Your State Association Presents
BSA/AMLRecent Developments &
Common Errors Program Materials
Use this document to follow along with the live webinar
presentation. Please test your system before the broadcast.
Be sure to print enough copies for all listeners.
August 19, 2015 Presenter: Ken Golliher
Technical Support (for faster service please submit inquiries via email or online): (Registration & Tech Support): Email- [email protected], Phone- (877)988-7526 FOR ADDITIONAL ASSISTANCE PLEASE REFER TO OUR FAQs
Procedures for Submitting Additional Questions
After the program is over, you have until midnight to submitadditional questions to Ken via email
Send your questions to [email protected]
In approximately 3-5 working days (it depends on the number of questions), we will email you a copy of all the questions along with Ken’s answers
This information will also be posted on your Conference Edgeaccount
BSA-AML
Compliance Management
2015
THIS SEMINAR IS… SO…
Not offered as legal advice
Attendees should consult with legal counsel
for advice on specific fact situations.
THIS MANUAL IS… SO…
Copyrighted by Pegasus Educational
Services, LLC, March, 2015
No portion of it, other than any government
forms it contains, can be reproduced
without violating U.S. copyright laws.
Anyone reporting such infringement will be
compensated.
(Blank Page)
Pegasus Educational Services, LLC
Pegasus Seminars
Since 1996 Pegasus Educational Services, LLC, located in Louisville, Kentucky, has worked to provide bankers across the nation with quality programs, presentations and materials. Our goal is your success. The original founders, Laura Wilson and Ken Golliher each have worked for state bankers associations in several states and have a dedicated following of attendees in each of them. Those bankers know they are going to get the best, most current information available delivered in an easy to digest, even humorous fashion. Both prove that participating in a training session, even a compliance training session, does not have to be painful!
Today’s Presenter
Ken Golliher is a principal with Pegasus Educational Services, LLC, a training firm headquartered in Louisville, Kentucky. Prior to becoming a full time trainer, he was a community banker and then the General Counsel for a regional consulting firm for financial institutions. He has presented seminars and compliance schools in more than 25 states. He serves as an administrator for BSA/AML compliance schools sponsored by the Florida, Indiana, Iowa, Kentucky, Louisiana, Tennessee, Texas, Michigan, and Wisconsin bankers associations. Ken has also served as an instructor for both FDIC and OTS examiners at the agencies' residential schools.
Blank Page
TABLE OF CONTENTS
Seminar Description and Purpose
1
Bank Regulatory Agency Role
7
Currency Transaction Reporting
10
FinCEN Currency Transaction Report 11
Exemptions from Currency Transaction Reporting
22
Designation of Exempt Person 24
CTR Backfiling 42
Currency Transaction Report Backfiling of Amendments
Checklist Form (No number)
43
Record Retention
44
Information Sharing 56
Suspicious Activity Reporting 62
FinCEN Suspicious Activity Report 63
NBFIs & MSBs 77
Anti – Money Laundering 81
.Anti – Money Laundering (CIP)
Anti – Money Laundering (Due Diligence)
87
Anti – Money Laundering (Enhanced Due Diligence)
98
Risk Rating Customers
108
Pegasus Educational Services, LLC 1
Seminar Description and Purpose
Introduction
This seminar teaches the bank related reporting, recordkeeping
and program requirements of the Currency and Foreign
Transactions Reporting Act of 1970. This federal statute is a
bank secrecy act, a generic term applied to banking laws in
many countries. Generally, these are laws that deal with
financial privacy issues. However, in the United States, the
generic term is generally used as the proper name, “the Bank
Secrecy Act” (BSA) and that is how it will be described
hereafter.
The BSA’s goal is not secrecy, but financial intelligence.
This program also reviews a bank’s responsibilities for
establishing an anti-money-laundering (AML) program. This
program is a combination of its:
customer identification program,
customer due diligence, and
enhanced customer due diligence.
What constitutes an appropriate AML program varies from
bank to bank and is ascertained through a periodic risk
assessment.
The Bank
Secrecy Act, as
amended
The BSA has been amended several times since its passage in
1970. Among the amending acts were the:
Money Laundering Control Act of 1986,
Annunzio-Wiley Act of 1992,
Money Laundering Suppression Act of 1994, and
USA PATRIOT Act of 2001.
These laws amended BSA, they did not take on a life of their
own. For example, adoption of Customer Identification
Programs or registering to share information with other banks is
for the purpose of complying with BSA, not the USA
PATRIOT Act – the original source of the concepts.
Pegasus Educational Services, LLC 2
Seminar Description and Purpose
Purpose
This program’s purpose is to explain the key compliance
requirements of a bank’s BSA/AML program so they can be
integrated into daily operations.
Goals
Upon completion of this course, attendees are able to:
explain BSA’s law enforcement purposes,
recognize circumstances which require filing a Currency
Transaction Report (CTR),
administer exemptions from CTR filing ,
understand BSA’s general and specific record retention
requirements,
develop or evaluate a BSA compliance program appropriate
for their institution,
realize how an AML program is a necessary adjunct to a
BSA compliance program,
develop an appropriate AML program,
understand that AML/BSA compliance is the feeder system
for suspicious activity reporting, and
recognize circumstances which require filing a Suspicious
Activity Report (SAR).
Performance
Objectives
During this seminar, you will achieve the seminar goals by;
listening to the discussion,
participating in the discussion and
implementing what you learn when you return to work.
Primary
Audience
This program is designed for financial institution personnel
responsible for administering or evaluating a BSA/AML
compliance program. Information is presented at the basic and
intermediate levels.
Pegasus Educational Services, LLC 3
Seminar Description and Purpose
BSA
Enforcement
Administration
Congress delegated authority to write implementing regulations
and administrative opinions for BSA to the Department of the
Treasury. That power now belongs to the Financial Crimes
Enforcement Network (FinCEN) a bureau within the
department of the Treasury.
FinCEN has delegated authority to examine for BSA/AML
compliance to the federal functional bank regulatory agencies:
Office of the Comptroller of Currency,
Board of Governors of the Federal Reserve System,
National Credit Union Administration, and
Federal Deposit Insurance Corporation.
FinCEN has also entered into memorandums of understanding
with state chartering authorities to cover BSA/AML
compliance in their on-site examinations.
Internet
Resources
The FinCEN website is the jumping off point for any serious
BSA/AML Research: http://www.fincen.gov/.
Another resource is the "FFIEC InfoBase"
http://www.ffiec.gov/bsa_aml_infobase/default.htm
developed by the FFIEC’s Task Force on Examiner Education
to provide field examiners with an electronic source for training
and distributing needed examination information
Note that the “Red Flags” section on the FFIEC web site
contains helpful examples for training several employee
groups.
Pegasus Educational Services, LLC 4
Seminar Description and Purpose
FFIEC
BSA/AML
Examination
Manual
Because BSA is largely a safety and soundness topic, the
examination procedures often include many things not mentioned
in the regulations; i.e. failure to adhere to major philosophies in
the examination procedures may be adjudged to be an “unsafe and
unsound” banking practice. A link to the FFIEC BSA/AML
Examination Manual (the Examination Manual) is found by
clicking “Statutes & Regulations” on the banner of the FinCEN
web site.
The Examination Manual is a compilation of existing regulatory
requirements, supervisory guidance, and sound practices.
Updates do not set new standards. Generally, they simply
incorporate developments which have been published elsewhere
since the previous edition.
The Examination Manual was last updated in the last quarter of
2014. The table of contents draws attention to areas of change
and/or heightened emphasis by noting the year next to the topic:
Pegasus Educational Services, LLC 5
Seminar Description and Purpose
Interpretive
Regulations
Like most federal banking laws, BSA is interpreted by
regulations. The regulations are written by FinCEN. Effective
March 1, 2011, the regulations were renumbered as 31 CFR
Chapter X. If you are reviewing an older resource that cites the
original regulation, there is a citation translator at
http://www.fincen.gov/statutes_regs/ChapterX/
Note: Appendix A to the Examination Manual contains a very
helpful list of relevant regulations.
BSA Related
E-Mail Services
(Free)
Several agencies will send official announcements or
notifications of changes to their web sites to subscribers:
Federal Deposit Insurance Corporation
http://www.fdic.gov/about/subscriptions/index.html
Federal Reserve Board of Governors
http://www.federalreserve.gov/newsevents/subscribe.htm
Financial Crimes Enforcement Agency (FinCEN) Updates
http://service.govdelivery.com/service/multi_subscribe.html?co
de=USFINCEN
Office of the Comptroller of Currency (OCC):
http://www.occ.treas.gov/listserv.htm
Office of Foreign Assets Control
http://www.ustreas.gov/ofac/
U.S. Immigration and Customs Enforcement (ICE)
http://www.ice.gov/
Pegasus Educational Services, LLC 6
Seminar Description and Purpose
FinCEN
Resource
Center
Financial institutions are encouraged to seek assistance from the
FinCEN Resource Center:
Phone: 800.767.2825
E-mail: [email protected]
Hours: 8:00 AM to 6:00 PM EST
Previously published numbers for FinCEN’s “Helpline” and “Help
Desk” now roll over to this number which offers a more elaborate
“decision tree.”
Pegasus Educational Services, LLC 7
Bank Regulatory Agency Role
Overview
Federal functional (bank) regulatory agencies are charged with
conducting on-site BSA examinations to verify regulatory
compliance. They have the authority to impose enforcement
actions for noncompliance. Bank regulatory agencies report
all violations found to the Department of Treasury, generally
as statistics. Major violations are referred in the name of the
bank involved.
BSA Policy
Requirements
Each bank regulatory agency issued regulations requiring the
institutions they supervise to have a BSA compliance program.
Each requires supervised institutions to have a written policy
providing for:
internal controls,
independent testing,
an individual responsible for compliance, and
training for appropriate personnel.
The program regulations also require the existence of a
Customer Identification Program. While the language of the
various “program regulations” is identical, each agency cites
violations of its own regulation:
If the supervisory agency is
the...
Then its BSA program
regulation is found at...
Federal Deposit Insurance
Corporation
12 CFR 326.8
Federal Reserve Board of
Governors
12 CFR 208.63
National Credit Union
Administration
12 CFR 748.2
Office of the Comptroller of
Currency
12 CRF 21.21
Pegasus Educational Services, LLC 8
Bank Regulatory Agency Role
On-site
Examinations
Both the Department of the Treasury and the federal functional
regulatory agencies have the power to examine banks for BSA
compliance. State banking departments, at FinCEN’ s request,
also include BSA compliance in their on- site examination
profiles. Generally, the regulatory agencies consider BSA to be
a “safety and soundness” rather than a “compliance” issue. As
such, the results of a BSA examination can affect the bank’s
CAMELS rating. That rating reflects the agency’s overall
evaluation of the institution.
A poor BSA compliance program impacts “M” or “management
ability” component of CAMELS. A poor CAMELS rating (3 -
5) affects the processing of the bank’s applications for branches
and additional powers. It also reduces the interval between
examinations.
Note: Regulatory agencies must report all BSA violations to
FinCEN in statistical communications. Serious compliance
issues which might merit specific attention are brought directly
to FinCEN’ s attention.
Regulatory
Actions
Regulatory agencies have a variety of actions they can take
when they discover BSA violations:
criticism in the written report of examination with attendant
impact on CAMELS rating,
memorandum of understanding,
consent decree
civil money penalties and
referral to Treasury.
Under the terms of 12 USC 1818(s)(2), all violations identified
must be cited in the written report of examination. Also,
according to the statute, being cited for a repeat violation
automatically generates a cease and desist order. There is
Interagency Guidance that describes these provisions more
specifically in Appendix R of the BSA/AML Examination
Manual.
Pegasus Educational Services, LLC 9
Bank Regulatory Agency Role
BSA Related
Enforcement
Actions by
Functional
Regulatory
Agencies
Each federal functional regulatory agency publishes formal
enforcement actions on its website. All have search capabilities.
Federal Deposit Insurance Corporation
http://www.fdic.gov/bank/individual/enforcement/index.html#search
form
Federal Reserve Board of Governors
http://www.federalreserve.gov/apps/enforcementactions/search.aspx
Office of the Comptroller of Currency
http://apps.occ.gov/EnforcementActions/
Note: There is much to be learned in reviewing enforcement actions
against other financial institutions. They can also be valuable
training tools for certain audiences; e.g. management, including the
board of directors.
Promoting a
Culture of
Compliance
FinCEN Advisory 2014-A007 stresses “… the importance of a
strong culture of BSA/AML compliance for senior management,
leadership and owners of all financial institutions subject to
FinCEN’s regulations regardless of size or industry sector.”
The author suggests this advisory be incorporated into training for
management, including the board of directors.
Pegasus Educational Services, LLC 10
Currency Transaction Reporting
Overview
All businesses - not just banks - are required to report currency
transactions exceeding $10,000. The purpose of the reporting
is to identify unusual flows of currency that may be emblematic
of illegal activity. More than 13 million (down from 15
million) currency transaction reports are filed annually.
Data Entry
Devices
The reports and the types of transactions that are reportable
vary depending on the entity with the reporting responsibility.
If the filer is a ... then the currency
transaction is reported on
the…
depository institution FinCEN CTR
casino, MSB, brokerage firm FinCEN CTR
other business
FinCEN Form 8300 (Report of
Cash Payments Over $10,000
Received in a Trade or
Business)
Note: Anyone shipping or carrying more than $10,000 in
currency into or out of the United States must report on
FinCEN Form 105 (formerly Customs Form 4790), Report of
International Transportation of Currency or Monetary
Instruments (CMIR). Banks do not normally file CMIRs.
CTR FAQ
In May, 2013 FinCEN published a “Frequently Asked
Questions” document that is invaluable in the completion of the
FinCEN CTR:
http://www.fincen.gov/whatsnew/html/ctr_faqs.html
Pegasus Educational Services, LLC 11
Currency Transaction Reporting
Pegasus Educational Services, LLC 12
Currency Transaction Reporting
Pegasus Educational Services, LLC 13
Currency Transaction Reporting
Pegasus Educational Services, LLC 14
Currency Transaction Reporting
Pegasus Educational Services, LLC 15
Currency Transaction Reporting
When
Reporting is
Required
A currency transaction exceeding $10,000 is reportable. The
currency need not be U.S. dollars, but can be any foreign coin
or currency in an amount that, when converted, exceeds
$10,000. Reportable transactions include:
deposits,
withdrawals,
exchanges, or
other payments or transfers.
Example 1 Matthew makes a $14,000 loan payment in cash.
A CTR must be filed. The transaction falls under the heading
of an “other payment or transfer.”
Example 2 Mark deposits 6 cashier’s checks totaling $41,000.
No CTR filing is needed. There is no cash component to this
transaction.
Aggregating
Transactions
Some currency transactions must be aggregated in determining
whether a CTR filing is required.
