as a result of strong “know your neighbor” or other internal control policies the bank is satisfied that its records contain the necessary information may the bank then rely on those records in completing the CTR.
3. “Structuring” Definition
The “anti-structuring” provision was added by the “Money Laundering Control Act of 1986” which prohibits any person from structuring or assisting in structuring, or attempting to structure or assist in structuring, transactions “for the purpose of evading” the currency transaction reporting requirements. The Act also prohibits a person, for the same purpose, from causing or attempting to cause a financial institution to fail to file a CTR or to file a CTR that contains a material omission or misstatement of fact. All currency transaction structuring schemes designed to evade the reporting requirements are unlawful, regardless of whether the $10,000 threshold is met at a single financial institution on a single day.
Since the structuring provision was enacted, there was some concern by financial institutions that neither the statute itself nor the regulation gave a formal definition of “structure” or “structuring.” In response, Treasury proposed for inclusion in the “Bank Secrecy Act” regulations a definition of “structure” or “structuring,” after consultation with the Internal Revenue Service, the Department of Justice and other “Bank Secrecy Act” regulatory agencies.
The definition provides that a person structures a transaction if:
a. Acting alone, or in conjunction with, or on behalf of, other persons;
b. He conducts, attempts to conduct or assists in conducting;
c. One or more transactions in currency;
d. In any amount;
e. At one or more financial institutions;
f. On one or more days;
g. In any manner
h. For the purpose of evading the reporting requirements of the act.
The phrase “in any manner” is defined to include, but is not limited to, all schemes involving the breaking down of sums of currency larger than $10,000 into sums, including sums at or below $10,000, or through the conducting of a series of related currency transactions including transactions at or below $10,000, at one financial institution or multiple financial institutions on one or more days. The definition also states that “[t]he transaction or transactions need not exceed the $10,000 reporting threshold at any single financial institution on any single day in order to constitute structuring within the meaning of this definition.” This makes it clear that structuring is not limited to multiple transactions conducted on the same day at a single financial institution.
4. Compliance Notes
Bankers should ask customers for appropriate information relating to matters covered by the CTR, but should not volunteer information about CTR filing requirements that may be viewed as assisting the structuring of transactions to avoid reporting. To answer customer inquiries, some banks simply furnish a copy of the CTR form and instructions. Other banks provide an ABA brochure entitled “Facts You Should Know About Money Laundering Laws.”
F. “Suspicious,” “Structured,” or “Evasive” Transactions Under $10,000
Reporting of suspicious transactions is a major issue, for a banker must determine if a transaction or series of transactions by a customer raises a “reasonable” question about the customer or his business that should be reported to the appropriate authorities.
2. Reporting of Suspicious Transactions
The CTR once had a box to check for suspicious transactions if over $10,000. Regulatory authorities now require “Bank Secrecy Act” crimes or attempted crimes to be reported on Suspicious Activity Report (SAR) with FinCEN (See “Suspicious Activity Reports” article in Vol I, Security section of the NBA Compliance Handbook). Under current rules, if the bank detects a financial transaction conducted or attempted at the bank involving funds derived from illicit activity or for the purpose of hiding or disguising funds from illicit activities, or for the possible violation or evasion of the Bank Secrecy Act reporting or recordkeeping requirements, the bank must file a SAR. The SAR must always be filed when money laundering is suspected or where the bank believes that the transaction was suspicious for any reason, regardless of the identification of a potential suspect or the amount involved in the violation
3. Safe Harbor Provision
A federal statute protects banks from civil liability for reporting criminal acts to appropriate authorities. 31 U.S.C. 5314(g)(3) provide that financial institutions, and their directors, officers, employees and agents, that disclose, in good faith, possible violations of law in connection with the preparation of criminal referral forms shall not be liable to any person under any law or regulation of the United States or any constitution, law, or regulation of any State or political subdivision thereof, for such disclosure or for any failure to notify the person involved in the transaction or any other person of such disclosure. This law also requires that financial institutions, and their directors, officers, employees and agents, refrain from communicating that a criminal referral has been made and the information reported in a criminal referral to any person involved in the suspicious transaction.
Section 351 of the USA PATRIOT Act protects financial institutions from liability when making voluntary disclosures of suspicious activities to government authorities and clarified that notice need not be given to the person who is the subject of the disclosure. In addition, there is a safe harbor from liability so that information reported as suspicious may be disclosed by a financial institution in a written employment reference or a written termination notice provided to a self-regulatory agency. Although information may be disclosed under such circumstances, a financial institution may not disclose the fact that a SAR was filed.
4. Right to Financial Privacy Act (RTFPA)
The “Right to Financial Privacy Act” covers what customer information may be disclosed. 12 U.S.C. § 3403(c) allows a bank to voluntarily provide specific information to government authorities when there is suspicion of a possible statutory or regulatory violation. Information provided is limited to the name or other identifying information concerning the individual or account and the nature of any suspected illegal activity. A bank is not liable to the customer for disclosing such information to the government or for failing to notify the customer. Disclosure of “suspicious” activity involving account information is allowed for both corporate and individual activities.
