View
22
Download
2
Category
Preview:
Citation preview
CDD – A BRIEF H
ISTORY &
GLIMPSE IN
TO TH
E
FUTU
RE
WHO WE ARECarey Rome - CEO, autoAMLCarey is the CEO of autoAML. Leveraging his 20 years of business and management consulting experience, Carey founded autoAML to help BSA Officers do more with less.
Nick Guest, CAMS - Director of BSA Risk, autoAMLNick has provided BSA/AML risk guidance, project operations oversight and organizational change management services to local, national and international companies across industries in the private and public sectors.
KEY POINTS TO BE MADE
1. 3 significant events driving the new CDD rule
2. One consistent theme in every enforcement
action
3. What you can do now to prepare
KEY TERMSBSA – Bank Secrecy ActAML – Anti-Money LaunderingCFT – Combatting the Financing of TerrorismKYC – Know Your CustomerCIP – Customer Identification ProgramCDD – Customer Due DiligenceBOV – Beneficial Ownership Verification SAR - Suspicious Activity ReportCTR – Currency Transaction Report
HISTORY OF BSA/AML
1970 - present
SIMPLIFIED BSA/AML HISTORY TIMELINE
BSA1970
9/11Patriot
Act2001
2008
Great Recessi
on
Panama Papers
2016
Final CDD Rule (BOV)
First Significant Event
• How did this get started? - Bags of Money
• What did it do?
• What is it’s main goal?
1970 – PASSAGE OF BANK SECRECY ACT
BACK SECRECY ACT – 1970• Established REQUIREMENTS FOR
RECORDKEEPING AND REPORTING by private individuals, banks and other financial institutions
• Designed to help IDENTIFY THE SOURCE, volume, and movement of currency and other monetary instruments transported or transmitted into or out of the United States or deposited in financial institutions
• Required banks to (1) report cash transactions over $10,000 using the Currency Transaction Report; (2) PROPERLY IDENTIFY PERSONS CONDUCTING TRANSACTIONS; and (3) maintain a paper trail by keeping appropriate records of financial transactions
MONEY LAUNDERING CONTROL ACT (1986)• Established money laundering as a federal crime• Prohibited STRUCTURING TRANSACTIONS to
evade CTR filings• Introduced civil and criminal forfeiture for BSA violations• Directed banks to establish and maintain procedures to
ensure and monitor compliance with the reporting and recordkeeping requirements of the BSA
ANTI-DRUG ABUSE ACT OF 1988• EXPANDED THE DEFINITION of financial institution
to include businesses such as CAR DEALERS AND REAL ESTATE CLOSING PERSONNEL and required them to file reports on large currency transactions
• Required the VERIFICATION OF IDENTITY of purchasers of monetary instruments over $3,000
ANNUNZIO-WYLIE AML ACT (1992)• STRENGTHENED THE SANCTIONS for BSA
violations• Required SUSPICIOUS ACTIVITY REPORTS and
eliminated previously used Criminal Referral Forms• Required VERIFICATION and recordkeeping for WIRE
TRANSFERS• Established the Bank Secrecy Act Advisory Group (BSAAG)
MONEY LAUNDERING SUPPRESSION ACT (1994)• Required banking agencies to review and enhance training, and DEVELOP
ANTI-MONEY LAUNDERING EXAMINATION PROCEDURES• Required banking agencies to REVIEW AND ENHANCE PROCEDURES for
referring cases to appropriate law enforcement agencies• STREAMLINED CTR EXEMPTION process• REQUIRED EACH MONEY SERVICES BUSINESS (MSB) TO BE
REGISTERED BY AN OWNER OR CONTROLLING PERSON OF THE MSB
• Required every MSB to maintain A LIST OF BUSINESSES AUTHORIZED TO ACT AS AGENTS in connection with the financial services offered by the MSB
• Made operating an UNREGISTERED MSB A FEDERAL CRIME• Recommended that states adopt uniform laws applicable to MSBs
MONEY LAUNDERING AND FINANCIAL CRIMES STRATEGY ACT (1998)• Required banking agencies to develop anti-money laundering
TRAINING FOR EXAMINERS• Required the Department of the Treasury and other agencies to develop
a NATIONAL MONEY LAUNDERING STRATEGY• Created THE HIGH INTENSITY MONEY LAUNDERING AND
RELATED FINANCIAL CRIME AREA (HIFCA) Task Forces to concentrate law enforcement efforts at the federal, state and local levels in zones where money laundering is prevalent. HIFCAs may be defined geographically or they can also be created to address money laundering in an industry sector, a financial institution, or group of financial institutions.