Multiple transactions must
be treated as a single
transaction if...
and...
multiple currency transactions
by or on behalf of the same
person exceed $10,000 in any
business day
the bank, or one of its
employees, has knowledge of
them.
Note: FIN-2012-G001 made it clearer that cash transactions for
commonly owned but separately operated entities are not
subject to aggregation.
http://www.fincen.gov/statutes_regs/guidance/pdf/FIN-2012-
G001.pdf
Pegasus Educational Services, LLC 16
Currency Transaction Reporting
Aggregating
Transactions
The factors which determine whether transactions should be
aggregated deserve serious attention:
A “person” may be an individual or an entity.
The “bank” is all its offices considered together
Example 3 Two AmCorp. employees make $6,000 currency
deposits to the company’s account during the same business
day. The deposits are made at different branches.
As both deposits are on behalf of the same “person” and made
at the same “bank,” they are subject to aggregation.
A “business day” is whatever a bank normally
communicates to its depositary customers regarding the
routine positing of a transaction.
Example 4 Anywhere Federal has a properly disclosed 2:00
p.m. cut off; i.e. deposits received after then are posted on the
next day’s business. Michele made an $1,100 currency deposit
to her personal account at 11:30 a.m. At 3:00 p.m. the same
day, she makes a deposit for her employer which included
$9,600 in currency.
No CTR is required. The transactions took place on different
business days.
Only “like” transactions, in terms of cash entries, are subject
to aggregation.
Example 5 Diane purchases a $6,000 cashiers check with
currency and, later that same business day, deposits $7,500 in
currency to a friend’s account.
The cash side of each transaction is represented by a debit to
cash or a cash-in. The transactions are subject to aggregation.
Pegasus Educational Services, LLC 17
Currency Transaction Reporting
Aggregating
Transactions,
continued
A bank “knows” about multiple transactions when a bank
employee or a bank system is aware of them.
Example 6 The same teller sells the official check and accepts
the deposit in Example 5.
Since one person knows about both transactions, a CTR is
required.
Example 7 Anywhere N.A. has a computer system that
aggregates cash-ins and outs affecting the same deposit account.
Arthur deposits $4,000 in cash to his account. Later that same
day, his wife makes a $8,100 cash deposit to the same account.
The computer system will find the two cash-ins. A CTR is
required.
Systems for
Aggregating
Transactions
If a bank has a system that allows it to aggregate multiple
transactions, it is required to use it properly. However, there is
no legal requirement that a bank have a system. Treasury
contemplated such a rule many years ago, but ultimately
withdrew the notice of proposed rulemaking. However,
aggregation systems are an item of “examiner preference” and
have become a practical necessity. Lack of such an internal
control could automatically generate a criticism of the
independent review’s inability to verify that large transactions
are identified and reported.
CTR
Addresses
The permanent street address, including zip code is required. A
P.O. box should not be used and may not be used unless there is
no street address.
Pegasus Educational Services, LLC 18
Currency Transaction Reporting
CTR
Identification
All individuals (except employees of an armored car service
operating as an agent of the reporting financial institution)
conducting reportable transactions for themselves or for another
person, must be identified by means of an official document.
Acceptable
identification is...
and.. Examples are...
a document or
documents which
contain a name and
preferably an
address and a
photograph
which are normally
acceptable by
financial
institutions as a
means of
identification when
cashing checks for
persons other than
established
customers.
driver’s license,
military and
military
dependent I.D.
cards,
passport,
state issued I.D.
card,
foreign cedula
card and
nonresident
alien
identification
cards.
Note: Acceptable identification obtained previously and
recorded in the financial institution’s records may be used to
complete the report.
Note: In the absence of acceptable identification, banks should
decline the transaction.
Note: There are identification requirements for entities as well;
e.g. the person on whose behalf the transaction was conducted
might be an entity rather than an individual. For it,
identification could include such things as an entity’s business
license or incorporation documents, etc.
Pegasus Educational Services, LLC 19
Currency Transaction Reporting
NAICS Codes
Enter the North American Industry Classification System (NAICS)
code for the occupation or type of business. Acceptable codes are
those found on a “drop down” list when the appropriate field is
clicked. The complete list of codes available is found here:
http://bsaefiling.fincen.treas.gov/docs/2007NAICS.pdf
Note: The codes listed on the reports’ “drop down” lists are a small
fraction of those currently available. See: http://www.naics.com/
Note: This is not a “critical” field. Also, per the instructions, a filer
may elect to describe the occupation or type of business instead of
using the NAICS code.
CTR
Occupation or
Type of
Business
The person’s profession, occupation or business should be
specifically identified. For example:
Examples of specific
occupations or types of business
are...
Examples of non-
specific occupations are...
doctor,
carpenter,
attorney,
truck driver,
plumber.
used car
dealership,
hardware
store.
businessman,
merchant,
retailer,
retired, or
self-employed.
Note: “If words like self-employed, unemployed, or retired are
used, add the current or former profession if known (e.g. self-
employed building contractor, retired teacher, or unemployed
carpenter).”
Pegasus Educational Services, LLC 20
Currency Transaction Reporting
Armored Cars
FinCEN revised its position on CTR completion in connection with
armored cars with the issuance of FIN-2013-R001 in July 2013.
http://www.fincen.gov/news_room/rp/rulings/html/FIN-2013-
R001.html
CTR Filing
Timeframe
FinCEN CTR must be filed by the 15th calendar day after the day
of the transaction.
CTR
Instructions
The instructions for the FinCEN CTR (Rev. March, 2015) are
found at:
http://sdtmut.fincen.treas.gov/docs/FinCENCTRElectronicFilingRe
quirements.pdf
Note: Compare the number of the current version of the
instructions (1.5) to the current version of the report a few pages
before.
Pegasus Educational Services, LLC 21
Currency Transaction Reporting
Customer
Guidance on CTR
Filing
FinCEN publishes an English/Spanish pamphlet which can be used to
explain CTR filing and the evasion of CTR filing to customers.
http://www.fincen.gov/whatsnew/pdf/CTRPamphlet.pdf
Pegasus Educational Services, LLC 22
Exemptions from Currency Transaction Reporting
Overview
The purpose of identifying a customer as an “exempt person” is
to allow the financial institution to discontinue the filing of
CTRs on that customer. In turn, that reduces Treasury’s receipt
of CTRs that serve no law enforcement purpose. Banks
choosing to use the exemption process should focus on
documenting every required element; i.e. files supporting
exemptions should speak for themselves.
Mandatory vs.
Discretionary
Exemptions
Although the statute describes some exemptions as
“mandatory,” the terminology is not applicable to the
depository’s institution’s use of the exemption process. With
the exception of banks and government entities which are
automatically exempt from currency transaction reporting, use
of the exemption process is a compliance management
decision; i.e. it is voluntary.
Enhanced
Compliance
Risk
Exemptions eliminate some work on the part of the financial
institution by decreasing the number of required CTR filings.
On the other hand, they increase the institution’s compliance
risk by adding an additional compliance element for regulatory
personnel to critique. Many institutions place greater emphasis
on the second point.
FinCEN
Guidance on
Revisions
Updated FinCEN guidance on the exemption process is found
in FIN-2012-G003:
http://www.fincen.gov/statutes_regs/guidance/pdf/FIN-2012-
G003.pdf
Pegasus Educational Services, LLC 23
Exemptions from Currency Transaction Reporting
Filing
Designation of
Exempt Person
Report
Banks need the DOEP report (See next page) to recognize
some customers as exempt persons.
Note: Banks and government entities are automatically exempt
persons; it is not necessary for banks to file a DOEP report on a
bank or government entity. Banks and government entities are
simply not subject to CTR filing.
Filing is
Retroactive
The DOEP report must be filed within 30 days of the first
reportable transaction that the bank is seeking to exempt.
DOEP
Instructions
The instructions for the FinCEN DOEP (Rev. October 2012)
are found at:
http://sdtmut.fincen.treas.gov/news/FinCENDOEPElectronicFil
ingRequirements.pdf
For questions regarding completion of the discrete report, see
attachment C to those instructions.
Pegasus Educational Services, LLC 24
Exemptions from Currency Transaction Reporting
Pegasus Educational Services, LLC 25
Exemptions from Currency Transaction Reporting
Pegasus Educational Services, LLC 26
Exemptions from Currency Transaction Reporting
Pegasus Educational Services, LLC 27
Exemptions from Currency Transaction Reporting
Exempt Person,
as Defined in
Phase I –
Banks,
Government
Entities and
Publicly
Traded
Companies
Listed on a
Major
Exchange
(2) Exempt person. For purposes of this section, an exempt person
is:
(i) A bank, to the extent of such bank's domestic operations;
(ii) A department or agency of the United States, of any State, or
of any political subdivision of any State;
(iii) Any entity established under the laws of the United States, of
any State, or of any political subdivision of any State, or under an
interstate compact between two or more States, that exercises
governmental authority on behalf of the United States or any such
State or political subdivision;
(iv) Any entity, other than a bank, whose common stock or
analogous equity interests are listed on the New York Stock
Exchange or the American Stock Exchange or whose common stock
or analogous equity interests have been designated as a NASDAQ
National Market Security listed on the NASDAQ Stock Market
(except stock or interests listed under the separate “NASDAQ
Capital Markets Companies” heading), provided that, for purposes
of this paragraph (d)(2)(iv), a person that is a financial institution,
other than a bank, is an exempt person only to the extent of its
domestic operations;
(v) Any subsidiary, other than a bank, of any entity described in
paragraph (d)(2)(iv) of this section (a ``listed entity'') that is
organized under the laws of the United States or of any State and at
least 51 percent of whose common stock or analogous equity interest
is owned by the listed entity, provided that, for purposes of this
paragraph (d)(2)(v), a person that is a financial institution, other
than a bank, is an exempt person only to the extent of its domestic
operations;
Pegasus Educational Services, LLC 28
Exemptions from Currency Transaction Reporting
Non Filing on
Phase I Exempt
Persons –
Government
Entities
Example 8: The Travis County Sheriff’s Department opens a
transaction account. Because it is a government entity, it is not
necessary for the bank to impose its CIP program.
Example 9: The Travis County Sheriff’s Department has an
otherwise reportable cash transaction. Because it is a government
entity, it is not necessary for the bank to file a CTR or a DOEP.
Documenting
Phase I status –
Government
Entities
(5)(ii) Governmental departments and agencies. A bank may
treat a person as a governmental department, agency, or entity if
the name of such person reasonably indicates that it is described
in paragraph (d)(2)(ii) or (d)(2)(iii) of this section, or if such
person is known generally in the community to be a State, the
District of Columbia, a tribal government, a Territory or Insular
Possession of the United States, or a political subdivision or a
wholly- owned agency or instrumentality of any of the foregoing.
An entity generally exercises governmental authority on behalf of
the United States, a State, or a political subdivision, for purposes
of paragraph (d)(2)(iii) of this section, only if its authorities
include one or more of the powers to tax, to exercise the authority
of eminent domain, or to exercise police powers with respect to
matters within its jurisdiction.
Example 10 In its list of exempt persons the bank notes:
Marion County School District (Name indicates it is a
government entity and it has the power to tax)
Regional Office, Federal Bureau of Investigation (Name
indicates it is a government entity)
Five Counties Mental Health Services (Service compact
acting as a joint instrumentality of Jefferson, Oldham,
Shelby, Spencer and Bullitt counties)
SEATAC Regional Airport Authority (Holds the power of
eminent domain)
Pegasus Educational Services, LLC 29
Exemptions from Currency Transaction Reporting
Non Filing on
Phase I Exempt
Persons –
Banks
Example 11: A respondent bank opens an account with the
Omega National Bank. Because the respondent is a bank, it is
not necessary for Omega National to impose its CIP program.
Example 12: The respondent bank ships cash in a reportable
amount to the Omega National Bank. Because the respondent
is a bank, it is not necessary for either bank to file a CTR or a
DOEP.
Documenting
Phase I Status -
Banks
Banks (that includes thrifts and credit unions) can be most
easily identified through the web sites of the entities that insure
them:
From the FDIC web site:
From the NCUSIF web site:
Note: If you found these pages on the insurers’’ web sites and
printed them rather than taking screen shots, your browser
should print the date across the bottom of the page indicating
the date of your research.
Pegasus Educational Services, LLC 30
Exemptions from Currency Transaction Reporting
Filing on Phase
I Exempt
Persons –
Listed Publicly
Traded
Companies
Example 13: McDonalds Inc. is a NYSE traded company that
operates a chain of fast food stores across the U.S. It opens a
transaction account with Anystate Bank. Because it is a listed
entity, it is not necessary for the bank to impose its CIP
program. However, Anystate Bank must either file a CTR or a
DOEP if McDonalds Inc. conducts a reportable transaction.
Documenting
Phase I Status –
Publicly
Traded
Companies
Listed on a
Major
Exchange
Proper documentation can come from an approved list of
sources:
(iii) Stock exchange listings. In determining whether a person is
described in paragraph (d)(2)(iv) of this section, a bank may
rely on any New York, American, or NASDAQ Stock Market
listing published in a newspaper of general circulation, on any
commonly accepted or published stock symbol guide, on any
information contained in the Securities and Exchange
Commission “EDGAR” System, or on any information
contained on an Internet site or sites maintained by the New
York Stock Exchange, the American Stock Exchange, or the
NASDAQ.
For example, the NYSE web site:
Pegasus Educational Services, LLC 31
Exemptions from Currency Transaction Reporting
Filing on Phase
I Exempt
Persons –
Subsidiaries
Example 14: Taco Bell is a subsidiary of a NYSE traded
company, Yum Brands. Taco Bell opens a transaction account
with Anystate Bank. Because it is only a subsidiary of a listed
company, it is necessary for the bank to impose its CIP program.
In addition, Anystate Bank must either file a CTR or a DOEP if
Taco Bell conducts a reportable transaction.
Documenting
Phase I status –
Subsidiaries of
Publicly
Traded
Companies
Listed on a
Major
Exchange
Subsidiaries of publicly traded companies listed on a major
exchange may be identified by:
any reasonably authenticated corporate officer’s certificate,
any reasonably authenticated photocopy of Internal Revenue
Service Form 851 (affiliation schedule) or
an annual report or 10-K filed with the Securities and
Exchange Commission.
From the SEC web site and YUM Brands Form 10K, Exhibit
21.1, Taco Bell is a subsidiary:
Company
Owned
Businesses vs.
Franchises
Many publicly owned companies listed on a major exchange use a
system of franchisees to deliver their products and services. The
documentation used to open a bank account should indicate
whether the bank’s relationship is with a franchisee or the
company. For example, an account opening resolution from
KWG Enterprises, LLC dba McDonalds #1542 indicates the
customer is KWG Enterprises, LLC, not McDonalds Inc.