RTFPA protections were further eroded with the addition of two amendments:
IV. CURRENCY SHIPMENTS
A. General
The “Bank Secrecy Act” also contains reporting requirements for persons who physically transport, mail, ship, or receive or cause such transportation or receipt of currency or other monetary instruments in aggregate amounts over $10,000 “at one time” into or out of the U.S. The form is called a “Customs Monetary Instruments Report” (CMIR) or “Customs Form 4790.” For purposes of the Act, “monetary instruments” are defined to include all traveler’s checks. A person is deemed to be within the “at one time” trigger, if:
1. That person either alone, in conjunction with or on behalf of other;
2. Transports, mails, ships, or receives in any manner; is about to transport, mail or ship in any manner; or causes the transportation, mailing, shipment or receipt in any manner of;
3. Monetary instruments;
4. Into the United States or out of the United States;
5. Totaling more than $10,000 on one calendar day or, if for the purpose of evading the reporting requirements of 31 C.F.R. Chapter X § 1010.340(a)-(d), on one or more days
The “Community Development and Regulatory Improvement Act of 1994” expanded the definition of monetary instruments which are required to be reported on CMIR to include negotiable instruments drawn on foreign banks, whether or not they are in bearer form.
B. Customs Monetary Instruments Reports
Department of the Treasury Administrative Ruling 88-2, effective June 22, 1988, addresses Customs Monetary Instruments Reports (CMIRs) transportation of monetary instruments across U.S. borders. It advises that “a bank should not file a CMIR (Form 4790) when a customer deposits currency or monetary instruments in excess of $10,000 into their account even if the bank has knowledge that the currency or monetary instruments were received or transported from a place outside the United States.” The bank is encouraged to inform the customer of the CMIR reporting requirement, although it is the customer’s obligation to file. If the bank is aware that the customer knows of the reporting requirement and is planning to disregard it or if the transaction is otherwise “suspicious,” the bank should notify the local office of the United States Custom Service or telephone the number 1-800-BEE-ALERT regarding the suspicious transaction. This applies only to transactions involving the carrying of money across the U.S. border and does not relate to suspicious transactions totally within the U.S.
V. ENFORCEMENT
By regulation, compliance and enforcement duties have been delegated to the appropriate federal financial supervisory agencies. In a 1985 year-end press release, the IRS announced plans to further combat future money laundering by reviewing exemption lists as well as approve or deny individual requests for exemptions from the currency transaction reporting requirements. The IRS has also been authorized by the U.S. Treasury Department to investigate banks and brokers or dealers in securities for possible criminal violations of the “Bank Secrecy Act.” The IRS has indicated it does not want to review a bank’s list of customers who have been exempted from currency transaction reports unless the IRS notifies the bank in writing.
For certain violations of the “Bank Secrecy Act,” civil penalties may involve a fine up to the amount of the transaction for willful violations and a $500 fine for negligent violations. Civil penalties for willful failure to comply with the recordkeeping regulations are authorized up to the amount involved in the transaction (not to exceed $100,000) or $25,000, whichever is greater. Criminal penalties may involve a fine of not more than $250,000 or twice the value of the transaction or up to 20 years imprisonment or both.
The Money Laundering Control Act of 1986 criminalized any “monetary transaction” or “attempted monetary transaction” in criminally derived property when four factors exist:
A. over $10,000 is involved;
B. a financial institution (as defined in the “Bank Secrecy Act”) is used;
C. the property is derived from one of the specified crimes; and
D. the transaction is conducted with the knowledge that the proceeds are criminally derived.
“Monetary transactions,” as that term is used in 18 U.S.C. § 1957, includes “deposit, withdrawal, transfer or exchange ... of funds or monetary instruments by, through or to a financial institution.” According to Treasury, it was the specific intent of Congress in enacting this legislation to address the laundering of illegal proceeds through wire transfers and other monetary instruments.
VI. COMPLIANCE POLICIES AND PROCEDURES
A. Agency Rules
Effective April 27, 1987, OCC, FRB, and FDIC rules all provide that each bank must implement a program that is “reasonably designed to assure and monitor” compliance with the “Bank Secrecy Act.” The compliance program must be reduced to writing, approved by the board of directors and noted in the minutes.
Contents of Compliance Program: At a minimum, the bank compliance program must:
1. Provide for a system of internal controls to assure ongoing compliance;
2. Provide for independent testing for compliance to be conducted by bank personnel or by an outside party;
3. Designate an individual or individuals responsible for coordinating and monitoring day-to-day compliance; and
4. Provide training for appropriate personnel.
Federal Reserve Board Regulation H, at § 208.14, outlines procedures for monitoring compliance. The rules do not contain any more specific information on what policies, procedures or compliance programs would meet with the agencies’ approval.
B. FDIC Guidelines
The FDIC issued “Guidelines for Monitoring Bank Secrecy Act Compliance,” (May 18, 1987; Revised May 14, 1996 in FIL-29-96) available for those institutions whose daily operations are not viewed as complex or do not normally conduct large cash transactions with their customers.
Minimum Requirements. On January 27, 1987, the FDIC adopted a rule requiring all insured state nonmember banks, including insured state branches of foreign banks, to establish and maintain procedures to assure and monitor compliance with the “Bank Secrecy Act.” By April 27, 1987, banks must have a compliance program that, at a minimum, provides for:
1. A system of internal controls to assure ongoing compliance;
2. Independent testing of compliance by bank personnel or by an outside party;
3. A designated individual or individuals responsible for coordinating and monitoring day-to-day compliance; and
4. Training for appropriate personnel.
The compliance program shall be reduced to writing, approved by the bank’s board of directors and noted in the minutes. The program and procedures will be reviewed during the course of regulatory examinations (§ 326.8).