31 YEARS OF MISSING THE BOAT ON SOURCEWho “conducted” the illegal activity
versus who “benefited” from the illegal activity…
Until the day we all got blind sided…
Second Significant Event
SEPTEMBER 11, 2001- THE DAY THAT CHANGED OUR WORLD
PATRIOT ACT - 2001• Criminalized the FINANCING OF TERRORISM and augmented the existing BSA framework by
strengthening customer identification procedures• Prohibited financial institutions from engaging in business with foreign shell banks• Required financial institutions to have DUE DILIGENCE PROCEDURES (and enhanced due diligence
procedures for foreign correspondent and private banking accounts)• Improved information sharing between financial institutions and the U.S. government by requiring
government-institution information sharing and voluntary information sharing among financial institutions• EXPANDED THE ANTI-MONEY LAUNDERING PROGRAM REQUIREMENTS to all financial institutions• Increased civil and criminal penalties for money laundering• Provided the Secretary of the Treasury with the authority to impose "special measures" on jurisdictions,
institutions, or transactions that are of "primary money laundering concern"• Facilitated records access and required banks to respond to regulatory requests for information within 120
hours• REQUIRED FEDERAL BANKING AGENCIES TO CONSIDER A BANK'S AML RECORD WHEN REVIEWING
BANK MERGERS, ACQUISITIONS, AND OTHER APPLICATIONS FOR BUSINESS COMBINATIONS
INTELLIGENCE REFORM & TERRORISM PREVENTION ACT OF 2004
• Amended the BSA to require the Secretary of the Treasury to prescribe regulations requiring certain financial institutions to REPORT CROSS-BORDER ELECTRONIC TRANSMITTALS OF FUNDS, if the Secretary determines that such reporting is "reasonably necessary" to aid in the fight against money laundering and terrorist financing
SO WHAT’S REQUIRED - AML PROGRAM
1. Written internal policies2. Written procedures & documented processes
3. Internal controls4. Designated AML compliance officer5. Ongoing employee training6. Independent review
We’ve been doing this for almost 50 years – How can this still be missed?
IDENTIFYING THE SOURCE
Does anyone think that no one had been thinking of this prior to 9/11?
• 314(a) : deals with the required sharing of information between banks and federal law enforcement
• 314(b) : voluntary bank-to-bank information sharing
PATRIOT ACT…
314(A) & 314(B)
314(a) - Law enforcement communicationwith your FI
314(b) – Communication between banks
SO WHAT HAPPENED IN
THE FOLLOWING
YEARS?
- VERY LITTLE -
FROM 9/11/2001 TO THE DAY THE GREAT
RECESSION HIT, WHAT PROGRESS DID WE
MAKE?
2008 - GREAT RECESSION
GREAT RECESSION…THE AFTERMATH- 2011 (10yr
gap)- Regulators
see that banks failed
- Tighter enforcements follow
ENFORCEMENT ACTIONS - THE HIDDEN COST OF NON-COMPLIANCE
2013
The Senate Permanent Subcommittee on Investigations (PSI)
Regulate by Consent Order, Public Filings & Shareholder Notifications
A CHANGE IN THE TONE OF CONSENT ORDERS• In 2013 – the OCC was cited by the Senate
Permanent Subcommittee for Investigations (SPSI) in a Presentence Investigation Report (PSIR) for ineffective AML oversight
• The PSIR called for higher examination standards
BANKS SHOULD BE AWARE OF THE GROWING NUMBER OF EAs.• Penalties increased 20x in last 5 years• Enormous fees• Average $34M• 2009-2015: $5.2B BSA/AML violations• Not including cost of additional staff• Unaccounted for reputational damage
REGULATORS ARE TAKING ACTION IN MAJOR WAYS
• In the last 15 years, FIs with less than $10B in assets under management (AUM) received more EAs than larger ones (>$10B)
• Regulators will go after you even if there has never been any money laundering
• They are making sure the structure is in place or in development to prevent it: policies, procedures, processes, and internal controls
RATIO OF FINANCIAL IMPACT TO ASSET SIZE
Fine(Over 5yrs)
Cleanup Cost(One-time)
Ongoing Staffing Cost (Over 5yrs)
Financial Institutions
~.05% - 1% of Assets
~.05% of Assets
~.25% of Assets
BUT, BSA/AML IS NOT JUST FOR THE BIG GUYS…
• $9.7B in AUM• 2012 – received consent order• 5 consecutive prior years of
compliance• Heightened expectations of the regulators• Doubled BSA staff• $4M staffing costs + $5M annual
expenditures + $500,000 CMPs
OLD NATIONAL BANCORP
DROWNING IN BSA DEMANDS“Few dare talk about their concerns publicly, for fear of alienating regulators. Privately they say that BSA exams have become more rigorous and focused in recent years, digging deeper into the weeds of processes, systems and controls. Foot-dragging and shortcomings are being met with stiffer monetary penalties and lengthy lists of demands for system improvements and additional personnel.”
