View
0
Download
0
Category
Preview:
Citation preview
BSA UPDATE FOR SUPERVISORY
COMMITTEE MEMBERSPresented by:
Daniel J. Mahalak, CPA, CGMA
Dan is the President & Managing Partner of Cindrich, Mahalak & Co., P.C., a CPA firm specializing in working with credit unionsand their subsidiaries. He joined the firm in 1980 upon graduating from Eastern Michigan University and became apartner in 1988. He is a certified public accountant (CPA), a chartered global management accountant (CGMA), and amember of both the American Institute of Certified Public Accountants (AICPA) and the Michigan Association of CertifiedPublic Accountants (MICPA). Dan has spent his entire professional career with this firm.
Throughout his career Dan has worked in all phases of the practice. He is involved in all audit activities and works closely withthe staff in training and development. He is involved in audit planning and personally reviews all audit files and reportsas part of the firm’s quality control process. His extensive experience allows him to provide clients with unique insightsinto any problems, issues, or challenges they are facing.
Throughout his tenure, Dan has been responsible for hundreds of credit union audits, and worked in fraud/embezzlementinvestigations, including filing bond claims, working with authorities, and testifying in criminal proceedings. He also workswith credit unions in budgeting and forecasting, asset-liability management consulting, strategic planning, mergers andacquisitions, human resources consulting, regulatory consulting, and a variety of other consulting projects. He is afrequent speaker on topics related to the credit union industry on both a local and national level, and has written articlesfor several credit union publications.
Cindrich, Mahalak & Co., P.C. is one of the largest credit union auditing firms in the country. They currently audit credit unionsranging from less than $10 million to well over $2 billion in assets. They have concentrated their practice in credit unionsand their subsidiaries since their inception in 1971.
Daniel J. Mahalak, CPA,CGMA
2June 2016
■ History ■ Background■ Role of Government Agencies■ Compliance Culture■ Abbreviations & Acronyms■ Board of Director Duties Regarding BSA/AML■ BSA/AML Topics■ OFAC■ Penalties & Fines■ Questions
Agenda
June 2016 3
■ In 1970, Congress passed the Currency and Foreign Transactions Reporting Act (Bank Secrecy Act)
■ The Money Laundering Control Act of 1986
■ In 1992 Annunzio-Wylie Anti-Money Laundering Act
■ The Money Laundering Suppression Act of 1994
■ SAR developed in April 1996
■ The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001(USA PATRIOT Act)
A Little History
June 2016 4
Background
■ The purpose is to help identify the source, volume, and movement of currency and other monetary instruments transported or transmitted into or out of the U.S. or deposited into financial institutions
■ And to aid in the investigation of money laundering, tax evasion, international terrorism, or other illegal activity
June 2016 5
Money Laundering
■ The criminal practice of processing dirty money through a series of transactions in order to clean the funds so they appear to be proceeds from legal activities
■ May not involve currency at every stage of the laundering process
■ Consider unusual electronic transactions, particularly wire transfers and ACH transactions
June 2016 6
■ U.S. Treasury– Requires financial institutions to
■ Establish AML programs■ File certain reports■ Keep records of transactions
– Also covers nonbank financial institutions■ Money services businesses■ Casinos■ Brokers/dealers in securities■ Futures commission merchants■ Mutual funds■ Insurance companies■ Operators of credit card systems
Role of Government Agencies
June 2016 7
■ FinCEN– Delegated administrator of BSA– Issues regulations and interpretative guidance– Provides outreach to regulated industries– Supports examination functions– Pursues civil enforcement actions– Provides investigative case support to law
enforcement– Identifies and communicates financial crime
trends and patterns– Fosters international cooperation worldwide
Role of Government Agencies
June 2016 8
FinCEN Guidance
■ FinCEN issued an advisory to highlight how financial institutions and their leadership can improve and strengthen compliance with BSA obligations– It begins with an organization wide compliance
culture
June 2016 9
Elements of Compliance Culture■ Leadership actively supports and understands compliance
efforts
■ Efforts to manage and mitigate BSA/AML deficiencies are not compromised by revenue interests
■ Relevant information from all departments within the organization is shared with compliance staff to further BSA/AML efforts
June 2016 10
Elements of Compliance Culture■ Adequate resources are devoted to the compliance function
of the organization
■ Compliance program is tested by an independent and competent third party
■ Leadership and staff understand the purpose of its BSA/AML efforts and how the reporting is used
June 2016 11
■ Federal Banking Agencies– Chartering (NCUA & OCC)– Insuring (NCUA & FDIC)– Regulating and supervising– Responsible for oversight of banking entities– Required to review BSA compliance at
examinations
Role of Government Agencies
June 2016 12
■ Establish and maintain a BSA compliance program
■ AML compliance program that guards against money laundering and terrorist financing
■ Management needs to be vigilant to ensure BSA/AML compliance