Pegasus Educational Services, LLC 32
Exemptions from Currency Transaction Reporting
Exempt Person,
as Defined in
Phase II – Non
Listed
Businesses and
Payroll
Customers
This type of exemption was created second and was thereafter
referred to as “Phase II.”
(2) Exempt person. For purposes of this section, an exempt person
is:
[i – v omitted here]
(vi) To the extent of its domestic operations and only with
respect to transactions conducted through its exemptible accounts,
any other commercial enterprise (for purposes of this paragraph (d),
a “non-listed business”), other than an enterprise specified in
paragraph (d)(5)(viii) of this section, that:
(A) Maintains a transaction account, as defined in paragraph
(d)(5)(ix) of this section, at the bank for at least two months, except
as provided in paragraph (d)(3)(ii)(B) of this section;
(B) Frequently engages in transactions in currency with the bank
in excess of $10,000; and
(C) Is incorporated or organized under the laws of the United
States or a State, or is registered as and eligible to do business within
the United States or a State; or
(vii) With respect solely to withdrawals for payroll purposes from
existing exemptible accounts, any other person (for purposes of this
paragraph (d), a ``payroll customer'') that:
(A) Maintains a transaction account, as defined in paragraph
(d)(5)(ix) of this section, at the bank for at least two months, except
as provided in paragraph (d)(3)(ii)(B) of this section;
(B) Operates a firm that regularly withdraws more than $10,000
in order to pay its United States employees in currency; and
(C) Is incorporated or organized under the laws of the United
States or a State, or is registered as and eligible to do business within
the United States or a State.
Two Options:
Length of
Relationship or
Risk
Assessment
In addition to having conducted at least five or more reportable
cash transactions within a year:
the customer must have maintained a transaction account
for two months, or
the depository institution may conduct a risk based
analysis of the customer’s need for large currency
transactions.
Pegasus Educational Services, LLC 33
Exemptions from Currency Transaction Reporting
Option A:
Considering the
Length of the
Relationship as
Requirement
for Exemption
Example 15: Alpha Corp. is a publicly traded company, but it is
not listed on a major exchange. It moves its business to Anystate
Federal. Alpha Corp was properly designated as an exempt
person at its previous institution and asks if it will be treated the
same way at Anystate Federal.
As soon as Alpha Corp. has five or more reportable transactions
and has maintained a transaction account with Anystate for at
least two months, Anystate Federal can file a DOEP report on
Alpha Corp.
Documenting
the Length of
the
Relationship
Remember, “the file speaks for itself.” Examples of
documentation that would show how long the customer’s
transaction account has been open could include a copy of a:
signature card showing the date the account was opened,
or
the first page of bank statement that is more than 60 days
old, or
print out from a customer information file that shows the
date the transaction account was opened.
Option B:
Conducting a
Risk
Assessment
Instead of waiting two months before recognizing a Phase II
customer as an exempt person, the regulation allows a bank to
perform a customer risk assessment.
(B) Notwithstanding subparagraphs (d)(2)(vi)(A) and (d)(2)(vii)(A) of
this section, and if the requirements under this paragraph (d) of this
section are otherwise satisfied, a bank may designate a non-listed
business or a payroll customer, as described in paragraphs (d)(2)(vi)
and (vii) of this section, as an exempt person before the customer has
maintained a transaction account at the bank for at least two months
if the bank conducts and documents a risk-based assessment of the
customer and forms a reasonable belief that the customer has a
legitimate business purpose for conducting frequent transactions in
currency.
Pegasus Educational Services, LLC 34
Exemptions from Currency Transaction Reporting
Using a Risk
Assessment as
Requirement
for Exemption
Example 16: Anystate Federal convinces Alpha Corp, a closely
held corporation that operates 10 convenience stores in Anystate to
transfer all its business to them. Alpha Corp. was properly
designated as an exempt person at its previous institution and asks
if it will be treated the same way at Anystate Federal.
As soon as Alpha Corp. has five or more reportable transactions,
Anystate Federal can conduct a risk assessment on Alpha, Corp. to
determine whether it has a legitimate business purpose in
conducting frequent currency transactions.
Documenting
the Risk
Assessment
The regulation allows a risk based analysis in deciding whether to
treat the customer as an exempt person. The supplementary
information accompanying the final regulation indicates the risk
based approach should consider:
the length of the bank’s current relationship with the
customer,
the length of any past relationship with the customer,
certain specific characteristics of the customer’s business
model that may be pertinent,
the types of business in which the customer engages and,
where the business is operating.
Again, the file speaks for itself. It should be apparent what criteria
the bank used in choosing to evaluate the customer’s risk level for
exemption; the risk based analysis must be in writing.
Note: The author suggests that a bank using this method impose
and enforce a requirement that an existing business provide
evidence of a history of large currency transactions; e.g. prior bank
statements would be supportive.
Example 17: Long term customer Gamma Corp. reestablishes its
relationship with Anystate Bank, N.A. after transferring all of its
business to another institution for two months. Within the next 30
days it has 5 reportable transactions. The bank can use the risk
assessment method rather than waiting for 2 months.
Pegasus Educational Services, LLC 35
Exemptions from Currency Transaction Reporting
Enhanced
Compliance
Risk
Use of the risk assessment rather than relying on a two month
relationship is a compliance management decision; i.e. it is not
required. There is no official guidance beyond that mentioned
above on what an acceptable risk assessment might entail.
Accordingly, any analysis offered by a bank using this method will
be subject to an unpredictable variety of interpretations by
regulatory field examiners. A regulatory conclusion that a risk
assessment was inadequate would have significant consequences.
Frequency of
Large
Currency
Transactions
“Frequently” was interpreted in supplementary information
accompanying the revised regulation as 5 reportable transactions
per year; i.e. within any period of 12 consecutive months.
Note: Exemption applies to the person or customer, not the
customer’s individual accounts. If all of the customer’s accounts
are included in the review then all of the customer’s transactions in
connection with those accounts are covered by the exemption.
Documenting
Transaction
Frequency
Remember, “the file speaks for itself.” Examples of documentation
that would show that the customer has had at least 5 reportable
transactions in the last 12 months could include:
copies of CTRs filed,
a print-out from the financial institution’s computer system
showing the reportable currency transactions in the
designated time frame, or
a manually compiled list of reportable transactions supported
by copies of the actual documents; e.g. checks or deposit
slips.
Note: Documentation does not have to include evidence of the
actual number of large transactions in the last 12 months, only 5 of
them.
Pegasus Educational Services, LLC 36
Exemptions from Currency Transaction Reporting
Evidence of
U.S. Existence
Again, the file speaks for itself. The non-listed business must be
incorporated or organized under the laws of the United States or
authorized to do business in the United states. The form of
business organization determines what documentation is
appropriate.
Documenting
Existence
The customer’s existence should have been documented as a
function of the bank’s CIP. On the other hand, the requirement for
an annual review of all Phase II exempt persons indicates the
customer’s continuing existence is an issue. Standard techniques
used in opening new accounts should be used to verify existence.
For “creatures of statute,” verification of existence can generally be
obtained from the Secretary of State’s web site. For example:
For more “casual” business organizations such as general
partnerships and sole proprietorships, banks generally rely on any
evidence of government recognition available. For example:
state tax certificate,
fictitious name registration or occupational license (if
applicable),
city or county occupational license, or
state or local license.
Pegasus Educational Services, LLC 37
Exemptions from Currency Transaction Reporting
Documenting
Payroll
Withdrawals
The customer must actually pay its employees in cash, not just
cash their checks.
Note: Withdrawals should be on an understandable frequency and
reflect a breakdown of denominations consistent with paying
wages to individuals. The author suggests that use of the payroll
exemption may be inconsistent with a well thought out anti-
money laundering program.
Ineligible
Businesses
Some businesses are not eligible for treatment as a non-listed
business:
(viii) Ineligible businesses. A business engaged primarily in one
or more of the following activities may not be treated as a non-listed
business for purposes of this paragraph (d): serving as financial
institutions or agents of financial institutions of any type; purchase
or sale to customers of motor vehicles of any kind, vessels, aircraft,
farm equipment or mobile homes; the practice of law, accountancy, or
medicine; auctioning of goods; chartering or operation of ships, buses,
or aircraft; gaming of any kind (other than licensed parimutuel betting
at race tracks); investment advisory services or investment banking
services; real estate brokerage; pawn brokerage; title insurance and
real estate closing; trade union activities; and any other activities that
may be specified by FinCEN. A business that engages in multiple
business activities may be treated as a non-listed business so long as
no more than 50% of its gross revenues is derived from one or more of
the ineligible business activities listed in this paragraph (d)(6)(viii).
Note: FinCEN has added marijuana related businesses to this list.
Gross Revenues
FinCEN ruling 2002-1 explains that the term “gross revenue” in
the CTR exemption regulations is intended to encompass the
amount of money that a business actually earns from a particular
activity, not the sales volume of such activity. For example, to
evaluate the eligibility of a convenience store that sells lottery
tickets, the bank would have to know how much income the store
made on those sales, not the value of all the tickets it sold.
Pegasus Educational Services, LLC 38
Exemptions from Currency Transaction Reporting
Documenting
Gross Revenues
FinCEN regulations and guidance do not prescribe any specific
method for banks to use in documenting what percentage of
revenues a business derives from ineligible activities. In general
there are a few commonly used options including obtaining a:
copy of the customer’s income tax return that breaks down
revenues by type (not likely),
income statement prepared by the customer’s accountant,
or
statement written by the customer stated what percentage
of gross revenues come from ineligible activity.
FinCEN Guidance 2009-G001:
http://www.fincen.gov/statutes_regs/guidance/html/fin-2009-
g001.html provides a little insight, but does not indicate an
objective standard where a bank and its regulatory agency could
be certain to agree that specific documentation was necessary:
In instances where it is apparent – through a bank’s
implementation and application of due diligence policies,
procedures, and processes to all customers – that a non-listed
business customer derives a clear minority of its annual gross
revenues from ineligible business activities, the bank could
reasonably and appropriately exempt that customer from
currency transaction reporting based solely upon materials and
information collected and considered in the ordinary course of
conducting customer due diligence.
However, in those instances where it is less clear whether a non-
listed business customer derives no more than 50 percent of its
annual gross revenues from ineligible activities, a bank should
obtain such additional supporting materials and information that
would allow it to make a reasonable determination that it may
appropriately exempt that customer from currency transaction
reporting.
Pegasus Educational Services, LLC 39
Exemptions from Currency Transaction Reporting
Verification of
Exempt Person
Status and
Record
Retention
The bank must:
verify exempt person status and
retain the records supporting verification.
The steps considered reasonable are those the bank would take
to protect itself from loan or other fraud based on
misidentification of a person’s status.
Supporting documentation is retained for five years. Supporting
documentation might include:
a copy of any original DOEP filed,
copies of each annual review conducted in the last five
years and,
if it is a Phase II exemption, copies of the DOEPs filed
previously as biennial renewals.
Annual Review
At least annually, the bank must verify that exempt persons
other than banks and government entities retain their status.
Example 18: Anywhere State Bank filed a DOEP report on
Alpha Corp., an unlisted business, in January, 2014.
Within 12 months of that filing date Anywhere State Bank must
conduct and document a review of Minor Corp.’s eligibility.
(See sample on following page.)
Note: Documentation for an annual review is generally the
equivalent of the documentation used to support the initial
filing of the DOEP. It varies dramatically based on whether it
is a Phase I or Phase II exempt person.
Revocation of
an Exemption
Banks may, but are not required to file a DOEP report
indicating an exemption has been revoked.
Pegasus Educational Services, LLC 40
Exemptions from Currency Transaction Reporting
CTR Filing Exemption Review for period ___/___/___ to ___/___/___
Check one Initial Review Annual review
Customer
Physical Address
SSN/EIN
Form of organization
Most Recent DOEP Report Date ___/___/___
Nature of Enterprise NAICS Code
Phase I Exempt Person Bank Government Listed company Subsidiary of listed company
Documentation regarding status indicated above is attached.
Phase II Exempt Person Documentation that customer has maintained a transaction account for 2 months or more is
attached.
Documentation that customer frequently engages in large currency transactions (at least 5 in the
twelve month period under review) is attached.
Documentation that the customer is currently authorized to do business in a state or the United States is
attached.
Yes No Does the customer engage in any activities that are considered ineligible
for exemption from currency transaction reporting:
Financial institution or agent of a financial
institution
Purchaser or seller of:
o motor vehicles,
o vessels,
o aircraft,
o farm equipment, or
o mobile homes.
Engaged in the practice of:
o law
o accountancy or medicine.
Auctions goods
Charters and operates ships, buses or aircraft
Gaming
Investment advisory or investment banking
services
Real estate brokerage
Pawn brokerage
Title insurance and real estate closing
Trade union activities
Marijuana related business
(If yes, documentation is attached that indicates the activities, establishes the percentage of gross
revenues they represent and shows that the aggregate amount shown is less than 51%.)
Yes No Does the customer act as a non bank financial institution (NBFI) by performing
currency exchanges, cashing checks, selling or redeeming checks or selling or redeeming stored value
cards, accepts virtual currencies, etc.? (If yes, documentation is attached that establishes the customer
has registered and obtained licenses if required by state and federal law.)
The bank’s system of monitoring cash transactions has been applied to this customer in this period.
Bank Employee ______________________________
Not A Model Form
Pegasus Educational Services, LLC 41
Exemptions from Currency Transaction Reporting
List of Exempt
Persons
There is only a practical requirement that the bank keep a list of
persons on whom exempt person designations have been filed.
What a bank includes on its list is a function of judgment and
the needs of the readership. For example:
Phase I Exemptions
Customer
Account(s)
/Transactions
Exempted
Basis For
Exemption
Last DOEP
Filed
Last
Verification
or Review
Amcore Inc.
1522 Kings Highway
Clear Springs, Florida
33123
All NYSE Listed 10/1/97 2/1/15
Clear County
Sheriff’s Office
Room 216 Courthouse
101 N. Main St.
Clear Springs, Florida
33123
All Government
Entity (police
powers)
10/1/97
2/1/08
(No longer
required)
Clear Springs
National Bank
5420 Main Street
Clear Springs, Florida
33123
All Bank
10/1/97 2/1/08
(No longer
required)
Omega National
Bank
15111 Champions
Blvd
Miami, Fl 33157
All Bank N/A 2/1/08
(No longer
required)
Phase II Exemptions ABC Supermarket
Inc.
1234 Dixie Highway
Clear Springs, Florida
33123
Deposits and
withdrawals
to all
transaction
accounts
[list #s]
Non listed
business
3/15/08 2/1/15
Note: This is not a suggestion that banks and government
entities must be listed on the bank’s list of exempt persons or
even a suggestion that the bank must have a list of exempt
persons. It is only a sample of how the information might be
kept.