–American Banker
SMALLER BANKS SINGLED OUT• Examiners assigned to smaller banks can
advance their careers by playing tough.• As an examiner, you move to working on
the larger, multinational banks by finding problems at smaller institutions.
• It’s a risk for the smaller and midsized banks that you can run into someone who’s trying to catch every technical detail to impress their bosses and move up.
• 2012 FinCEN consent order - Willful lack of AML program
• Failure to detect and adequately report evidence of AML
• Inadequate internal controls, transaction monitoring systems, training, & reporting
• Assessed $15M CMP for bank’s history of noncompliance and numerous BSA violations
• Eventually bought out and had its charter terminated
FIRST BANK OF DELAWARE
• $4.9B in AUM• 2016 – FDIC issued consent order• Required increased board
involvement, creation of board committee, development & implementation of written compliance plan
• Required to revise its written policies, procedures, and processes
CARTER BANK CONTINUED…Additional requirements included:• Annual risk assessments• Revision of internal controls to have policies,
procedures, and processes concerning SARs• Enhancements to CDD & EDD programs, BSA training• Acquire contract with independent testing firm for
BSA/AML regulation review• Reassess BSA staffing needs: advised to increase
number of people in its BSA department from 3 full time employees to a minimum of 22
• Required to file timely BSA reports: CTRs, SARs, etc.• Required to inform shareholders of the consent order
•AUM = $700 Million•Board supervision•Implement written program•Internal controls•Adequate staffing•Independent review•Look back
Third Significant Event
FINAL CDD RULE
What has the last 46 years revealed about what we’re missing in relation to the final CDD rule?
BOV
The policies, procedures, and processes utilized to identify the beneficial owner, take reasonable measures to verify the status and accuracy of the beneficial
owner to the degree that the FI is satisfied that it knows the beneficial
owner’s identity.
BENEFICIAL OWNERSHIP VERIFICATION (BOV)
TODAY, FIs ARE FACED WITH A HUGE CHALLENGE.
• What is the line between Verification and Validation
• CDD rules don’t explain what policies & procedures
• Regulators have high expectations
• Compliance program in place by 2018!
• Gamble –10 years to enforce OR Immediate?
ONE IRREFUTABLE FACT
CONSISTENT WEAKNESSES IN IDENTIFYING THE
SOURCE
“Banks have literally resorted to responding to the latest regulatory finding at similar banks.”
- Theresa Pesce, head of the Americas AML practice at
KPMG
CONSISTENT WEAKNESSES…
- Plugging holes method not the intent of regulators
- Reading consent orders from other banks isn’t the answer
- Clear best practice: address the entirety of the program
CONSISTENT WEAKNESSES…
WHY HAS THIS CONTINUED TO BE IGNORED?1. No BSA/AML Standards
2.Inconsistency among banks’ program alignment with FFIEC manual
3.Inconsistency among regulators’ application of FFIEC manual regulations
Failure to align policies, processes, and procedures with BSA Regulations
15 YEARS OF EA’S – 1 CONSISTENT THEME
Expectations for the new CDD rule will be no different.
Are you doing what you say you do?
FFIEC ALIGNMENT - THIS SEEMS SO BASIC…
POLICIES
DETAILS FOR POLICY• Have a monitoring system in place to track P,P,P
changes
• Track alignment with the FFIEC manual
• Document details
• Document why your bank does comply
• Document if something in the manual is “N/A”
• Note why it is Not Applicable
- This should show consistency
- This should be your how-to guide for implementing policy
- The written set of directions for your team to implement and enforce policy
- Internal controls should be able to prove that these procedures are being implemented accurately
PROCEDURES
Maintain
alignment
Maintain
alignment
Maintain
alignment
Maintain
alignment
Maintain
alignment
PROCEDURES
EXAMPLE CDD PROCESS
PROCESS
Step 1 Step 2
Step 3 Step 4 Step 5
Step 6 Step 7
New CDD ProcessFrontline Business Banker (CIP)
BSA/AML Complianc
e (CDD)
BSA/AML Operations(KYC)
INTERNAL CONTROLS
A system for ensuring that your team is working within the process you’ve defined and they are utilizing the procedures you’ve developed to enforce the policies you’ve created.