■ Policies, procedures, and processes to identify and report suspicious transactions to law enforcement
What is Required
June 2016 13
■ OFAC– Administers and enforces economic and trade sanctions– Based on US foreign policy and national security goals– Against targeted foreign countries, terrorists,
international narcotics traffickers, and those engaged in activities related to weapons of mass destruction
– Acts under the President’s wartime and national emergency powers to impose controls on transactions and freeze assets under US jurisdiction
Role of Government Agencies
June 2016 14
■ CCACU\2015\FFIEC-BSA Aconyms.pdf
BSA Abbreviations & Acronyms
June 2016 15
■ Appoint a BSA Compliance Officer
■ Review and approve Risk Assessments on an annual basis– Institution wide BSA/AML– Member BSA/AML– CIP/MIP– OFAC
Board of Director Duties
June 2016 16
■ Approve BSA Policy Annually
■ Acknowledge filing of SARs on a monthly basis
■ Receive annual training
■ Be aware of all other related compliance issues
Board of Directors Duties (continued)
June 2016 17
■ Designed to aid the federal government in detecting illegal activity by tracking certain cash-based transactions
■ Establishes specific record keeping and reporting requirements
■ Defines compliance requirements and standards
■ Imposes civil and criminal penalties for non-compliance. Can result in criminal proceedings against credit union and employee
BSA/AML Compliance
June 2016 18
■ Specific requirements of policy– BSA/AML risk assessment with periodic
updates– How to keep up with periodic updates to
regulatory requirements– Dual controls over filing and processing of
SARs, CTRs, and CTREs– Establish annual training program– When independent reviews of BSA compliance
will be completed (every 12 to 18 months)– Record retention requirement (5 years)
BSA/AML Compliance(continued)
June 2016 19
■ Enable CU to form reasonable belief that it knows true identity of member
■ Must include account procedures that specify the identifying information obtained
■ Include reasonable and practical risk-based procedures for verifying identity of member
■ Compare identity to government lists
Member Identification Program
June 2016 20
■ Risk assessment should include– Types of accounts offered– Methods for opening accounts– Types of identifying information available– Credit union size– Locations– Membership base– CIP training
Member Identification Program(continued)
June 2016 21
■ The cornerstone of a strong BSA/AML compliance program is comprehensive CDD policies, procedures, and processes for all members, particularly those that present a higher risk for money laundering and terrorist financing
■ The objective is to predict with relative certainty the types of transactions a member is likely to engage in
Member Due Diligence
June 2016 22
■ Policies, procedures, and processes can aid in– Detecting and reporting unusual or suspicious
transactions– Avoid criminal exposure from persons who use
or attempt to use CU products and services for elicit purposes
– Adhering to safe and sound practices
Member Due Diligence(continued)
June 2016 23
■ Should include guidelines that:– Are commensurate with the CU’s risk profile– Contain a clear statement of management’s overall
expectations and specific staff responsibilities– Ensure CU has enough information to implement
an effective suspicious monitoring system– Provide guidance for documenting analysis
associated with due diligence process– Ensure CU maintains current member information
Member Due Diligence(continued)
June 2016 24
■ SAR reporting forms the cornerstone of the BSA reporting system.
■ There should be procedures in place to ensure that suspicious financial transactions are reported on a SAR to FinCEN.
■ Key components– Identification or alert of unusual activity– Managing alerts– SAR decision making– SAR completion and filing– Monitoring and SAR filing on continuing activity
Suspicious Activity Reporting
June 2016 25
■ SARs required for– Criminal violations involving insider abuse in
any amount– Criminal violations aggregating $5,000 or
more when suspect can be identified– Criminal violations aggregating $25,000 or
more regardless of a potential suspect
Suspicious Activity Reporting(continued)
June 2016 26
■ SARs required for
– Transactions conducted or attempted, aggregating $5,000 or more, if it is suspected that■ Involvement in potential money laundering or other
illegal activity
■ Designed to evade BSA or its implementing regulations
■ Has no business purpose or is not the type of transaction the member would normally engage in, and there is no reasonable explanation
■ SARs required to be electronically filed within 30 days
– If no identified suspect, extended to 60 days
Suspicious Activity Reporting(continued)
June 2016 27
■ Whenever a non-exempt member deposits or withdraws currency in excess of $10,000 the credit union will submit a CTR, FinCEN Form 104, electronically by the 15th day following the date of the transaction
■ Multiple currency transactions totaling more than $10,000 are treated as one (aggregated)
Currency Transaction Reporting
June 2016 28
■ The CU may exempt a member from CTR reporting if certain criteria are met. No CTR will be filed for a transaction involving an exempt person acting within the scope of his/her/its exemption. The CU must exercise due diligence in ascertaining whether any member that requests an exemption is eligible.