Pegasus Educational Services, LLC 42
CTR Backfiling
Overview
Occasionally, errors occur in the exemption process. An
example would be that of a customer recognized as an exempt
person was later found to be ineligible. Backfiling missing
CTRs without consulting with FinCEN first is a significant
compliance error.
Steps in
Obtaining a
Backfiling
Determination
Step Action
1 If the bank finds one or several omitted CTRs or a
repetitive error on CTRs it should call the FinCEN
Resource Center 800.767.2825 and leave a message
indicating that a backfiling determination is requested.
2 Explain the relevant facts to the FinCEN
representative to see if a backfiling determination is
appropriate. If so, the then current version of the
form on the following page will be sent to you.
3 Complete the form including all of the required
information and promptly return it to FinCEN with
the cover letter explaining:
o how the error occurred,
o how it was discovered and
o the measures taken to assure it does not happen
again.
4 Follow the instructions received from the FinCEN in
regard to backfiling. If backfiling is required, the
appropriate notation should be made on the BSA -
CTR.
Note: This process is not designed for required CTRs that were
simply omitted in error.
Pegasus Educational Services, LLC 43
CTR Backfiling
Pegasus Educational Services, LLC 44
Record Retention
Overview
BSA contains a long list of records which banks are required to
keep. The BSA requires financial institutions to keep certain
records and make certain reports that have been determined to be
useful in criminal, tax, or regulatory investigations or
proceedings, and for intelligence or counter-intelligence activities
to protect against international terrorism. The record retention
requirements of BSA are substantive; i.e. they are important in
their own right and are not generally focused on evidence of
compliance.
Retention
Period
All records which banks are required to keep under BSA must be
kept for five years.
Retention
Method
BSA allows banks to keep records in any fashion, using any
medium, e.g., originals, photocopies, microfilm, electronic
storage, etc. Regulations require banks to be able to produce
required records within a reasonable period of time.
Required
Records
Each Currency Transaction Report filed;
Each exemption granted;
Each extension of credit in an amount over $10,000 including,
borrower’s name and address,
amount of the credit,
nature and purpose of the credit and
the date of the credit.
Note: This does not apply to loans secured by real estate.
Each advice, request, or instruction received or given
regarding a transaction resulting in the transfer of currency or
other monetary instruments, funds, checks, investment
securities, or credit, of more than $10,000, to or from any
person, account or place outside the United States;
Pegasus Educational Services, LLC 45
Record Retention
Required
Records,
continued
A list of deposit accounts opened without a TIN before
October 1, 2003.
Note: The bank is expected to maintain a list of accounts
opened without a TIN prior to October 1, 2003. CIP
requirements should make it impossible for a bank to open an
account for a U. S. person without a TIN after that date.
Current examination procedures emphasize TIN
compliance.
Each document granting signature authority over each deposit
account;
Each statement, ledger card or other record of each deposit
account showing each transaction involving the account,
Each check, clean draft or money order drawn on the bank for
more than $100 except those drawn on certain high volume
accounts,
Each debit in excess of $100 to a customer’s account other
than bank charges or charges pursuant to an agreement with
the customer,
Each document relating to a transaction of more than $10,000
remitted or transferred to a person, account or place outside
the United States,
Each check or draft in excess of $10,000 drawn on or issued
by a foreign bank which the domestic bank has paid or
presented to a nonbank drawee for payment,
Pegasus Educational Services, LLC 46
Record Retention
Required
records,
continued
Each item relating to any transaction of more than $10,000
received on any one occasion directly and not through a
domestic financial institution, from a bank, broker or dealer in
foreign exchange outside the United States,
Records prepared or received by a bank in the ordinary course
of business which would be needed to reconstruct a demand
deposit account and to trace a check in excess of $100
deposited in a demand deposit account,
A record of each certificate of deposit sold including the
description of the instrument, a notation of the method of
payment, the date of the transaction and the following
information regarding the purchaser:
name,
address, and
taxpayer identification number,
A record of each certificate of deposit presented for payment
including the description of the instrument and the date of the
transaction and the following information regarding the person
presenting the certificate for payment:
name,
address, and
taxpayer identification number,
Each deposit slip or credit ticket reflecting a transaction in
excess of $100 or the equivalent record for direct deposit or
other wire transfer deposit transactions,
Note: The slip or ticket must show the amount of any currency
involved.
Information regarding official checks sold for cash (explained
in detail below), and
Information regarding wire transfers of $3,000 or more.
Pegasus Educational Services, LLC 47
Record Retention
Monetary
Instruments
Issued for
Cash
When a financial institution issues monetary instruments for cash
between $3,000 and $10,000 inclusive, it must retain certain
information. The information required varies depending on
whether the purchaser is a deposit account holder. Official checks
include:
Bank checks or drafts,
Cashiers checks,
Money orders and
Travelers checks.
Prohibition vs.
Record
Retention
Requirement
Although it is routinely discussed as a record retention
requirement the regulation is actually written a prohibiting the
sale if the information is not obtained. If the information cannot
be obtained, the transaction should be refused.
General
Information
Required
Some information must be kept for all covered sales:
Name of purchaser
Date of purchase
Type of instrument
Instrument(s) serial number
Amount of instrument(s)
Pegasus Educational Services, LLC 48
Record Retention
Purchases
by Deposit
Account
Holders
If the
purchaser…
then the financial institution must also
document that it has verified…
is a deposit
account holder
that the purchaser is a deposit account
holder whose identity was previously
verified and the information was recorded
on the signature card or file record or
the purchaser’s name and address through
examination of identification and recording
specific identifying information.
Purchases
by Non-
Deposit
Account
Holders
If the
purchaser…
then the financial institution must also
obtain the purchaser’s…
is not a deposit
account holder
address,
SSN or alien I.D. number, and
date of birth.
Note: A non deposit account holder’s name and address must be
verified through examination of identification and recording
specific identifying information.
Aggregation
Triggering
Record
Retention
Contemporaneous purchases of the same or different types of
instruments totaling $3,000 or more are treated as one purchase. If
the financial institution is aware of multiple purchases during one
business day totaling $3,000 or more, they are treated as one
purchase.
Monetary
Instrument
Sales Log
There is no specific method required for retaining information on
monetary instrument sales. A requirement that the information be
maintained on a log in a centralized place was removed from the
regulation several years ago. Nevertheless, many banks still
maintain the information using this method.
Pegasus Educational Services, LLC 49
Record Retention
“Indirect”
Purchases with
Cash
Banks may implement a policy requiring customers who are
deposit accountholders and who want to purchase monetary
instruments in amounts between $3,000 and $10,000 with
currency to first deposit the currency into their deposit accounts.
Nothing within the BSA or its implementing regulations prohibits
a bank from instituting such a policy.
However, FinCEN takes the position that when a customer
purchases a monetary instrument in amounts between $3,000 and
$10,000 using currency that the customer first deposits into the
customer’s account, the transaction is still subject to the
recordkeeping requirements of 31 CFR 1010.415. This
requirement applies whether the transaction is conducted in
accordance with a bank’s established policy or at the request of
the customer. Generally, when a bank sells monetary instruments
to deposit accountholders, the bank already maintains most of the
information required by 31 CFR 1010.415 in the normal course of
its business. (Examination Manual, December, 2014)
Note: A bank would need to be able to identify monetary
instrument sales subject to the record retention requirement for
reviewers to demonstrate they could be made available to law
enforcement upon request.
Consider: If your financial institution sold a cashiers check to a
deposit account holder and retains a “register copy” of the check,
how much additional information would you need to meet the
record retention requirements? What if it was a non deposit
account holder? What if it was a money order or travelers checks
instead of a cashiers check? Not all financial institutions will
have the same answers.
Relevant
Policies and
Procedures
Financial institutions are expected to have policies and procedures
in connection with monetary instrument sales. They are also
expected to monitor these sales for suspicious activity.
Pegasus Educational Services, LLC 50
Record Retention
Funds
Transfers
Of $3,000
Or More
When a bank originates or receives a funds transfer of $3,000 or
more it must retain certain information. (Responsibilities of
intermediary banks are not discussed here.)
Established
Customer
An “established customer” includes a person with a loan, deposit
or other asset account or one for whom the institution has on file
the person’s name; address; taxpayer identification number or
passport number and country of issuance; and to which the
institution provides financial services in reliance on that
information.
General
Information
Required by
Originating
Banks
Certain information must be kept for all covered funds transfers:
name and address of the originator
the amount of the funds transfer
the date of the funds transfer,
any payment instructions received from the originator with the
payment order,
the identity of the beneficiary bank, and
as many of the following items as are received with the
payment order:
name and address of the beneficiary,
account number of the beneficiary, and
any other specific identifier of the beneficiary.
Note: There is no requirement that the originating bank request or
record the “purpose” of the wire transfer. However, many banks
do so as a part of their customer due diligence program.
Pegasus Educational Services, LLC 51
Record Retention
Additional
Information
Required
Additional information must be kept when the originator is not an
established customer:
if payment order received in person, identification is verified
and recorded
if person placing order is not originator, the originator’s U.S.
taxpayer identification, passport identification number
(including country of issuance). If this information is not
available, a note of the inquiry must be made.
if payment order not made in person, a record of the
originator’s name and address; U.S. taxpayer identification,
alien registration or passport number (including country of
issuance). If this information is not available, a note of the
inquiry must be made. A copy of or record of the method of
payment is also required.
Note: A bank is not obligated to send a wire transfer for anyone,
particularly someone who is not an established customer. A bank
is not obligated to receive a wire transfer for anyone, particularly
someone who not is an established customer.
Pegasus Educational Services, LLC 52
Record Retention
Information
Includable in
Transmittal
Order
(aka, Travel
Rule)
The following must be included in the transmittal order for
covered transfers:
the name and, if payment is made from an account, account
number of the transmitter
the address of the transmitter
amount of transmittal order
date of transmittal order
identity of recipient’s financial institution
as many of the following as are received with transmittal
order
name and address of recipient
account number of recipient
any other specific identifier of recipient and
either the name, address or numeric identifier
of the transmitter’s financial institution.
Note: FinCEN Guidance 2010-G004 issued November
9, 2010, provides a Q & A on the requirements of the
“travel rule.”
http://www.fincen.gov/statutes_regs/guidance/pdf/fin-
2010-g004.pdf
Pegasus Educational Services, LLC 53
Record Retention
General
Information
Required by
Beneficiary
Bank
Certain information must be kept for all covered funds
transfers:
an original or reproduction of the payment order
Additional
Information
Required
Additional information must be kept when the beneficiary is
not an established customer:
If payment is delivered in person, identification is verified
and recorded
if person receiving proceeds is not the beneficiary, the
beneficiary’s U.S. taxpayer identification, passport
identification, or alien registration number (including
country of issuance). If this information is not available, a
note of the inquiry must be made.
if proceeds not delivered in person, a copy or record of the
method of payment and the name and address of the person
to whom it was sent.
Retrievability
Originating banks must keep records so they can be retrieved
either by reference to the originator’s name or account number.
Beneficiary banks must keep records so they can be retrieved
by reference to the beneficiary’s name or account number.
(Obviously, in both cases, if there is no account, retrieval is by
name only.)
Pegasus Educational Services, LLC 54
Record Retention
Proposed Rule
on Cross-
Border
Electronic
Transmittal of
Funds
On September 27, 2010 FinCEN issued a notice of proposed
rulemaking regarding requiring MSBs & banks to report, not
just keep records of, certain cross border transmissions of
funds.
http://www.fincen.gov/news_room/nr/html/20100927.html
No final regulation has been published.
Production of
Records
As noted, banks are generally required to produce records
“within a reasonable period of time.” Federally supervised
financial institutions to provide records related to anti-money
laundering compliance to their regulatory agency within 120
hours of the request. The requirement includes: …information
and account documentation for any account opened,
maintained, administered or managed in the United States by
the covered financial institution.
Note: It is clear that the time frame only applies to requests
from the regulatory agencies. It is not clear which records relate
to anti-money laundering compliance.
Pegasus Educational Services, LLC 55
Record Retention
Legal
Compulsion
for Production
of Records
BSA establishes a bank’s responsibility to keep certain records.
It does not discuss a bank’s duty or ability to provide records
requested by a third party, whether the request is from law
enforcement, a grand jury, an administrative agency, the Internal
Revenue Service, etc. (It does provide specific guidance
regarding disclosure of records which the bank used in the
preparation of a SAR.)
Requests for records from the federal government are generally
covered by the Right to Financial Privacy Act (RFPA).
Generally, it indicates that banks are to receive a summons,
subpoena, or search warrant before they are compelled to turn
over information to agencies of the federal government. Even
then, they are generally entitled to receive a certificate of
compliance before delivering the information.
Section 3414 of the RFPA recognizes very limited
circumstances where law enforcement may require customer
information from a bank in the absence of legal compulsion; e.g.
a subpoena. They must relate to espionage, the "protective" role
of the Secret Service or terrorism. (Generalizing, there must be
an overwhelming concern and time must be of the essence.)
That same section of RFPA includes the procedures that must be
followed.
Pegasus Educational Services, LLC 56
Information Sharing
Overview
Section 314 of the USA PATRIOT Act created a mechanism
that allows law enforcement agencies to query banks indirectly
about their possible relationships with persons of interest in
money laundering and terrorist financing investigations. It
also allows banks to communicate with one another
concerning suspicious activity involving customers they may
have in common.
Financial
Institutions
Hotline
FinCEN provides a Financial Institution’s Hotline, 1-866-556-
3974, for financial institutions to voluntarily report to law
enforcement suspicious transactions that may relate to terrorist
activity against the United States. The hotline is operational
24 hours a day, 7 days a week.
Note: According to Treasury, the “safe harbor” provision
applies even if the report of suspicious activity is made orally
or in some form other than the use of the Treasury’s SAR
form. However, the author notes that substantial internal
controls should still be in place before such phone calls are
made.
Information
Sharing
Between Federal
LEA’s and
Financial
Institutions:
314(a)
Section 314(a) required Treasury to issue regulations
encouraging greater cooperation between financial institutions,
regulators and law enforcement agencies. The regulations
establish a mechanism where law enforcement agencies can
funnel requests for information on named individuals through
FinCEN which, in turn, notifies the financial institutions that
the names are available for download from a secure web site.
Pegasus Educational Services, LLC 57
Information Sharing
Registration
Financial institutions are required to register a point of contact
with their primary federal regulatory agency. The bank’s
Consolidated Report of Condition and Income facilitates
registration:
General
Instructions for
Processing
314(a) Queries
It is exceptionally important that banks follow published
instructions in conducting searches required by 314(a). There
are two publications on the secure web site:
“FinCEN’s 314(a) Fact Sheet” and the
“Instructions for Responding to Section 314(a) Requests
Using the Secure Information Sharing System and FAQs.”