INTERNAL CONTROL - EXAMPLE• Customer on-
boarding requires 2 forms of ID
• A bank’s policy should define similar informational requirements for verification of High Risk Customers
• Require secondary, manager-level approval to verify
Banks have the control and they have the tools
to address this most consistent theme in every enforcement
action…it’s just very manual
THE DIRECTOR’S ROLE
DIRECTORS ASK THESE QUESTIONS
1.What is the plan?
2.Who is responsible?
3.What is the filter for how it relates to your bank?
4.How will you measure your level of compliance?
1. WHAT IS THE PLAN?
• Implementation of policies, procedures,
processes
• Control risk
• Achieve compliance
QUESTION YOUR PLAN
• What are the internal controls? – FFIEC
• What is the plan to mature the BSA program over the next 3 yrs?
• How does this plan align with the growth strategy of the bank?
2. WHO IS RESPONSIBLE?BSA Officer
• Review audit reports, internal controls, high-risk deposit accounts monthly
• Review risk rating, staffing, training, testing, and compliance
3. WHAT IS THE FILTER?BSA Risk Assessment
• Define your bank’s risk profile
• How much risk will you agree to accept?
• Specific risk categories
• Detailed analysis
COMPLIANCE COMMUNICATION IS ESSENTIAL“We're seeing situations where business decisions are made that run counter to an institution's AML policy [or] counter to the advice of the compliance department, situations where the compliance department is being deprived of information required to do its job.”
- Shasky Calvery, previous director of FinCEN
4. HOW CAN I MEASURE MY BANK’S COMPLIANCE?• Don’t just wait for annual
updates
• Write down what you are going to do and why
• Identify risks and get feedback from regulators
• Consistent reporting
WHAT REPORTS SHOULD I BE ASKING FOR?
For an example of reports, email us at: crome@autoaml.com or nguest@autoaml.com
CDD
WHAT CAN YOU DO NOW TO PREPARE?
3rd KEY TAKEAWAY
UNDERSTANDING BOV?
“Beneficial Owner”not necessarily the person or entity who sets up or opens the account, but the person behind that person or entity who receives the benefits from this account and controls it from behind the curtain of anonymity or through a nominee account holder
INTRODUCTION TO BOV
1. Identify2. Verify status
& accuracy3. Ownership4. Control
structure
FOR BOV
2018
Timing is of the essence: 5 Things to Quantify
1. Impact to High-Risk Customers
2. Implementation Plan
3. Training Plan
4. Staffing Needs
5. Timing of Significant Events
3 THINGS YOU MUST KNOW NOW
1. Does your BSA Officer and Team understand the impact of beneficial ownership verification on your organization?
2. Does your Board of Directors understand the impact of beneficial ownership verification on your organization?
3. Do you have a plan to deal with your understanding of the beneficial ownership verification impact on your bank?
1. BSA OFFICER AND TEAMBuild formula based on the following:• Assessment of increased documentation required• Assess the additional anticipated amount of time per
new customer (per anticipated growth rate)• Assess the additional amount of data capture• Assess impact to additional systems• Assess the amount of training development and
implementation• Should equal the total amount of impact on your
organization
2. BOARD OF DIRECTORS• Policies• Question Implementation• Procedures • Internal controls• Impact
3. DO YOU HAVE A PLAN• Why do you need a plan?• Key’s to your plan:•Critical Path•Viable and Realistic•Documented
• Detailed Actions• Propagates new mindset prior to 2018
QUESTIONS FOR YOUR TEAM TO CONSIDER How do I create an implementation plan? How do I quantify the impact on my organization? What do my new policies need to state? How will my procedures be impacted? Who will own the creation of and drive the implementation plan? How will we know we are reaching our milestones? How will training be rolled out given our milestones? Have you considered your risk based approach for Beneficial
Ownership? How will “significant,” “unusual,” or ”unexpected” transactions
trigger the need for additional BOV?
CUSTOMER DUE DILIGENCE (CDD) WHITE PAPER
For a copy of our White Paper on the Final CDD Rule, email us at:
crome@autoaml.com or nguest@autoaml.com
WHAT ARE YO
U
CURRENTLY DOING FO
R
BOV?
Recommended