Additional Guidance. Section 326.8 of the FDIC’s Rules and Regulations governs procedures within the bank to insure compliance with Treasury Department rules. The FDIC requirements are separate and apart from the substantive reporting and recordkeeping requirements of the BSA and 31 C.F.R. Chapter X. To satisfy the FDIC’s requirements, banks must provide written instructions and copies of the required forms to all employees involved in transactions with customers.
In addition, banks must have installed an effective compliance program that not only meets the minimum requirements of the FDIC’s rule (§ 326.8) but addresses the specific circumstances of each banking office. For example, banks or offices handling a large volume of currency, banks operating from numerous locations, and banks with offices in border areas or in areas where money laundering or drug trafficking is prevalent, must have installed extensive controls, plans and procedures going beyond the minimum requirements of § 326.8.
The true test of the compliance program’s effectiveness is its ability to prevent violations. Thus, if examiners find numerous or serious violations of the Treasury’s regulations, the compliance program will likely be judged inadequate and violations of § 326.8 will be cited.
Guidelines for Monitoring “Bank Secrecy Act” Compliance. Section 326.8(b) of the FDIC’s Rules and Regulations requires banks to develop and administer a program to assure compliance with the “Bank Secrecy Act” and 31 C.F.R. Chapter X. The compliance program must be in writing, approved by the bank’s board of directors and noted in the minutes.
Section 326.8(c) sets out four minimum requirements of the compliance program. To meet the minimum requirements, a bank’s compliance program should include:
1. A System of Internal Controls
At a minimum, the system must be designed to:
2. Independent Testing for Compliance with BSA and 31 C.F.R. Chapter X
The independent testing should be conducted at least annually, preferably by the internal audit department, outside auditors or consultants. Banks that do not employ outside auditors or consultants or that do not operate internal audit departments can comply with this requirement by utilizing, for testing, employees who are not involved in the currency reporting function. The compliance testing should include at a minimum:
It is essential that the scope of any testing procedures, and the results of those procedures, be thoroughly documented. In most cases, this will involve retention or workpapers from internal and/or external audits of BSA compliance. Procedures that are not adequately documented will not be accepted as being in compliance with the independent testing requirement.
3. The Designation of an Individual or Individuals to be Responsible for Coordinating and Monitoring Compliance with the “Bank Secrecy Act”
To meet the minimum requirement, each bank must designate a senior bank official to be responsible for overall BSA compliance. Other individuals in each office, department or regional headquarters should be given the responsibility for day-to-day compliance. The title of the individual responsible for overall BSA compliance is not important; however, the level of authority and responsibility within the institution is. The senior bank official in charge of BSA compliance should be in a position, and have the authority, to make and enforce policies. A “BSA Officer” who reports to a senior official would not be sufficient to meet the requirements unless the senior official is officially designated as the officer in charge of overall BSA compliance.
4. Training for Appropriate Personnel
At a minimum, the bank’s training program must provide training of all personnel whose duties may require knowledge of the BSA, including, but not limited to, tellers, new accounts personnel, lending personnel, bookkeeping personnel, wire room personnel, etc. In addition, an overview of the BSA requirements should be given to new employees and efforts should be made to keep executives informed of changes and new developments in BSA regulation. (On-line BSA training is considered sufficient if appropriate personnel are trained in applicable aspects of the BSA and can demonstrate knowledge. Appropriate personnel encompass any employee including senior management whose duties require knowledge of the BSA. BSA training guidance beginning on page 32 of the 2006 BSA/AML Examination Manual states: “The training should be tailored to the person’s specific responsibilities. In addition, an overview of the BSA/AML requirements typically should be given to new staff during employee orientation. Training could encompass information related to applicable business lines, such as trust services, international, and private banking. The BSA Compliance Officer should receive periodic training that is relevant and appropriate given changes to regulatory requirements as well as the activities and overall BSA/AML risk profile of the bank.” . . . “Banks should document their training programs. Training and testing materials, the dates of training sessions, and attendance record should be maintained by the bank and be available for examiner review.) Depending on the bank’s needs, training materials can be purchased from banking associations, trade groups or outside vendors, or they can be developed by the bank. Copies of the training materials must be available in the bank for review by examiners.
For experienced staff, it is recommended that BSA training be conducted at least annually. As a best practice, BSA training for board members should be ongoing and incorporate current development and changes to the BSA and any related regulations. The Guidance found on pages 32-33 of the 2006 BSA/AML Examination Manual at: http://www.ffiec.gov/bsa_aml_infobase/pages_manual/OLM_002.htm states “The board of directors and senior management should be informed of changes and new developments in the BSA, its implementing regulations and directives, and the federal banking agencies’ regulations.” It is not sufficient to simply train an audit committee of the board of directors. BSA training should encompass all members of the board of directors. While board members may not require the same degree of training as front-line operations personnel, they need sufficient training to provide a general understanding of BSA regulatory requirements in order to provide effective compliance oversight, approve policy, and ensure adequate resources.