It is essential that each bank obtain copies of these documents
and design its search procedures around them.
Pegasus Educational Services, LLC 58
Information Sharing
Instructions
Accompanying
Queries
It is exceptionally important to note that the instructions
accompanying a particular query may vary. For example, they
may require the institution to research its records for a different
time frame or to use the list on an ongoing basis to compare to
all new accounts opened. Read the instructions accompanying
the query carefully each time one is received.
Processing
Queries will be available every two weeks. The financial
institution must begin searching its records immediately. If it
identifies a positive match, it must respond within 14 calendar
days. This is to be a “one time” search; no secondary use is to
be made of the names provided. The queries are confidential.
Records to be
Searched
In general, the financial institution must search for its
customers in:
deposit records,
funds transfer records subject to mandatory record retention
(originators and incoming recipients only),
monetary instrument sales subject to mandatory record
retention (remitters only),
loan records,
trust department account records,
records of securities transactions,
records of transactions in commodities futures, options or
other derivatives, and
safe deposit records.
Length of
Search
Transactions linked to an account should be searched for the
preceding 12 months. Transactions not linked to an account
should be researched for the preceding 6 months.
Pegasus Educational Services, LLC 59
Information Sharing
Positive Matches
The query incorporates a “Subject Information Form.” All the
respondent needs to do is put an “X” next to the particular named
subject for which a match was found and to provide point of
contact information. The form is to be sent to FinCEN. If no
positive matches are found, no response is necessary.
Procedures
Required
As suggested by its inclusion here, 314(a) queries are a part of
BSA just like CTR and SAR filing – they should be addressed in
the financial institution’s BSA policies and procedures. At a
minimum, the procedures should:
Designate a point of contact for receiving information
requests.
Ensure that the confidentiality of requested information is
safeguarded.
Establish a process for responding to FinCEN’s requests.
Linking a “positive” response to the bank’s mechanism
for considering the filing of a SAR.
Documentation
Documentation of 314(a) requests could include the following
methods:
Copies of the requests,
a log that records the tracking numbers and includes a
sign-off column, or
copies of the cover page of the requests, with a financial
institution sign-off, that the records were checked, the
date of the search and search results (e.g.,
positive/negative) or
self verification (there is a publication on the secure web
site, “314(a) Search Self-Verification Users Guide” that
explains the self verification process.
For positive matches, copies of the form returned to FinCEN and
the supporting documentation should be retained.
Pegasus Educational Services, LLC 60
Information Sharing
Voluntary
Information
Sharing
Among
Financial
instutions:
314(b)
Section 314(b) required Treasury to issue regulations encouraging
greater cooperation between financial institutions. The regulations
establish a mechanism where financial institutions are allowed to
register to share information with other financial institutions that
they believe may relate to terrorist activity or money laundering.
Registration
Institutions volunteering to share information can provide notice at
the FinCEN web site: http://www.fincen.gov/fi_infoappb.html (See
the following page.) The notice is valid for one year. FinCEN
publishes a list of registered institutions in order to allow
verification by other institutions prior to sharing information.
Scope
Per the regulation, sharing is possible only if both institutions
believe terrorist activity or money laundering is involved. Each
institution involved in sharing must be registered and it is
responsible for verifying the registration of the other institutions
involved.
Note: FinCEN issued FIN-2009-G002 which it described as a
“clarification” on 314(b) information sharing:
http://www.fincen.gov/news_room/nr/pdf/20090616.pdf
It greatly expands the scope of circumstances under which
information can be shared.
Procedures
Required
Financial institutions should address registration in their BSA
policy; e.g. the BSA officer should be instructed to register or
empowered to register if necessary. Those that are registered
should establish procedures for:
sending and receiving information sharing requests.
verifying that any financial institution with whom they
intend to share information is registered, and
establishing security measures which are adequate to use and
protect information obtained from other financial
institutions.
Pegasus Educational Services, LLC 61
Information Sharing
I hereby notify, on behalf of
(name of financial institution, or association of financial institutions), that:
(1) (i) The financial institution specified above is a "financial institution" as such term is defined in 31 CFR 103.110(a)(2), which means any financial institution defined in 31
U.S.C. 5312(a)(2) that is required to establish and maintain an anti-money laundering program, or is treated under this part as having satisfied the requirements of 31 U.S.C.
5318(h)(1); or, (ii) The association specified above is an "association of financial institutions" as such
term is defined in 31 CFR 103.110(a)(3).
(2) The financial institution or association specified above intends, for a period of one (1) year beginning on the date of this Notification, to engage in the sharing of information
with other financial institutions or associations of financial institutions regarding individuals, entities, organizations, and countries, as permitted by section 314(b) of the USA PATRIOT Act of 2001 (Public Law 107-56) and the implementing regulations of the Department of the Treasury, Financial Crimes Enforcement Network (31 CFR 103.110).
(3) The financial institution or association of financial institutions specified above has established and will maintain adequate procedures to safeguard the security and
confidentiality of such information.
(4) Information received by the above named financial institution or association pursuant to section 314(b) and 31 CFR 103.110 will not be used for any purpose other than
identifying and reporting on activities that may involve terrorist or money laundering activities.
(5) The following person may be contacted in connection with inquiries related to the information sharing under section 314(b) and 31 CFR 103.110:
Financial Institution Tax Payer Identification Number:
Primary Federal Regulator: Please select a federal regulator . . .
Financial Institution Mailing Address:
(Address)
(City)
None(State)
(Zip; no dashes)
Contact Name:
Contact Title:
E-Mail Address of Contact:
Telephone Number of Contact:
FAX Number of Contact:
Pegasus Educational Services, LLC 62
Suspicious Activity Reporting
Overview
Federally supervised and insured depositary institutions are
required to file FinCEN Suspicious Activity Reports (SARs). A
filing requirement can be prompted by a wide variety of
circumstances in addition to BSA violations.
Filing Triggers
If… then...
the amount involved is $5000 or
more in the aggregate and involves
money laundering or violations of
BSA. or
filing a SAR is required.
there is insider abuse involving any
amount, or
the amount involved is $5000 or
more and a suspect can be
identified, or
the amount involved is $25000 or
more regardless of whether a
suspect can be identified, or
the transaction has no apparent
lawful purpose or is not the sort in
which the particular customer would
be likely to engage or there is no
reasonable explanation for the
transaction.
SAR FAQ
In May, 2013 FinCEN published a “Frequently Asked
Questions” document that is invaluable in the completion of the
FinCEN SAR:
http://www.fincen.gov/whatsnew/html/sar_faqs.html
Pegasus Educational Services, LLC 63
Suspicious Activity Reporting
Pegasus Educational Services, LLC 64
Suspicious Activity Reporting
Pegasus Educational Services, LLC 65
Suspicious Activity Reporting
Pegasus Educational Services, LLC 66
Suspicious Activity Reporting
Pegasus Educational Services, LLC 67
Suspicious Activity Reporting
Pegasus Educational Services, LLC 68
Suspicious Activity Reporting
Pegasus Educational Services, LLC 69
Suspicious Activity Reporting
Pegasus Educational Services, LLC 70
Suspicious Activity Reporting
Filing
SAR filing is required by BSA regulations. Each regulatory
agency also has its own regulation requiring SAR filings.
Financial institutions should be familiar with their primary
federal regulatory agency’s regulations, but they are virtually
identical.
If the supervisory agency is
the...
Then its SAR regulation is
found at...
Federal Deposit Insurance
Corporation
12 CFR 353
Federal Reserve Board of
Governors
12 CFR 208.62
National Credit Union
Administration
12 CFR 748.1(c)
Office of the Comptroller of
Currency
12 CRF 21.11
SAR
Instructions
The current version of the FinCEN SAR instructions (Rev.
March, 2015) is found at:
http://sdtmut.fincen.treas.gov/news/FinCENSARElectronicFilin
gRequirements.pdf
Note: Compare the number of the current version of the
instructions (1.4) to the current version of the report a few pages
before.
Pegasus Educational Services, LLC 71
Suspicious Activity Reporting
Time Frames
From the Examination Manual (December 2014):
The SAR rules require that a SAR be electronically filed through the
BSA E-Filing System no later than 30 calendar days from the date of the
initial detection of facts that may constitute a basis for filing a SAR. If
no suspect can be identified, the time period for filing a SAR is extended
to 60 days. Organizations may need to review transaction or account
activity for a customer to determine whether to file a SAR. The need for
a review of customer activity or transactions does not necessarily
indicate a need to file a SAR. The time period for filing a SAR starts
when the organization, during its review or because of other factors,
knows or has reason to suspect that the activity or transactions under
review meet one or more of the definitions of suspicious activity.
Continuation
SARs
Financial institutions may file SARs for continuing activity after a
90-day review with the filing deadline being 120 days after the
date of the previously related SAR filing.
SAR
Preparation
Although it has not been updated since the FinCEN SAR was
published, there is a guide to assist banks in SAR training and in
writing the SAR narrative:
http://www.fincen.gov/narrativeguidance_webintro.pdf
Identifying
Supporting
Documentation
Identifying supporting documentation is one of the most critical
aspects of report completion. In short, what records did the bank
rely on when it completed the report; i.e. where did each fact come
from? Those who prepare and review the report should track
every piece of information given back to its source and make
certain that source is specifically listed on the report. References
to sources should be specific. For example, do not list “cancelled
checks” as a source. Instead: “cancelled checks on account
#100676008 paid between 03/01/20XX and 04/30/20XX.
Pegasus Educational Services, LLC 72
Suspicious Activity Reporting
Record
Retention
The bank must keep a copy of the SAR and the supporting
documentation for five years. The bank must identify and
maintain the supporting documentation in its files.
Production of
Supporting
Documentation
Supporting documentation for an SAR is treated as if it was part of
the original filing; it is to be made available to law enforcement
agencies on request. FinCEN has issued guidance regarding
supporting documentation:
http://www.fincen.gov/Supporting_Documentation_Guidance.pdf
SAR
Confidentiality
in General
The statute that requires SAR filing prohibits both banks and the
government from notifying “…any person involved in the
transaction…” that the SAR was filed. Disclosure is a crime. That
portion of the statute is interpreted by FinCEN, OCC, FDIC, FRB
and NCUA regulations that require SAR filing.
FinCEN regulations clarify SAR confidentiality rules. (The OCC
regulations are parallel to FinCEN’s, all being revised in 2010.
The FDIC, NCUA, and FRB use earlier versions.) As revised, the
FinCEN regulation expands the prohibition on disclosure:
31 CFR 103.18(e) Confidentiality of SARs. A SAR, and any information
that would reveal the existence of a SAR, are confidential and shall not
be disclosed except as authorized in this paragraph (e). For purposes of
this paragraph (e) only, a SAR shall include any suspicious activity
report filed with FinCEN pursuant to any regulation in this part.
(1) Prohibition on disclosures by banks. (i) General rule. No bank, and
no director, officer, employee, or agent of any bank, shall disclose a
SAR or any information that would reveal the existence of a SAR. Any
bank, and any director, officer, employee, or agent of any bank that is
subpoenaed or otherwise requested to disclose a SAR or any
information that would reveal the existence of a SAR, shall decline to
produce the SAR or such information, citing this section and 31 U.S.C.
5318(g)(2)(A)(i), and shall notify FinCEN of any such request and the
response thereto.
Pegasus Educational Services, LLC 73
Suspicious Activity Reporting
“Rules of
Construction”
Regarding SAR
Confidentiality
The revised FinCEN prohibition against disclosure by a bank is to
be interpreted as not prohibiting disclosure of:
a SAR or the existence of a SAR to a law enforcement
agency, federal functional regulatory agency, or a state
regulatory agency authorized under state law to examine for
BSA compliance,
the underlying facts, transactions, and documents on which
a SAR is based, including but not limited to disclosures in
connection with:
o the joint filing of a SAR, or
o certain employment references or termination notices
as authorized by statute.
sharing by a bank within its corporate structure for
purposes consistent with BSA compliance.
Note: Governmental agencies are also prohibited by regulation
from disclosing a SAR or any information that would reveal the
existence of a SAR except as consistent with their BSA
compliance responsibilities.
SAR Related
Subpoenas
If information is subpoenaed
that would…
then the bank must notify…
disclose a SAR or the existence
of a SAR
its federal functional regulatory
agency and FinCEN.
Note: A subpoena requesting specific documents, not a SAR or
evidence of the existence of a SAR, does not violate the disclosure
prohibition or trigger a notice requirement. For example, a bank
files a SAR listing its supporting documentation. It later receives a
subpoena listing that same supporting documentation, but making
no mention of the SAR. Prompt compliance is appropriate. (This
is actually the way things are supposed to work!)
Pegasus Educational Services, LLC 74
Suspicious Activity Reporting
Official Advice
Regarding SAR
Confidentiality,
FIN-2010-A014
FinCEN encourages organizations and authorities, both governmental
and non-governmental, to be vigilant in ensuring SAR confidentiality is
maintained. This includes making certain all employees, agents, and
individuals appropriately entrusted with information in a SAR are
informed of the individual obligation to maintain SAR confidentiality.
This obligation applies not only to the SAR itself but also to information
that would reveal the existence of the SAR. Likewise, such persons
should also be informed of the consequences for failing to maintain such
confidentiality, which could include civil and criminal penalties as
explained herein.
A financial institution may want to consider including such information
as part of its ongoing training of all employees. Additional risk-based
measures to ensure the confidentiality of SARs could include, among
other appropriate security measures, limited access on a "need-to
-know" basis, restricted areas for reviewing SARs, logging of access to
SARs, the use of cover sheets for SARs, or supporting documentation
that indicates the filing of a SAR, or electronic notices that highlight
confidentiality concerns before a person may access or disseminate the
information.
Reporting SAR
Filings to the
Board of
Directors
Functional federal regulatory agencies’ regulations require that all
SAR filings be reported to the institution’s Board of Directors or
an appropriate committee “promptly.” (FinCEN’s regulations
contain no parallel reporting requirement.) The Examination
Manual (December, 2014) indicates there is great discretion in the
amount of specific information reported to the board:
Banks are required by the SAR regulations of their federal banking
agency to notify the board of directors or an appropriate board
committee that SARs have been filed. However, the regulations do not
mandate a particular notification format and banks should have
flexibility in structuring their format. Therefore, banks may, but are not
required to, provide actual copies of SARs to the board of directors or a
board committee. Alternatively, banks may opt to provide summaries,
tables of SARs filed for specific violation types, or other forms of
notification. Regardless of the notification format used by the bank,
management should provide sufficient information on its SAR filings to
the board of directors or an appropriate committee in order to fulfill its
fiduciary duties, while being mindful of the confidential nature of the
SAR
Pegasus Educational Services, LLC 75
Suspicious Activity Reporting
SAR Policies
and Procedures
In March, 1998 all the bank regulatory agencies issued an
Interagency Advisory which noted:
It is vitally important that banks set up an internal process to handle the
filing of SARs and any requests from law enforcement agencies.