■ The CU may elect not to grant CTREs. If so, the BSA/AML Policy should so state.
Currency Transaction Reporting Exemptions
June 2016 29
■ Phase I CTR exemptions– Financial institution (domestic operations)– Federal, state, or local government agency or
department– Any entity exercising governmental authority
within the US– Any entity whose common stock are listed on
NYSE, ASE, or NASDAQ– Any subsidiary of any “listed entity” at least
51% owned by listed entity
Currency Transaction Reporting Exemptions (continued)
June 2016 30
■ Phase II CTR exemptions– Entity has maintained transaction account at
CU for at least 2 months– Frequently engages in currency transactions in
excess of $10,000– Is incorporated or organized under US or State
law– Payroll customer
Currency Transaction Reporting Exemptions (continued)
June 2016 31
■ Ineligible for exemption
– Serving as a financial institution or agent of one– Purchasing or selling motor vehicles, vessels, aircraft,
farm equipment, or mobile homes– Practicing law, accounting, or medicine– Auctioning of goods– Chartering or operation of ships, buses, or aircraft– Operating a pawn brokerage– Engaging in gaming– Engaging in investment advisory or investment banking
services
Currency Transaction Reporting Exemptions (continued)
June 2016 32
■ Ineligible for exemption– Operating a real estate brokerage– Operating in title insurance activities and real
estate closings– Engaging in trade union activities– Engaging in any other activity specified by
FinCEN (marijuana-related businesses)
Currency Transaction Reporting Exemptions (continued)
June 2016 33
■ Must file Designation of Exempt Person (DOEP) one time within 30 days of transaction wishing to exempt
■ Review information at least once per year and document that review
Currency Transaction Reporting Exemptions (continued)
June 2016 34
■ The Patriot Act requires CU to provide information about specific accounts or transactions in response to requests from FinCEN
■ Search for– Current accounts– Accounts maintained in preceding 12 months– Transactions conducted outside of or on behalf
of account in preceding 6 months– Must search within 14 days– Requests generally every 2 weeks
Information Sharing – 314(a)
June 2016 35
■ Report to FinCEN if a match
■ No negative reporting
■ Cannot disclose request to any person, other than FinCEN, the regulator, or law enforcement agency on whose behalf FinCEN has requested
■ Must maintain adequate procedures to protect security and confidentiality of request
■ Maintain documentation of search
Information Sharing – 314(a)(continued)
June 2016 36
■ Encouraged to share with other financial institutions and associations of them
■ Protected from civil liability
■ Must notify FinCEN if going to participate– Effective for one year– Designate point of contact– Be sure other FI also has submitted required
notice– Maintain security and confidentiality of
information
Information Sharing – 314(b))
June 2016 37
■ Can only use info to – identify and report on money laundering and
terrorist activities– Determine whether to establish an account– Assist in BSA compliance– Can be used to determine whether to file a SAR– SAR info cannot be shared
Information Sharing – 314(b))
(continued)
June 2016 38
■ If CU purchases and/or sells monetary instruments, they are to track and record information when the currency portion of transaction or aggregation of transactions is between $3,000 and $10,000, inclusive.
– Monetary instruments are travelers checks, cashiers checks, money orders, bonds, etc.
■ Specific requirements– Must document name and account number, date,
type of instrument, serial numbers of instruments, and dollar amount of transaction
Purchase and Sale of Monetary Instruments
June 2016 39
■ Specific requirements– If non-member involved, must also include
address, social security number or alien ID number, date of birth, and date of purchase.
– If CU does not allow non-member transactions, policy should so state.
– A log should be maintained by each office unless reporting is centralized.
– BSA Compliance Officer should review logs monthly.
Purchase and Sale of Monetary Instruments (continued)
June 2016 40
■ Credit unions are required to comply with the recordkeeping requirements issued by the U.S. Treasury and the Board of Governors of the Federal Reserve System. This requires collection and retention of certain information for transactions of $3,000 or more.