An effective “Know Your Customer” policy also is essential to compliance with the BSA and may aid in preventing the financial institution from becoming a conduit for a money laundering scheme. A “know your customer” policy consists of procedures that require proper identification of every customer at the time an account is opened in order to prevent establishment of fictitious accounts. The primary objective of such a policy is to enable the financial institution to predict, with relative certainty, they types of transactions the customer is likely to be engaged in. Internal systems should then be developed for monitoring transactions which are inconsistent with each customer’s “transaction profile”. In addition, the bank’s employee education program should provide examples of customer behavior or activity which may warrant investigation.
C. Money Services Business Accounts – Bank Anti-Money Laundering Program and Interpretive Guidance
Some financial institutions have account relationships with what are referred to as non-bank financial institutions. These institutions are broadly defined as institutions offering financial services. "Money Services Businesses” (MSBs) are a subset of non-bank financial institutions, consisting of non-banks offering financial services such as check cashing, money transmittals, sales of monetary instruments and currency exchange. Although MSBs may be licensed by the state or a local government, financial institutions that maintain accounts for such businesses are exposed to higher risk for money laundering activities by virtue of their processing of third-party transactions, often without knowledge of the source or the legitimacy of the funds or the actual items. As such, these customers should be viewed by a financial institution as “high risk” for money laundering and, as an account holding institution, must take additional precautions to control this risk.
The Financial Crimes Enforcement Network (FinCEN) along with the Federal Reserve, FDIC, OCC, and NCUA (the “Federal Banking Agencies”), issued an interpretive guidance clarifying regulatory requirements of the Bank Secrecy Act (BSA) for financial institutions that provide banking services to MSBs. The guidance, dated April 26, 2005, set forth minimum steps that financial institutions should take when providing banking services to MSBs, discusses the assessment and minimization of money laundering risks posed by MSBs and clarifies that financial institutions are not held responsible for customer compliance with the BSA and other applicable federal or state laws and regulations. FinCEN also issued guidance to MSBs addressing their BSA regulatory obligations and to notify them of the type of information that they may be expected to give to a financial institution when opening or maintaining an account.
Under BSA regulations, FinCEN defines MSBs to include five distinct types of financial services providers and the U.S. Postal Service: (1) currency dealers or exchangers; (2) check cashers; (3) issuers of traveler's checks, money orders or stored value; (4) sellers or redeemers of traveler's checks, money orders or stored value; and (5) money transmitters. In the first four categories listed above, there is a threshold requirement – any business that engages in such transactions is not considered a MSB if it does not engage in such transactions in an amount greater that $1,000 for any person on any day in one or more transactions. See 31 C.F.R. Chapter X §1010.100. With some exception, MSBs are covered by BSA regulations, including anti-money laundering program, suspicious activity and currency transaction reporting, identification and recordkeeping rules. Certain MSB principals are required to register with FinCEN. Many MSBs, including most money transmitters, operate through a system of agents. Such agents are not required to register with FinCEN, but they are considered MSBs that are required to establish anti-money laundering programs and must comply with recordkeeping and reporting requirements.
1. Minimum BSA Due Diligence Expectations
The interpretive guidance states that registration with FinCEN (if required) and compliance with any state-based licensing requirements, are the basic compliance duties for MSBs, since operating in contravention of registration or licensing requirements would violate Federal and possibly state laws. Thus, it is reasonable and appropriate for a financial institution to insist that a MSB give evidence of compliance with such requirements or demonstrate that it is not subject to such requirements. Regarding FinCEN registration, a financial institution may rely on correspondence received by the MSB from the Internal Revenue Service-Detroit Computing Center as confirmation that the MSB has registered with FinCEN. Also, a MSB may appear on the MSB registration list published by FinCEN (http://www.fincen.gov/financial_institutions/msb/ ).
On February 3, 2006 FinCEN issued Guidance clarifying the registration, renewal and deregistration requirements for MSBs (see, FIL-20-2006). The FinCEN Guidance indicates that persons/entities defined as MSBs are generally required to register with FinCEN. Registration is required within 180 days after the day that the person/entity is established as an MSB. Thereafter, the MSB must renew its registration every two years by December 31 for as long as the MSB continues to meet the MSB definition. There is currently no provision or procedure to allow an MSB to deregister. The only option for a business that has ceased to operate as an MSB, or that has registered incorrectly, is to refrain from renewing its registration.
2. Basic BSA/Anti-Money Laundering Risk Assessment
The extent of a financial institution’s performance of further due diligence (beyond minimum compliance duties discussed above) is dictated by the level of risk posed by a MSB customer. While in some cases, no further customer due diligence will be required, other cases may require extensive due diligence. As with any business account, in determining how much, if any, further due diligence may be required for a MSB customer, the financial institution should consider the following basic information:
3. Risk Indicators
The Interpretive Guidance provides several examples that may indicate both low and high risks. In determining the risk level, a financial institution should not take any single indicator as determinative of the existence of lower or higher risk. Since application of these factors is fact-specific, a conclusion regarding an account should be based on a consideration of available information. An effective risk assessment should be a composite of multiple factors and (depending upon circumstances) certain factors may be weighed more heavily than others.
Examples of potentially lower risk indicators: The MSB –
Examples of potentially higher risk indicators:The MSB -
4. Due Diligence For Higher Risk Customers
A financial institution’s due diligence should be commensurate with the MSB customer’s risk level, as identified through risk assessment. If a risk assessment shows potential for a heightened risk of money laundering or terrorist financing, further due diligence would be expected, which is no different from requirements applicable to any other business customer and does not mean that a financial institution cannot maintain the account.