An Interagency Advisory issued in May, 2004 all the bank
regulatory agencies reiterated the observation in another
Interagency Advisory:
The staffs of the agencies want to emphasize that all financial
institutions covered by the agencies’ SAR reporting rules should have
internal processes to handle the filing of SARs as well as requests for
sensitive information from law enforcement authorities and from
litigants in private lawsuits regarding suspicious activities and
reporting to law enforcement.
The presence of a policy and procedure demonstrates that the
financial institution understands its responsibility. Adherence to
policy and procedure assures that choices are not being made in the
heat of the moment.
Safe Harbor
Federal law creates a so-called “safe harbor” which protects the
institution from liability in connection with all SAR filings
regardless of whether the SAR is voluntary or mandatory. In
recent years, there has been a consistent string of federal court
decisions affirming that protection. The majority of federal courts
have ruled that the safe harbor provision provides unqualified
protection to financial institutions and their employees from civil
liability for filing a SAR.
Pegasus Educational Services, LLC 76
Suspicious Activity Reporting
Training
Training on identifying and reporting suspicious activity must be
institution wide. It is not essential that all employees understand the
SAR filing process, but they m understand that reporting suspicious
activity is an essential part of their job responsibilities.
Independent
Examinations
or Audits of
SAR Filing
Program regulations require that banks conduct an independent
review of their BSA compliance program annually. Obviously, SAR
filing is an essential element of that review and every aspect of SAR
filing ranging from training, the effectiveness of monitoring
programs and the actual reports filed should be evaluated. Also
obviously, third party reviewer’s practices in reviewing SAR filing
should reflect a full measure of respect for SAR confidentiality.
Regulatory
Review of SAR
Filing
Decisions
The BSA/AML Examination Manual (December, 2014) :
The decision maker, whether an individual or committee, should have the
authority to make the final SAR filing decision. When the bank uses a
committee, there should be a clearly defined process to resolve differences
of opinion on filing decisions. Banks should document SAR decisions,
including the specific reason for filing or not filing a SAR. Thorough
documentation provides a record of the SAR decision-making process,
including final decisions not to file a SAR. However, due to the variety of
systems used to identify, track, and report suspicious activity, as well as
the fact that each suspicious activity reporting decision is based on unique
facts and circumstances, no single form of documentation is required
when a bank decides not to file.
The decision to file a SAR is an inherently subjective judgment. Examiners
should focus on whether the bank has an effective SAR decision-making
process, not individual SAR decisions. Examiners may review individual
SAR decisions as a means to test the effectiveness of the SAR monitoring,
reporting, and decision-making process. In those instances where the
bank has an established SAR decision-making process, has followed
existing policies, procedures, and processes, and has determined not to
file a SAR, the bank should not be criticized for the failure to file a SAR
unless the failure is significant or accompanied by evidence of bad faith.
Pegasus Educational Services, LLC 77
NBFIs and MSBs
Overview
Non bank financial institutions (NBFIs) provide financial services
such as check cashing, currency exchanges and check purchasing to
their clientele. In those circumstances, they can be involved in
terrorist financing or money laundering just as a bank can. Banks
must identify NBFIs because they are “subject to expanded
examination overview.” Once a customer has been identified as an
NBFI, their potential status as a Money Service Business (MSB)
should be established.
MSB Website
A portion of the FinCEN web site is devoted to MSBs:
http://www.fincen.gov/financial_institutions/msb/
Money Service
Businesses
(MSBs)
A non bank financial institution is an MSB and must register if it
conducts more than $1,000 in business with one person in one or
more transactions (in any category of activity listed below) on the
same day in one or more of the following services:
money orders
traveler’s checks
check cashing
currency dealing or exchange or
the business provides money transfer services in any amount.
Prepaid Access
Devices
Sellers and providers of prepaid access devices may have specific
BSA reporting and recordkeeping requirements depending on the
specific characteristics of their program. The regulations spelling
out those characteristics are unusually complex. FinCEN has
issued a Q & A on the subject that is very helpful:
http://www.fincen.gov/news_room/nr/pdf/20111102.pdf
Banks should identify customers selling or providing prepaid
access devices and analyze their business practices in light of that
guidance.
Pegasus Educational Services, LLC 78
NBFIs and MSBs
Virtual
Currencies
FinCEN rulings indicate a “user” of virtual currencies is not and
MSB under BSA regulations, but an “exchanger” of virtual
currencies and an “administrator” of a virtual currency system
would be money transmitters and, thus, MSBs.
Bank Due
Diligence on
MSB
Customers
In Interagency Guidance issued April 26, 2005,
http://www.fincen.gov/guidance04262005.pdf,
the agencies indicated the minimum due diligence requirements
for every MSB client are:
Apply the banking organization’s Customer Identification
Program;
Confirm FinCEN registration, if required;
Confirm compliance with state or local licensing requirements,
if applicable;
Confirm agent status, if applicable; and
Conduct a basic Bank Secrecy Act/Anti-Money Laundering risk
assessment to determine the level of risk associated with the
account and whether further due diligence is necessary.
Note: A considerable portion of the Guidance is out of date; e.g.
the understanding of what is an MSB has been expanded, MSB’s
no longer receive a paper certificate evidencing registration, etc.
Agents for
MSB’s
A person that is an MSB solely because that person serves as an
agent of another MSB is not required to register. However, a
person that is an MSB both because it engages in MSB activities on
its own behalf and as an agent of another MSB must register.
Example 19: A supermarket corporation that acts as an agent (as a
seller of money orders) for an issuer of money orders, and performs
no other services of a nature and amount that would cause the
supermarket corporation to be a money services business, is not
required to register. The result is the same if the supermarket
corporation serves as an agent for two or more MSBs. Thus, if the
supermarket corporation serves as an agent both of a money order
issuer and of a money transmitter, it is not required to register.
Pegasus Educational Services, LLC 79
NBFIs and MSBs
MSB
Registration
Web Site
All MSB registrations must be completed electronically through
the BSA E-Filing System.
http://www.fincen.gov/news_room/nr/html/20111216.html
Verifying
MSB
Registration
Interested parties (including those providing banking services to
MSBs) can rely on the web site for proof of registration:
http://www.fincen.gov/financial_institutions/msb/msbstateselect
or.html
Unregistered
MSBs
From the 2005 Interagency Guidance referenced earlier:
One recurring question has been the obligation of a banking
organization to file a suspicious activity report on a money
services business that has failed to register with FinCEN or
failed to obtain a license under applicable state law. Given the
importance of the licensing and registration requirement, a
banking organization should file a suspicious activity report if it
becomes aware that a customer is operating in violation of the
registration or state licensing requirement.
Pegasus Educational Services, LLC 80
NBFIs and MSBs
BSA/AML
Manual for
MSBs
Noting an important quote from the 2005 Interagency
Guidance reference earlier:
The Bank Secrecy Act does not require, and neither FinCEN
nor the Federal Banking Agencies expect, banking
organizations to serve as the de facto regulators of the money
services businesses for which they maintain accounts.
Banks will find the “Bank Secrecy Act/Anti-Money
Laundering Examination Manual for Money Service
Businesses”
http://www.fincen.gov/news_room/nr/pdf/20081209.pdf
It is a helpful resource to recommend to MSB customers.
De-risking
MSBs
FinCEN issued a statement on providing banking services to
MSB’s in November 2014:
http://www.fincen.gov/news_room/nr/pdf/20141110.pdf
Two of the federal functional regulatory agencies offer similar
guidance.
OCC, http://www.occ.gov/news-
issuances/bulletins/2014/bulletin-2014-58.html
FDIC, FIL – 2015 - 5:
https://www.fdic.gov/news/news/financial/2015/fil15005.html
Note: The FDIC guidance is certainly applicable to MSBs, but
it approaches “de-risking” on a much broader basis; it could be
applied to any customer whom an FDIC supervised bank was
declining services based on “status.”
Pegasus Educational Services, LLC 81
Anti-Money Laundering
Overview
Full compliance with the requirements of BSA does not assure
that customers cannot use the institution’s products and services
to launder money. A financial institution must surround its BSA
compliance effort with an anti-money laundering program.
That program involves three elements:
customer identification,
due diligence, and
enhanced due diligence.
CIP only applies at account inception and, according to regulatory
guidance, when new owners are added to an account. Due
diligence and enhanced due diligence apply at account inception
and over the life of an account. They replace the now outmoded
phrase, “know your customer.”
Stair step
Hierarchy of
CIP and Due
Diligence at
Account
Inception
Enhanced due diligence (EDD)
includes extraordinary questions
because the person or entity has
been identified as subject to
expanded review procedures.
Information sought is needed to
more specifically predict account
activity and increase the bank’s
comfort level with the relationship.
Customer due diligence (CDD) consists of routine
questions which broadly predict account activity,
but specifically identify persons and entities subject
to enhanced due diligence.
Customer identification program (CIP) describes routine
requirements for specific information which identifies the person
or entity. Verification by documentary or non documentary
methods is required by law.
Pegasus Educational Services, LLC 82
Anti-Money Laundering
Stair step
Hierarchy of
CDD and EDD
During Life of
Account
Enhanced due diligence (EDD) applies to higher
risk customers and incorporates monitoring
specific to that customer; i.e. transactions are
analyzed via comparison to a profile for that
specific customer or similar customers. For
customers identified as “high risk,” the monitoring
is routine. However, an anomalous transaction
may prompt analysis of a customer not previously
recognized as high risk. In either case, anomalies
that are not resolved are referred for SAR
consideration.
Customer due diligence (CDD) consists of reviewing routine
reports looking for activity that does not fit normal consumer or
business account activity. Anomalies are investigated.
The goal of an AML program is to intelligently allocate limited
resources. Identifying higher risk customers is the first priority.
Identifying
High Risk
Customers
Persons and entities subject
to expanded examination
reviews should be
identified…
and then…
at account inception or
o assigned an appropriate
risk level and
o monitored according to
that risk level.
during the life of the account
The “given” is that as risk increases documentation and monitoring
requirements increase. It is not enough for a bank to simply
identify its high risk customers, it must focus greater than normal
attention (enhanced due diligence) on their activities.
Pegasus Educational Services, LLC 83
Anti – Money Laundering (CIP)
Overview
Banks are required to have a board approved Customer
Identification Program (CIP). It is the foundation for the
bank’s anti-money laundering program.
CIP Q & A’s
FinCEN and the bank regulatory agencies jointly issued Q &
A’s on CIP: http://www.fincen.gov/faqsfinalciprule.pdf
Customer
The definition of “customer” generally describes a person (an
individual or an entity) opening an account. If more than one
person is opening an account it includes all of them. However,
it does not include a mere signatory. Financial institutions may
exclude customers with existing accounts from their CIP
process, provided that they have a reasonable belief that they
know the person’s true identity.
Note: CIP regulations exclude some entities from the
“customer” definition:
banks,
government entities, and
publicly traded companies listed on a major exchange.
Account
“Account” includes all formal banking relationships including:
deposit account,
transaction or asset
account,
credit account or other
extension of credit,
safe deposit box or other
safekeeping services,
cash management,
custodian or trust services
Note: Sending a wire transfer, cashing a check, using an ATM
or purchasing an official check, regardless of frequency, does
not create an “account” and the person is not a “customer.”
Pegasus Educational Services, LLC 84
Anti – Money Laundering (CIP)
Customer
Information
Required
Prior to opening an account, the bank must obtain the following
information from the customer:
name,
date of birth (individuals only),
physical address (there is flexibility for using military
addresses or even the address of another party),
identification number (for a U.S. citizen, a SSN or EIN).
Note: A bank cannot waive any element of the required
information – obtaining it is a condition of opening the account.
A bank may include a provision in its CIP that allows it to open
an account without a TIN if it documents the fact that the
customer has applied for the number.
Verifying
Customer
Information
Within a reasonable time after opening the account, the bank
most verify the information received based on:
documentary verification,
nondocumentary verification or
a combination of the two.
The bank is not required to verify all four pieces of information
only enough to form a reasonable belief that it knows the
customer’s true identity.
CIP Content
The bank’s CIP should identify acceptable kinds of
identification based on the type of customer; e.g. individual,
corporation, partnership, etc. It should also spell out the
acceptable methods and time frames for verifying information,
the steps to be taken if information cannot be verified, and
establish a link to the bank’s suspicious activity reporting
mechanism. A bank’s CIP may provide varying requirements
for different products or services.
Pegasus Educational Services, LLC 85
Anti – Money Laundering (CIP)
Variety in CIP
Design
There was never a requirement that banks apply the same
standards to all products or account types in their CIP. For
example:
A deposit customer might
need
…while a loan customer
might need
two forms of documentary
identification, one of which
must be primary
one form of primary
documentary identification and
a consumer report.
CIP Risk
Assessment
Prior to establishing its CIP (2003) the bank was to perform a
risk assessment based on the various:
types of accounts it maintained,
methods of account opening available,
types of identifying information available, and
the bank’s size, location, and customer base.
The implementing regulation did not require that the risk
assessment be updated periodically. Yet, it is not the nature of
risk to remain at a constant level. Some banks update this risk
assessment in their overall BSA/AML risk assessment.
CIP Revisions
Per the implementing regulation, the CIP was to be adopted by
the bank’s board of directors. Accordingly, any change in CIP
would require an amendment approved by the board of
directors.
Pegasus Educational Services, LLC 86
Anti – Money Laundering (CIP)
CIP Record
Retention
Banks must retain… for five years after the…
the four pieces of information
required at account opening
account is closed.
a description of the:
documents it used to verify
identity,
the methods and results of
any measures undertaken to
verify identity, and
the resolution of any
substantive discrepancy
discovered when verifying
the information it received.
information is obtained.
Comparison to
Section 326
List
The requirement to consult a government list of “known or
suspected terrorists…” as a part of CIP is not a reference to the
OFAC list. It contemplates a list that has yet to be published or
even described by FinCEN.
Customer
Notice
The regulation requires that the customer be given a notice prior to
opening the account. The notice can be given orally or by a
method which gives the customer an opportunity to read it. (There
is no requirement that the customer receive a copy he can keep.)
The regulation contains sample language:
IMPORTANT INFORMATION ABOUT PROCEDURES FOR
OPENING A NEW ACCOUNT
To help the government fight the funding of terrorism and money
laundering activities, Federal law requires all financial institutions to
obtain, verify, and record information that identifies each person who
opens an account. What this means for you: When you open an account,
we will ask for your name, address, date of birth, and other information
that will allow us to identify you. We may also ask to see your driver’s
license or other identifying documents.