■ Specific requirements– Dual controls over incoming and outgoing wires– OFAC verifications on all non-members, financial
institutions, and foreign countries– Logs should be kept and reviewed of wire activity
Funds (Wire) Transfers
June 2016 41
■ If originator, must obtain and retain– Name and address– Amount– Date– Payment instructions– Beneficiary’s institution– Name and address of beneficiary– Account number of beneficiary– Any other specific identifier of beneficiary
Funds (Wire) Transfers (continued)
June 2016 42
■ Applies to all financial institutions
■ Specific requirements– All new accounts should be scanned prior to
establishing the account– All current member accounts should be
scanned regularly – OFAC lists
■ SDN-Specially Designated Nationals■ Consolidated Non-SDN
– Software generally used for scans
Office of Foreign Assets Control
June 2016 43
■ Specific requirements– Any matches are not permitted to engage in
financial transactions in the U.S.– Sometimes there are false positives, which can
be resolved by calling OFAC Hotline.– Obligated to block or freeze funds if matches
and report to OFAC within 10 business days– Blocked account should be segregated into an
interest bearing account until delisted, rescinded or released by OFAC.
Office of Foreign Assets Control(continued)
June 2016 44
■ Specific requirements– In some cases there is no blockable interest in
transaction; if so it should be rejected.– All blocked transactions or property must be
reported within 10 business days and annually to OFAC (by Sep 30 as of Jun 30).
– Full and accurate records of each rejected transaction must be retained for 5 years
– Records of blocked property must be retained while blocked and five years after unblocked
Office of Foreign Assets Control(continued)
June 2016 45
■ Specific requirements– Credit unions should maintain an effective,
written OFAC program commensurate with risk profile
– This will help identify high risk areas, provide for appropriate internal controls, establish independent testing for compliance, designate an employee to be responsible, create a training program for employees and board of directors
Office of Foreign Assets Control(continued)
June 2016 46
■ Specific requirements– Risk assessment
■ Should be completed annually, reviewed and approved by Board
■ Should address all areas in which OFAC compliance is needed and how it is to be implemented
■ Once high risk areas are identified, appropriate policies, procedures and processes should be developed to address the risks
Office of Foreign Assets Control(continued)
June 2016 47
■ Specific requirements– Internal controls
■ If OFAC scan is after account is opened, procedures should be in place to prevent transactions until after it occurs
■ Account should be frozen until scanned■ Assign responsibility to update OFAC information and
how■ All parties to an ACH transaction are subject to OFAC
– For domestic ACH transactions, ODFI is responsible for verifying originator
– RDFI is responsible for verifying receiver– ODFIs are not responsible for unbatching; if they
do, they become responsible as though it had batched them originally
– All non-members need to be checked on IATs
Office of Foreign Assets Control(continued)
June 2016 48
■ Specific requirements– Independent testing
■ Required to have independent test of their program
■ Should be conducted by someone qualified and independent of the BSA and OFAC programs
– Responsible individual■ Should assign qualified individual to be
responsible for day-to-day compliance– Training
■ All employees and board of directors required to be trained annually
Office of Foreign Assets Control(continued)
June 2016 49
■ Specific requirements– Items requiring OFAC verification
■ On-us checks cashed for non-members■ Sales of stamps, amusement park tickets,
etc. to non-members■ Credit card cash advances to non-members■ Wire transfers for non-members■ Loans with non-member as co-signer or
owner of collateral■ ACH
Office of Foreign Assets Control(continued)
June 2016 50
■ Specific requirements– Items requiring OFAC verification
■ Payees of corporate drafts or money orders issued to non-members
■ New employees■ New members■ Joint owners■ Beneficiaries■ Powers of attorney■ Any non-member the CU does business with
Office of Foreign Assets Control(continued)
June 2016 51
■ Money laundering– 20 years in prison– Up to $500,000 fine– Property involved subject to forfeiture– Banks/CUs can lose charters– Employees can be removed/barred
Penalties & Fines
June 2016 52
■ Willful violations of BSA
– Fine up to $250,000– 5 years in prison– Or both
■ For pattern of criminal activity
– Fine up to $500,000– 10 years in prison– Or both
■ Institution violations
– Up to $1 million– Or twice value of transaction
■ Plus civil penalties
Penalties & Fines
June 2016 53
■ Significant BSA violations
■ November 25, 2014
■ North Dade Community Development FCU
■ $300,000 civil money penalty
■ $4 million in assets
■ 5 employees
■ Provided services to 56 MSBs outside of its FOM – Central America, Middle East, Mexico
■ Accounted for 90% of CU revenue
– Over $1 billion in outgoing wires– $984 million in remotely captured deposits
Credit Union Fines
June 2016 54
June 2016 55
Daniel J. Mahalak, CPA, CGMAPresident & Managing Partner
dmahalak@cm-co.com
My Contact Information…..
586.296.1155 ext 231877.998.CMCO Toll Free586.296.5325 Fax
31215 Jefferson Avenue, St. Clair Shores, MI 48082
www.cm-co.com info@cm-co.com
June 2016 56
Recommended