The extent to which a financial institution should inquire about the existence and operation of the anti-money laundering program of a MSB depends upon the financial institution’s risk assessment of the relationship. Financial institutions should expect significant differences among MSB anti-money laundering programs, given the diversity of the industry and neither FinCEN nor the Federal Banking Agencies expect financial institutions to act as de facto regulators of the MSB industry.
5. Identification and Reporting of Suspicious Activity
Financial institutions are required by regulation to identify and report known or suspected violations of law or suspicious transactions relevant to possible violations of law or regulation. Risk-based monitoring of accounts maintained for all customers, including MSBs, is a key element of an effective system to identify and, where appropriate, report violations and suspicious transactions. The level and frequency of such monitoring depends, among other things, on the risk assessment and the activity in the account.
Based on the financial institution's assessment of the risks of its particular MSB customers, monitoring should include periodic confirmation that initial projections of account activity have remained reasonably consistent over time. Account activity typically includes deposits or withdrawals of currency, deposits of checks or funds transfers. Activity variances do not necessarily mean there is a problem, but may indicate that additional review is necessary. Examples of potential suspicious activity within MSB accounts, generally involve significant unexplained variations in transaction size, nature or frequency through the account. Risk-based monitoring generally does not include “real-time” monitoring of all transactions flowing through the account of a MSB, e.g., as a review of the payee or drawer of every deposited check.
A recurring question has been a financial institution’s obligation to file a suspicious activity report (SAR) on a MSB that has either failed to register with FinCEN or obtain a license under applicable state law. The Interpretive Guidance states that a financial institution should file a SAR if it becomes aware that a customer is operating in violation of registration or state licensing requirements.
Financial institutions need not terminate existing MSB accounts based solely on the discovery that the customer is a MSB that has failed to comply with licensing and registration requirements (although continuing non-compliance by the MSB may be an indicator of heightened risk). There is no requirement in the BSA regulations that a financial institution must close an account that is the subject of a SAR. The decision to maintain or close an account should be made by a financial institution's management under standards and guidelines approved by its board ofdirectors. If an account is involved in a suspicious or potentially illegal transaction, the financial institution should examine the status and history of the account thoroughly and determine whether or not the institution is comfortable maintaining the account. If the financial institution is aware that a reported activity is being investigated, it is strongly recommended that the financial institution notify law enforcement before making any decision regarding account status.
6. Conclusion
The Interpretive Guidance is not a directive for financial institutions to conduct immediately a review of existing accounts of MSB customers for the sole purpose of determining licensing or registration status. In addition, the guidance does not affect an institution’s existing anti-money laundering compliance program obligations to assess risk, including periodic risk assessments of existing MSB accounts to update risk factors such as licensing and registration status. Also, while participation in a § 314(b) information sharing program is voluntary, FinCEN and federal regulators encourage both financial institutions and their MSB customers to consider how voluntary information sharing may enable each institution to more effectively discharge its anti-money laundering and suspicious activity monitoring obligation.
The following is an Appendix issued with the Interpretive Guidance that addresses “Frequently Asked Questions.”
Appendix
Frequently Asked Questions on Providing Banking Services to Money Services Businesses
Registration and Licensing
1. What are the FinCEN registration requirements for Money Services Businesses?
As set forth in 31 C.F.R. Chapter X 1022.380(a)-(f), all money services business must register with FinCEN (whether or not licensed as a money services business by any state), except:
A branch office of a MSB is not required to file its own registration form. Those money services businesses required to register must complete and submit to the Enterprise Computing Center - Detroit, Attn: Money Services Business Registration, a form [http://bsaefiling.fincen.treas.gov/main.html] that identifies the following: (1) the name, location, and taxpayer identification number of the business; (2) information concerning the owners of the business; (3) the location(s) of operation and the number of branch locations and number of agents; (4) the products and services offered; (5) information about the primary transaction account; and (6) the location of supporting documentation.
Additionally, under existing FinCEN regulations, a money services business has 180 days in which to register from the time that it begins performing the functions that subject it to the money services business regulations. Therefore, it is possible that a money services business will appropriately seek banking services before completing the registration process with FinCEN, but still be in full compliance with the law.
2. What resources are available for banking organizations to use to confirm registration or licensing status of a money services business?
Regarding FinCEN registration, a banking organization may rely on the correspondence received by the money services business from the Internal Revenue Service – Detroit Computing Center as confirmation that the money services business has registered with FinCEN. All registered money services businesses will have such correspondence and should be prepared to provide it to the banking organization. Note that it may take 60 days or more after a money services business files its registration form for the business to receive an acknowledgment letter from the Internal Revenue Service. The acknowledgment letter from the Internal Revenue Service will be the only confirmation received by the money services business. As an alternative, if the money services business has filed its registration but has not yet received its acknowledgement letter, the banking organization may rely on a copy of the registration form submitted by the money services business until such time as the money services business either receives its acknowledgement letter or appears on the money services business registration list published by FinCEN (accessible at http://www.fincen.gov/msb-state-selector). FinCEN seeks to assist banking organizations by assembling, preparing and forwarding information on the money services business industry and applicable Bank Secrecy Act requirements on FinCEN’s website dedicated to the money services business industry, http://www.fincen.gov/msb-state-selector.