Pegasus Educational Services, LLC 87
Anti – Money Laundering (Due Diligence)
Overview
“Due diligence” is the label applied to the process of obtaining
information at account opening and during the life of the account
that will help the bank in identifying higher risk customers, those
deserving of enhanced due diligence. The simplest goals of due
diligence are to:
identify customers subject to expanded examination
overview, and
identify beneficial owners for higher risk customers, and
project future financial activity for higher risk customers, and
decide where enhanced due diligence is required.
Note: An intelligently designed AML program allocates a financial
institution’s finite resources where they will do the most good, to the
customers whom it classifies as higher risk. To illustrate, but not
state a rule of thumb, a bank might reasonably allocate 95% of its
AML resources to 5% of its customers.
Customers
Subject to
Expanded
Examination
Overview
The Examination Manual does not list what were once described as
“high risk businesses.” Each financial institution is required to
identify the customers it regards as “high risk.” However, The
Examination Manual does contain a list of persons and entities
subject to expanded examination overview. Each customer type
listed as being subject to expanded examination overview is
followed by examination procedures specific to that customer type.
Note: Examination procedures clearly indicate banks may be asked
for lists of customers included in each group. For example, banks
should be able to produce lists of non resident aliens or non bank
financial institution customers on request.
Individual
Customers
Subject to
Expanded
Examination
Overview
Individual or consumer customers included on the list of customers
subject to expanded examination overview are:
Nonresident Aliens and Foreign Individuals
Politically Exposed Persons
.
Pegasus Educational Services, LLC 88
Anti – Money Laundering (Due Diligence)
Entity
Customers
Subject to
Expanded
Examination
Overview
Entity customers subject to expanded examination overview are:
Embassy and Foreign Consulate Accounts
Non-Bank Financial Institutions
Professional Services Providers
Non-Governmental Organizations and Charities
Business Entities (Domestic and Foreign)
Cash intensive Businesses
Note: Only a few customer types subject to expanded examination
overview are individuals; most of the candidate pool for “high risk”
customers is made up of entities.
Identifying
Customers
Subject To
Expanded
Examination
Overview
Example 20: In response to standard requests for documentation at
account inception, it becomes apparent that a new customer, “Jack’s
Fast Check,” is a corporation established in Delaware, but registered
to do business in Illinois. It is a domestic business entity.
Example 21: In response to standard query at account inception, the
owner of “Jack’s Fast Check” indicates that the business cashes
checks for its customers and also sells stored value cards. It is a non
bank financial institution.
Example 22: Again in response to a standard query at account
inception, the owner of “Jack’s Fast Check” indicates the business
will be withdrawing significant amounts of cash daily to facilitate
check cashing. It is a cash intensive business.
Summary: Due diligence establishes that “Jack’s Fast Check” is a
customer subject to expanded examination overview 3 times over.
Nothing says it is a high risk customer; there is only a suggestion
that it must be evaluated as a potentially high risk customer. If an
examiner asks for a list of business entities, non bank financial
institutions, or cash intensive businesses “Jack’s Fast Check” will be
on each list, but it may not be on the bank’s high risk customer list.
Pegasus Educational Services, LLC 89
Anti – Money Laundering (Due Diligence)
Identifying
Customers
Subject To
Expanded
Examination
Overview,
continued
Example 23: An existing customer, Miram Laughlin, is matched to
a name on a vendor produced list of politically exposed persons.
Further investigation establishes that she actually is the person
named on the list; i.e. she is a politically exposed person.
Summary: Due diligence and enhanced due diligence have
established that Miram Laughlin qualifies as a customer subject to
expanded examination overview. Nothing says she is a high risk
customer; there is only a suggestion that she must be evaluated as a
potentially high risk customer. If an examiner asks for a list of its
politically exposed persons, Miram Laughlin will be on the list, but
she may not be on the bank’s high risk customer list.
Example 24: An existing sole proprietorship customer, “Angel’s
Taqueria,” is identified as having cross border ACH debits from an
international wire transfer company. Further investigation
establishes that the business is an agent for a money service
business.
Summary: Due diligence and enhanced due diligence have
established that “Angel’s Taqueria” qualifies as a customer subject
to expanded examination overview. Nothing says it is a high risk
customer; there is only a suggestion that it must be evaluated as a
potentially high risk customer. If examiners ask the bank for a list of
its non bank financial institutions “Angel’s Taqueria” will be on the
list, but it may not be may not be on the bank’s high risk customer
list.
Note: In general, due diligence at account inception is the least
expensive method for identifying customers subject to expanded
examination overview.
Pegasus Educational Services, LLC 90
Anti – Money Laundering (Due Diligence)
Interagency
Guidance on
Identifying
Beneficial
Owners
Interagency guidance issued in March 2010
http://www.fincen.gov/statutes_regs/guidance/html/fin-2010-
g001.html indicates banks are expected to identify beneficial
owners for customers whom they identify as having higher risk
levels. (It does not suggest financial institutions are required to
identify beneficial owners for all accounts.) It indicates:
“…nominal account holders can enable individuals and business
entities to conceal the identity of the true owner of assets or
property derived from or associated with criminal activity.”
Beneficial
Owner
Examples
Business entities may be the most convenient, and thus the most
common, method for obscuring ownership. The first level of
queries would focus on the type of entity involved.
If the customer is a… then the beneficial owner(s)
are…
corporation shareholders
partnership partners
limited liability company members
NPRM on
Beneficial
Ownership
FinCEN published a Notice of Proposed Rulemaking regarding
the establishment of customer due diligence requirements on
August 4, 2014. The comment period ended on October 3, 2014.
In essence, the proposal would require banks to identify beneficial
owners at the time an account is opened. The proposal
incorporated the model form on the following page.
At the time of this publication, the form on the following page
has no legal status whatsoever. Its use is neither required,
suggested, nor approved. It may be changed in or even
eliminated from the final regulation.
Pegasus Educational Services, LLC 91
Anti-Money Laundering (Due Diligence) APPENDIX A—CERTIFICATION REGARDING BENEFICIAL OWNERS OF LEGAL ENTITY
CUSTOMERS
I. GENERAL INSTRUCTIONS
What is this form?
To help the government fight financial crime, federal regulation requires certain financial institutions to obtain, verify, and record information about the beneficial owners of legal entity customers. Legal entities can be abused to disguise involvement in terrorist financing, money laundering, tax evasion, corruption, fraud, and other financial crimes. Requiring the disclosure of key individuals who ultimately own or control a legal entity (i.e., the beneficial owners) helps law enforcement investigate and prosecute these crimes.
Who has to complete this form?
This form must be completed by the person opening a new account on behalf of a legal entity with any of the following U.S. financial institutions: (i) A bank or credit union; (ii) a broker or dealer in securities; (iii) a mutual fund; (iv) a futures commission merchant; or (v) an introducing broker in commodities. For the purposes of this form, a legal entity includes a corporation, limited liability company, partnership, and any other similar business entity formed in the United States or a foreign country.
What information do I have to provide?
This form requires you to provide the name, address, date of birth and social security number (or passport number or other similar information, in the case of foreign persons) for the following individuals (i.e., the beneficial owners): (i) Each individual, if any, who owns, directly or indirectly, 25 percent or more of the equity interests of the legal entity customer (e.g., each natural person that owns 25 percent or more of the shares of a corporation); and (ii) An individual with significant responsibility for managing the legal entity customer (e.g., a Chief Executive Officer, Chief Financial Officer, Chief Operating Officer, Managing Member, General Partner, President, Vice President or Treasurer).
Pegasus Educational Services, LLC 92
Anti-Money Laundering (Due Diligence)
The financial institution may also ask to see a copy of a driver’s license or other identifying document for each beneficial owner listed on this form. II. CERTIFICATION OF BENEFICIAL OWNER(S) Persons opening an account on behalf of a legal entity must provide the following information: a. Name of Person Opening Account: ____________________________________________________________________________ b. Name of Legal Entity for Which the Account is Being Opened: ____________________________________________________________________________ c. The following information for each individual, if any, who, directly or indirectly, through any contract, arrangement, understanding, relationship or otherwise, owns 25 percent or more of the equity interests of the legal entity listed above:
(If no individual meets this definition, please write "Not Applicable.")
Name Date of Birth Address For U.S. Persons
Social Security Number
For Foreign Persons: Passport
Number and Country of Issuance or
Similar Identification
Number1
Pegasus Educational Services, LLC 93
Anti-Money Laundering (Due Diligence)
d. The following information for one individual with significant responsibility for managing the legal entity listed above, such as: • An executive officer or senior manager (e.g., Chief Executive Officer, Chief Financial Officer, Chief Operating Officer, Managing Member, General Partner, President, Vice President, Treasurer); or • Any other individual who regularly performs similar functions. (If appropriate, an individual listed under section (c) above may also be listed in this section (d)).
Name Date of Birth Address For U.S. Persons
Social Security Number
For Foreign Persons: Passport
Number and Country of Issuance or
Similar Identification
Number1
I, _________________________________________ (name of person opening account), hereby certify, to the best of my knowledge, that the information provided above is complete and correct. Signature:__________________________________ Date: ____________ _________________ 1 In lieu of a passport number, foreign persons may also provide an alien identification card number, or number and country of issuance of any other government-issued document evidencing nationality or residence and bearing a photograph or similar safeguard.
Pegasus Educational Services, LLC 94
Anti-Money Laundering (Due Diligence)
Anticipated
Transaction
Activity vs.
Review
After
Account is
Opened.
The FFIEC Manual mentions the importance of projecting
account activity. Such projections are now a regulatory
expectation. These materials acknowledge that expectation
several times.
Initial projections for a new business are inherently unreliable; i.e.
how would the business owner know what their actual activity
will be? When opening an account for an existing business the
author suggests it is advisable to use recent bank statements to
forecast activity rather than rely on an owner or signatory’s recall.
While banks could still obtain the information for reference in the
near term, it is probably wise to replace guesses made based on
initial information with judgments based actual activity after the
account has been open for two or three months.
Note: Acknowledging the regulatory expectation, the concept of
due diligence can be applied to individual, organizational, and
entity customers at account opening alike. See the forms on the
following pages.
Note: Again, the author notes that consumer accounts (other than
those belonging to a person subject to expanded examination
overview) are at a fairly low risk level for being involved in
money laundering. Moreover, it is highly likely that any unusual
behavior in a consumer account would be noted in routine
monitoring activities. The amount of due diligence conducted on
generic consumer accounts should be driven by the bank’s risk
assessment.
laundering.
Pegasus Educational Services, LLC 95
Anti – Money Laundering (Due Diligence)
Field Five
Customer Due Diligence (Consumer)
In what country are you a citizen?_____________________________
If you are not a U.S. citizen, how long do you expect to remain in the
U.S.?____________________________________________________
If you are not a U.S. citizen, do you have permission to work in the
U.S.?____________________________________________________
Are you or any of your relatives or associates connected to the government of a country
other than the United States?______ If yes, please
explain__________________________________________________
Field Six
Why did you choose this bank? ________________________________
_________________________________________________________
What other banks do you have accounts with? ____________________
_________________________________________________________
What types of items to you expect to be deposited to the
account; e.g. cash, checks, direct deposit, wires, etc.________________
__________________________________________________________
How frequently will deposits be made? __________________________
What methods do you expect to use to remove funds from the account; e.g. checks,
ATM, debit card, automated bill payments,
etc._______________________________________________________
__________________________________________________________
What is the purpose for this account?____________________________
Will any proceeds from business activities be deposited to this account?
_________
What do you anticipate maintaining as the average balance in this
account?___________________________________________________
Will any financial transactions affecting this account originate or have a destination
outside the U.S.?______ If yes, please explain.
Field Seven
Where are you currently employed?_____________________________
Which of these ranges includes your annual household income?
__________Less than $50,000
__________$50,001 to $100,000
_______$100,001 - $150,000
_______More than $150,000
Describe initial deposit
_____________________________________________________________________
Field Eight
Comments
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
Not a model form; reflects individual bank’s customer due diligence requirements.
Pegasus Educational Services, LLC 96
Anti – Money Laundering (Due Diligence)
Name of entity or
individual______________________________DBA_______________________________
Registered under assumed name statute? Y or N
OMEGA STATE BANK
NEW BUSINESS ACCOUNT SERVICE PROFILE
Form of Organization ___Corporation State where incorporated_______________ date_________
___Limited liability company State where organized_________________ date_________
___Limited partnership State where agreement filed____________ date_________
___Joint Venture Written agreement? Y or N If yes, date_________
___General partnership Written agreement? Y or N If yes, date_________
Employer Identification Number_______________________________
___Sole Proprietor
Social Security Number (Sole proprietor or one person LLC only)____________________
Business Address
(No P.O. Box)
Phone Fax
Website
NAICS Code Risk Rating: 4 or 5 (reviewed after 90 days)
Description of
business
Non bank FI; e.g.
check casher?
Reasons for
choosing Omega
State Bank
Make up of first
deposit
Please check the
services you expect
to use, their
frequency (daily,
weekly, etc.) and
their average
dollar amounts
where requested
Deposits Frequency_______ Avg. amount $_______
% in cash_____
Cash Withdrawals Frequency ______ Avg. amount $_______
Wire transfers Frequency _______
Outgoing to________________________________________
Incoming from
Loans
Safe Deposit
Trust
Private Banking
Pegasus Educational Services, LLC 97
Anti – Money Laundering (Due Diligence)
Due Diligence
During the
Life of the
Account
Due diligence does not end after the account is opened. It
continues to be found in the bank’s routine, non focused
monitoring of customer activity in general; i.e. it does not focus on
an individual customer, it looks for transactions that are anomalous
for customers as a particular class. It looks for situations that
make one customer stand out from other customers of the same
type. Here is where due diligence is at its most effective with
consumer accounts.
Customer
Monitoring
After Account
is Opened
Due diligence procedures for existing accounts involves the review
of standard reports looking for telltale activities such as the
presence of large amounts of currency, wire transfers to foreign
countries etc. Those are facts that might suggest membership in
one of the groups subject to expanded examination overview.
Possible sources of information are:
conventional reports, which may include:
o accounts listed by risk or classification code or both,
o average balance change,
o check/debit volume change,
o kiting suspects,
o large dollar transactions,
o loans with early pay off,
o loans secured by cash equivalents,
o many deposits, few checks,
o significant balance changes,
o account analysis,
o electronic banking & electronic payment activity and
o accounts with multiple alerts.
cash tracking reports which aggregate cash transactions
affecting an entire CIF or related CIFs over long periods of
time; e.g. weeks, months, etc.
rules based anti-money laundering software, or
intelligent anti-money laundering software.