Regarding state licensing requirements, individual state regulatory authorities offer a variety of information. Also, FinCEN is working with state regulators on a variety of information-sharing initiatives that will enhance cooperation with respect to anti-money laundering regulatory issues. One initiative will be to identify and promote resources where banking organizations and others can go to learn about state anti-money laundering requirements applicable to money services businesses as well as the status of individual money services businesses.
3. How can a banking organization confirm that a money services business is an agent that is not required to register with FinCEN?
A money services business that is an agent of a principal money services business will generally have contracts and agreements with the principal money services business, and agents should be expected to provide these documents to a banking organization upon request. Additionally, many large money services businesses list information about their agents on their public web sites.
4. How should a banking organization document its review of registration, licensing, or agent status of a money services business?
Banking organizations should document their review of the applicable registration, licensing, or agent status of a money services business customer, but are not required to maintain copies of actual documentation received from a money services business. Banking organizations should also consider the availability of public information regarding licensing, registration, or agent status for money services businesses. For example, many states make licensing information publicly available, and many large money services businesses list their agents on their public web sites.
Due Diligence
5. After applying the Customer Identification Program, and confirming registration, licensing, and agent status, as applicable, and when a banking organization's risk assessment of a money services business customer indicates a low risk of money laundering or other illicit activity for the particular customer, is a banking organization required to perform further due diligence?
No. After assessing basic information of a particular money services business customer, including: (1) the products and services offered by the money services business; (2) the locations and markets served by the money services business; (3) anticipated account activity; and (4) purpose of the account, if a banking organization determines that its relationship with the particular money services business constitutes a low risk of money laundering or other illicit activity, a banking organization is not routinely expected to perform further due diligence. Banking organizations should consider and perform further due diligence, such as a review of a money services business’s anti-money laundering program, if the banking organization’s risk assessment of a relationship with a particular money services business indicates heightened risks.
However, banking organizations are reminded that risk-based monitoring of all accounts, regardless of the amount of due diligence performed for a particular customer, is a key element of an effective system to identify, and where appropriate, report suspicious activity. Discovery of suspicious activity in transactions with a money services business initially deemed to represent low risk may necessitate further due diligence.
6. Can a banking organization open or maintain an account for a money services business that has not registered or obtained a state license because the customer was unaware of applicable requirements? Should a banking organization file a suspicious activity report in such instances?
Yes. Banking organizations are not required to refuse to open new accounts for money services businesses that have failed to comply with registration or licensing requirements. Similarly, there is no requirement in the Bank Secrecy Act regulations that a banking organization terminate existing accounts of customers based solely on the discovery that the customer is a money services business that has failed to comply with licensing and registration requirements. The decision to maintain or close an account should be made by a banking organization’s management under standards and guidelines approved by its board of directors.
However, continued noncompliance by a customer with applicable licensing, registration or other regulatory requirements after learning of such requirements would likely be an indicator of heightened risk. Banking organizations should file suspicious activity reports if they become aware that customers are operating in violation of the registration or state licensing requirements.
7. Do FinCEN and the Federal Banking Agencies have an expectation that banking organizations should educate money services businesses about any requirements of the Bank Secrecy Act?
No. The Bank Secrecy Act does not require, and neither FinCEN nor the Federal Banking Agencies expect, banking organizations to serve as the de facto regulators of the money services businesses for which they maintain accounts. Accordingly, banking organizations are not expected to educate money services businesses about the Bank Secrecy Act requirements that apply to the industry. However, when a banking organization is conducting due diligence with respect to its money services business customers, questions will inevitably arise. In such cases, banking organizations can direct inquiries by money services businesses about applicable Bank Secrecy Act requirements to existing regulatory resources such as http://www.fincen.gov/financial_institutions/msb/ or FinCEN's Regulatory Helpline at 1-800-949-2732.
In addition, there are several ways for banking organizations to obtain free educational materials produced by FinCEN for money services businesses:
8. If a business only cashes its own employees’ payroll checks, is it a money services business?
As a service to its employees, Business A cashes employee payroll checks issued to the employees by Business A. It does not cash any other checks. These checks may be cashed in amounts exceeding $1,000 per person per day in one or more transactions, which is the threshold for the Bank Secrecy Act definition of a check casher that qualifies as a money services business. Is Business A a money services business if it offers this service? Does it matter if Business A charges a fee for this service?
Business A does not meet the Bank Secrecy Act definition of a check casher if it only cashes its own employees’ payroll checks. If a business provides its employees with currency in exchange only for payroll checks issued by the business, we do not consider the business to be “engaged in the business of a check casher.” Consequently, to the extent that a business only cashes its own employees’ payroll checks it is not a money services business. Whether or not a business charges a fee for conducting these transactions is immaterial.
However, if a business cashes checks other than its own business checks in an amount exceeding $1,000 for any person in one day in one or more transactions, the business would be defined as a check casher under the Bank Secrecy Act and be required to register as a money services business and be obligated to comply with all applicable Bank Secrecy Act programmatic, recordkeeping, and reporting requirements.
9. If a business only cashes its own checks as payment for goods or services provided by a non-employee, is it a money services business?
If Business B pays a non-employee by check for goods or services provided to Business B, and in response to the non-employee’s request, Business B cashes its own check to pay the non-employee in cash, is Business B a money services business if the payment exceeds $1,000 per person per day in one or more transactions?
Business B does not meet the Bank Secrecy Act definition of a check casher if it only cashes its own checks as payment for goods or services provided by a non-employee, even if those payments exceed $1,000 per person per day in one or more transactions. A non-employee that provides goods or services may request payment from a business for those goods or services in cash rather than by check. If a business, for example, issues a check for payment to a non-employee for providing those goods or services as a means of creating an audit trail, and the non-employee desires payment in cash, we would not consider the cashing of its own business check to pay the non-employee to be “engage[ing] in the business of a check casher.” The business would not be required to register as a money services business for solely engaging in this activity.
However, if the business cashed checks other than its own business checks in an amount exceeding $1,000 for any person in one day in one or more transactions, the business would be defined as a check casher under the Bank Secrecy Act and be required to register as a money services business and be obligated to comply with all applicable Bank Secrecy Act programmatic, recordkeeping, and reporting requirements.
10. If a tax preparer business only cashes its own tax refund anticipation loan checks for taxpayers for whom it has prepared tax returns, is it a money services business?
If Business C, an income tax preparer business, issues a tax refund anticipation loan check to a taxpayer for whom it has prepared a tax return, and only cashes that tax refund anticipation loan check for the taxpayer, is Business C a money services business if the payment exceeds $1,000 per person per day in one or more transactions?
Business C does not meet the Bank Secrecy Act definition of a check casher if it only cashes its own tax refund anticipation loan checks for taxpayers for whom it has prepared tax returns. This activity is equivalent to disbursing loan proceeds with cash. In this instance, the check is used as further documentation of the loan transaction. Thus, we would not consider the business to be “engaged in the business of a check casher” solely for engaging in this activity.
However, if the business cashed checks other than its own tax refund anticipation loan checks in an amount exceeding $1,000 for any person in one day in one or more transactions, the business would be defined as a check casher under the Bank Secrecy Act and be required to register as a money services business and be obligated to comply with all applicable Bank Secrecy Act programmatic, recordkeeping, and reporting requirements.
D. UsaPatriot Act: § 352 Anti-Money Laundering Program
The USA PATRIOT Act (acronym for the “Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act” provides, in § 352, that every financial institution establish an anti-money laundering “AML”) program and to have such program in place by April 24, 2002, containing, at a minimum, the four following elements:
Although § 352 is self-implementing, the U.S. Congress required the U.S. Secretary of the Treasury to provide financial institutions with regulatory guidelines for AML programs. On April 23, 2002, the Treasury Department issued a series of “interim/final” regulations. In regard to banks, savings and loans and credit unions, the Treasury interim rules provide that “banks, savings associations, credit unions, registered brokers and dealers in securities, futures, commission merchants, and casinos, will be deemed to be in compliance with § 352 if they establish and maintain anti-money laundering programs as required by existing FinCEN regulations, or their respective Federal regulator or self-regulatory organization.” Treasury’s interim regulation notes that since 1987, all federally insured depository institutions and credit unions are required by federal regulators to have AML programs containing the identical four elements required by 31 U.S.C. § 5318(h)(1) of the Bank Secrecy Act, as amended. The interim regulations amend the Bank Secrecy Act’s implementing regulations (See, 12 C.F.R. 103.120 and 103.70) to provide that insured institutions and credit unions which implement AML programs in compliance with the requirements of the institution’s federal regulatory agency governing the establishment and maintenance of AML programs, are deemed to have complied with the requirements of § 5318(h)(1).
A bank’s AML program should be tailored to its size, business activities, systems capabilities, customer mix and customer location. The fact that Treasury’s implementing regulation defers to past federal regulatory agency AML rules does not mean that financial institutions may ignore the interim regulations and do not have to review and amend their AML policies. Over the next few years, regulators will, no doubt, scrutinize AML policies and procedures. This presents a “patriotic opportunity” to help in the battle against money laundering.
The highest levels of management should ensure that a financial institution’s BSA and AML programs are in full compliance with the law and regulations. The USA Patriot Act now makes an AML program an issue of federal law and subject to penalties of up to $1 million for each violation. In addition, when considering the organizational sentencing guidelines for federal criminal offenses, a major mitigating factor is whether an organization (e.g., the financial institution) had an effective program in place to detect and prevent illegal activity prior to the making of the offense. If an organization has written policies, demonstrates a commitment to compliance from the highest levels of management and provides for appropriate employee training and communication, the organization’s “culpability score” may be lowered.
E. Bank Secrecy Act/Anti-Money Laundering Examination Manual
On June 30, 2005, the Federal Financial Institutions Examination Council (FFIEC) published a Bank Secrecy Act/Anti-Money Laundering Examination Manual (hereinafter referred to as the “manual”) in an attempt to provide the Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, Office of the Comptroller of the Currency, Office of Thrift Supervision and the National Credit Union Administration (referred to as the “federal regulatory agencies”) and their respective examiners with uniform tools aimed to promote a consistent application of the Bank Secrecy Act (“BSA”) and other related anti-money laundering (“AML”) rules and regulations. The manual may be accessed at http://www.ffiec.gov/press/pr063005.htm or on any of the federal regulatory agency websites.
The manual was developed by the federal regulatory agencies in collaboration with the Financial Crimes Enforcement Network (“FinCEN”), which is the delegated administrator of the Bank Secrecy Act. The FFIEC also involved the Conference of State Bank Supervisors, representing individual state banking agencies, in a consultative role. The federal regulatory agencies also involved the Office of Foreign Assets Control (“OFAC”) in those sections of the manual relating to OFAC compliance issues, including audit procedures for use when examining financial institutions for compliance with the sanctions programs administered by OFAC. The manual contains examination procedures that examiners are instructed to employ beginning in the third quarter of 2005 when examining financial institutions for BSA/AML compliance. While the manual does not set new standards, it does provide for a compendium of current regulatory requirements, supervisory expectations, guidance on identifying and controlling risks and other sound practices for BSA/AML management and compliance. Over two-thirds of the manual contains narrative guidance with resource materials. Financial institution compliance officers and staff, as well as other personnel delegated with BSA/AML responsibilities should review the manual to ensure that your banking organization is properly addressing BSA/AML compliance and risk-management issues.
1. Organization Of The Manual
The manual contains the following sections: Introduction; Core: Overview and Procedures; Expanded: Overview and Procedures; and Appendices. As stated in the Introduction section, both the core and expanded overview sections give narrative guidance and background information on each topic relating to BSA and AML compliance, as follows:
The manual also contains extensive Appendices addressing the following subjects:
2. FFIEC Questions And Answers
The FFIEC transmittal letter that accompanied the manual contained the following Questions and Answers:
EXAMINATION PROCEDURES
1. When will the examiners begin incorporating the new FFIEC BSA/AML Examination Manual in their examinations? The federal banking agencies will begin using the manual during the third quarter of 2005.
2. Does the new manual impose additional requirements for regulatory compliance or AML risk management? The manual does not set new standards; instead it is a compilation of existing regulatory requirements, supervisory expectations, and sound practices for BSA/AML compliance.
RISK ASSESSMENT
3. Will the manual provide guidance on how to design and implement a risk-based AML program? Will examiners use a banking organization’s risk assessment when scoping an examination? The manual reinforces the agencies’ and FinCEN’s position that sound BSA/AML risk management enables a banking organization to identify BSA/AML risks and better direct its resources, with the ultimate goal of protecting the organization from potential abuse for money laundering or terrorist financing. The scoping and planning section and appendix I -“Quantity of Risk Matrix” provide examiners and the banking industry guidance on assessing BSA/AML risk. As part of the scoping and planning process the examiner will turn first to the banking organization’s risk assessment. If the organization has not developed a risk assessment, or if it is considered inadequate, then the examiner must complete a risk assessment.
SUSPICIOUS ACTIVITY MONITORING AND REPORTING
4. Does the BSA/AML examination manual offer new guidance for Suspicious Activity Reports? The manual is a compilation of existing guidance developed by the federal banking agencies and FinCEN and does not set forth new guidance for suspicious activity monitoring and reporting. Instead, the manual reinforces the agencies’ and FinCEN’s position that examiners should focus on evaluating a banking organization’s policies, procedures, and processes to identify and research suspicious activity.
OTHER
5. Who should an individual contact if they have questions about the new manual? Questions regarding the FFIEC BSA/AML Examination Manual should be directed to the district or regional office of your federal banking agency.
The manual promises financial institution personnel that a consistent, single set of rules and procedures will be used by financial agency examiners. As noted by the financial regulatory agencies, the manual will be “reviewed and updated as necessary as new regulations and guidance are issued, technology advances and money laundering and terrorist financing risks evolve.” As the current edition of the manual is being reviewed by financial, regulatory and legal professionals, the Nebraska Bankers Association will also provide educational opportunities for our membership. From time to time, the NBA expects that additional NBA Compliance Updates may be necessary to cover particular areas of the manual that require additional explanation or guidance.
F. Sample Policy
Implementation of “Bank Secrecy Act” compliance policies, procedures and programs should be tailored to your institution. The minimum requirements are very broad, but a bank should adopt a policy that parallels the four minimum compliance program requirements listed above, as well as implementing the more detailed FDIC guidelines, specifically identifying the officer in charge and the method of and responsible party for independent testing.
G. Compliance Help
Bankers may call the IRS Detroit Computing Center with questions about completing Form 4789 and “Bank Secrecy Act” requirements. The numbers for the most frequently called areas at the Center are as follows:
“Bank Secrecy Act” (BSA) Compliance Branch *(313) 234-1613
BSA Compliance Branch - FACSIMILE (313) 234-1614
Magnetic Media Applications Questions *(313) 234-2011
Magnetic Media Hotline (313) 234-1445
BSA Electronic Bulletin Board (313) 234-1453
Suspicious Transactions Hotline (800) 800-2877
* Call this general office number for general information or to contact a specific BSA Representative and you will be referred to the appropriate person.
VII. ADMINISTRATIVE RULINGS AND OPINIONS ON BSA REGULATIONS
The U.S. Treasury Department issued interpretations to assist bankers in determining responsibilities under the BSA and has indicated that these Administrative Rulings and Opinions have precedential value. They can be found at: (https://www.fincen.gov/resources/statutes-regulations/administrative-rulings). Bear in mind that references to telephone numbers or addresses in certain cases are no longer valid and that in all cases, the actual BSA law and regulations will always supersede administrative rulings and opinions if there are interpretative conflicts.