Pegasus Educational Services, LLC 98
Anti – Money Laundering (Enhanced Due Diligence)
Overview
Enhanced due diligence is the label applied to the bank’s
investigation when prompted by:
o information provided by the customer at account
inception or
o customer activities or transactions, or
o queries made by third parties or
o any combination of the above.
Information
Offered as a
Trigger for
Enhanced Due
Diligence
A customer that indicates it provides financial services and then
goes on to say that those services include check cashing might
be asked several additional questions as depicted on the
following page. If in responding to those questions the
customer indicates it is a money service business and is, thus,
required to register with Treasury a great deal more information
may be required. See the following page.
Pegasus Educational Services, LLC 99
Anti – Money Laundering (Enhanced Due Diligence)
OMEGA STATE BANK
NBFI Detail Form
Name of entity or
individual______________________________DBA_______________________________
Type of organization; e.g. corporation, LLC etc.
State or country of organization
Financial Services
Provided
Maximum
daily amount
per person
Licensed by
Anystate
(Date or No)
Registered with
FinCEN as MSB
(Date or No)
Comment
Check cashing
*
Currency sale or
exchange
**
Check sales or
redemption
***
Stored value cards ***
Money Transmission ***
Other
* Required by [citation] if fees exceed X% of gross revenues for the business
** Required by [citation]
***Required by [citation]
Copy of any license required by state law and noted above is attached.
If you are acting as an agent for another company in providing these services, what company is it? (e.g.
Western Union, Sigue, Travelers Express, .etc.)
_______________________
Copy of any agency agreement with the licensed party is attached.
If your business is required to register with the Department of the Treasury as an MSB:
A printout from the MSB website verifying registration is attached.
The reverse side of this form is completed accurately and completely.
I understand that the Omega State Bank is required to obtain this information. I hereby confirm, under
penalties of perjury, that my statements are on both sides of this form are accurate. I also agree to
notify Omega State Bank if any of the above information changes and provide additional documentation
as requested.
___________________________Signature ____________________Name _____________________Title
[Notarization]
Pegasus Educational Services, LLC 100
Anti – Money Laundering (Enhanced Due Diligence)
OMEGA STATE BANK
NBFI Detail Form (MSB Portion) Owners’ Name and
Address. List all
owning 25% or more.
TIN
Ownership
Percentage
Years of
Experience in
MSB Activities
Banks
Currently
Used
(personally)
Comments
Location of Any
Other Bank
Accounts
Types of Products
& Services Offered
Locations and
Markets Served
Anticipated
Account Activity
Purpose of this
Account
Comments
(Bank use only)
Pegasus Educational Services, LLC 101
Anti – Money Laundering (Enhanced Due Diligence)
Documentary
& Activity
Reviews
A decision that a customer represents a higher level of risk must be
followed by a greater allocation of resources. High risk customers
are the focus of more frequent, more detailed reviews of their
transactions and their documentation than other customers.
Obviously, timing the “review” of high risk accounts involves
various considerations, but
there will be at least one annually and
the review should include a review of documentation as well
as activity.
January April July October
update
profile
review
activity
verify
registration
current
review
activity
review
activity
verify state
licensure
current
review activity
For discussion:
There isn’t anything official that dictates the frequency of
reviews. More to the point, there isn’t anything that says a
review of any frequency is adequate.
The suggestion that the profile be updated annually is
intentional – it will make it apparent if the activity has
increased significantly in the last several months.
On MSBs, one review should be shortly after year end to
assure that any FinCEN registration has been renewed.
On licensed NBFIs, one review should be shortly after any
standard time frame in which a state license must be
renewed.
Pegasus Educational Services, LLC 102
Anti – Money Laundering (Enhanced Due Diligence)
Activity
Inconsistent
with
Consumers in
General
Activity which is inconsistent with a consumer account should
generate enhanced due diligence for a consumer’s accounts.
Examples are:
o frequent cash deposits,
o frequent cash withdrawals,
o regular use of wire transfers,
o deposits on a frequency greater than explained by wage
earners depositing pay checks,
o high account velocity, etc.
Again, what would be the justification for the bank’s maintenance
of a consumer account which the bank actually believed was at
high risk for money laundering or terrorist financing?
This Business
Customer’s
Activity vs.
Other
Customers in
the Same
Business
For a business customer, certain activity may be suspicious because
it was not like that of other customers involved in the same
business.
Example 25 – The Bank of Anywhere has the accounts for five
retail liquor stores. The compliance officer notes that only one,
State Street Spirits, does not make large withdrawals of cash. On
investigation, she discovers the store’s deposits rarely include cash.
All the other stores routinely deposit and withdraw cash.
By itself, the absence of cash in a particular business might not
indicate anything. However, when cash is normal for that
business, its absence may be critical.
Activity
Profiles for
High Risk
Customers
When a bank has established a profile for every high risk customer
it can readily identify circumstances where the activity may not be
representative of the normal course of the customer’s activity.
Such activity should prompt an investigation; i.e. additional
enhanced due diligence. Unless a bank has AML software that
creates and maintains such profiles, the process is labor intensive.
Pegasus Educational Services, LLC 103
Anti – Money Laundering (Enhanced Due Diligence)
Customer
Profile
The underlying concept is simple: you cannot tell what’s
unusual or suspicious if you have no idea what is normal.
OMEGA STATE BANK
Customer Profile
Based on Averages from 4 Months in 20XX Name of entity or
individual______________________________DBA_______________________________
CIF# Date Opened NAICS # Risk Rating
NBFI (Attach Detail form) Lottery Ticket Sales
Comments
Incoming Funds
High $ Average $ Comment Cash deposits Checks Credit Card Wire Transfers
(Domestic)
Wire Transfers
(International)
ACH
Outgoing Funds
High $ Average $ Comment Cash Withdrawals Cash Shipments Checks Wire Transfers
(Domestic)
Wire Transfers
(International)
ACH
Pegasus Educational Services, LLC 104
Anti – Money Laundering ( Enhanced Due Diligence)
High Risk
Customer
Review
Obviously, there is a strong connection between this form and the
customer profile.
OMEGA STATE BANK
Customer Profile 20XX
Name of entity or
individual______________________________DBA_______________________________
Review periods are those covered by a specific periodic statement and _____/_____ = High/Average for
period covered by statement. Comments on reverse side.
Dates covered* ______to______
______to______
______to______
______to______
Cash Deposits
______/______
______/______
______/______
______/______
Cash Withdrawals
______/______
______/______
______/______
______/______
Checks Deposited
______/______
______/______
______/______
______/______
Checks Written
______/______
______/______
______/______
______/______
Credit Card
Receipts
______/______
______/______
______/______
______/______
Wire Transfers
Incoming
(Domestic)
______/______
#
______/______
#
______/______
#
______/______
#
Wire Transfers
Outgoing
(Domestic)
______/______
#
______/______
#
______/______
#
______/______
#
Wire Transfers
Outgoing
(International)
______/______
#
______/______
#
______/______
#
______/______
#
Wire Transfers
Incoming
(International)
______/______
#
______/______
#
______/______
#
______/______
#
ACH Credits
______/______
#
______/______
#
______/______
#
______/______
#
ACH Debits
______/______
#
______/______
#
______/______
#
______/______
#
Pegasus Educational Services, LLC 105
Anti – Money Laundering (Enhanced Due Diligence)
High Risk U.S.
Geographies
Just as a bank needs to be cognizant of its surrounding geography, it
also needs to aware of where its customer and its customer’s
customer is located. A customer with ties to U.S. or foreign
geographies that are classified as “high risk” could deserve a higher
risk rating.
Monitoring
Connections to
International
High Risk
Geographic
Locations
Again, a customer with ties to foreign geographies that are
classified as “high risk” would deserve a higher risk rating The
current term is "high risk geographic locations." Included are:
Countries subject to sanctions on the OFAC web site at:
http://www.treasury.gov/resource-
center/sanctions/Pages/default.aspx
Countries identified by the Secretary of State as supporting
international terrorism. See “Country Reports on Terrorism.”
http://www.state.gov/j/ct/rls/crt/
Jurisdictions of “primary money laundering concern:”
http://www.fincen.gov/reg_section311.html
Jurisdictions identified as non cooperative by FATF:
http://www.fatf-gafi.org/
Countries and jurisdictions identified in the annual International
Narcotics Control Strategy Report as jurisdictions of primary
concern:
http://www.state.gov/j/inl/rls/nrcrpt/2012/vol2/184115.htm
Offshore Financial Centers:
http://www.imf.org/external/ns/cs.aspx?id=55
Other countries identified by the bank as high-risk because of its
prior experiences or other factors (e.g. legal considerations, or
allegations of official corruption.)
Pegasus Educational Services, LLC 106
Anti – Money Laundering (Enhanced Due Diligence)
Section 311
Special
Measures
Section 311 of the USA PATRIOT authorizes the Secretary of the
Treasury to require domestic financial institutions and domestic
financial agencies to take certain special measures against foreign
jurisdictions, foreign financial institutions, classes of international
transactions, or types of accounts of primary money laundering
concern. The listing of current “special measures” is found on the
FinCEN web site.
http://www.fincen.gov/statutes_regs/patriot/section311.html
Note: Bank policies and procedures should reflect efforts to detect
and evaluate transactions with persons, entities, or jurisdictions
subject to special measures.
EDD
Prompted by
External
Events
Enhanced due diligence is prompted by uncommon facts. Just as a
customer’s surprise appearance on a standard internal report can
prompt a reevaluation of that customer’s risk level, an outside
communication can do the same thing. A number of
communications could cause a bank to reevaluate a customer’s
potential risk:
o newspaper stories,
o IRS levies,
o IRS summons,
o subpoenas from civil courts,
o grand jury subpoenas,
o National Security letters,
o positive response to a 314(a) query,
o positive response to an OFAC query, and
o informal queries from law enforcement personnel
can all make a bank launch a possible SAR filing investigation and
reconsider whether the customer’s status is appropriate. There is no
suggestion here that a SAR should automatically be filed in any of
these circumstances. The investigation suggested will determine if
a SAR filing is necessary.
Pegasus Educational Services, LLC 107
Anti – Money Laundering (Enhanced Due Diligence)
Monitoring vs.
Closing High
Risk Accounts
In some instances, a determination that a customer, particularly a
consumer customer, is “high risk” should yield account closure, not
additional monitoring. The Examination Manual notes that
examiners should determine whether the bank has:
*Procedures for considering closing accounts as a result of
continuous suspicious activity.
The Q & A portion of the Interagency Guidance on MSBs offers
clear direction:
The decision to maintain or close an account should be made by a
banking organization’s management under standards and
guidelines approved by its board of directors.
LEA Requests
to Keep
Accounts Open
FinCEN guidance encourages financial institutions to ask for a
written request if a law enforcement agency requests them to keep
an account open to facilitate an investigation. The request should
be specific in asking the institution to keep the account opened and
stay in effect for no more than six months.
http://www.fincen.gov/Maintaining_Accounts_Guidance.pdf
Pegasus Educational Services, LLC 108
Risk Rating Customers
Overview
The FFIEC’s BSA/AML Manual makes it abundantly clear that
banks must develop a:
list of high risk customers and
risk assessment that indicates whether their customer
base includes a low, moderate, or high number of high
risk customers.
High Risk of
What?
The potential risk is that the customer could be used to launder
money. (There is no realistic expectation that banks can do risk
based analysis regarding terrorist financing in the absence of
direct government support.) A “high risk” conclusion is not a
suggestion that the customer is involved in money laundering or
that the customer ever will be involved in money laundering. It is
an indicator that the nature of the customer’s operations could
facilitate money laundering, nothing more.
Declining or
Terminating
Customer
Relationships
Based on
Status
If it is possible that a customer risk assessment could result in a
refusal to open an account, the author suggests that the risk
assessment be well documented. It should support the conclusion
that the customer is not being denied banking services based on a
“status” such as being an MSB; embassy or foreign consulate; non
U.S. person, etc, but on the specific level of risk represented by
the potential customer. There is no legal prohibition against
charging a fee for taking an application to open an account. There
is no legal requirement that a decision on an application be made
while the customer waits. As with a loan application, a bank may
require any relevant documentation it wants in support of the
application.
Pegasus Educational Services, LLC 109
Risk Rating Customers
Identifying
High Risk
Customers at
Account
Inception
Step Action
1 Via due diligence and enhanced due diligence at
account inception, identify bank customers who are
subject to expanded examination overview.
Note: The bank may supplement list of customers
subject to expanded examination overview with its
own selections based on other criteria.
2 Objectively evaluate each customer’s potential as a
“high risk” customer based on the customer’s
projected activity.
3 Objectively assign a risk rating. The risk rating
must direct higher levels of required documentation
and monitoring with each incremental level of risk.
The BSA officer may increase, but may not
decrease, the level of risk assigned by the bank’s
system.
Note: An alternative method is to automatically
assign a new customer a “high” risk rating and
review actual account activity 3 to 6 months after
the account is established to determine if the
customer is actually high risk.
4 Continuously or at least periodically review
customers subject to expanded examination
overview, including those previously classified as
high risk, and revise their risk level as
circumstances indicate necessary.
Pegasus Educational Services, LLC 110
Risk Rating Customers
Risk Rating
Individual
Customers at
Account
Inception
From the author’s perspective, status as a foreign citizen or a
politically exposed person are the only facts determinable at
account opening on which a consumer customer might be
reasonably be rated something other than “low” risk. Obviously,
if foreign citizenship is in a high risk country that would further
increase that risk rating as would a disclosure that the customer
intends to conduct international transactions, particularly those
with high risk countries.. If the bank actually concludes an
individual’s account is “high risk” due to the individual’s
expected activity would it be prudent to retain the account; would
the necessary monitoring be cost justified?
Risk Rating
System Based
on Assumption
that Most
Individuals are
Low Risk
The sample risk rating matrix on the following page is just that, a
sample. It is designed around the premise that high risk consumer
or individual accounts would not be accepted or retained if they
were identified as such.
Pegasus Educational Services, LLC 111
Risk Rating Customers
Rating/
Risk Level
Description CIP Customer Due
Diligence
Unique
Transaction
Profile
Monitoring
(Daily Reports
Indicate
Risk Code)
1/Low Consumer accounts, U.S.
Persons
Standard Source of funds
requested if initial
deposit not payroll
check or check drawn
on consumer’s account
at another bank.
No Conventional
daily reports
2/Average Consumer accounts,
non U.S. or Politically
Exposed Persons*
Standard, but
passport required
Source of funds
requested if initial
deposit not payroll
check or check drawn
on consumer’s account
at another bank.
Yes,
questions
regarding
presence in
U.S. &
expected
activity
Conventional
daily reports
3/Average Established business accounts
not subject to expanded
examination overview
This rating is not
assigned at
account
inception.
N/A Only
required at
account
inception
Conventional
daily reports
4/Above
average
All new businesses, ** and
businesses subject to expanded
examination overview not
classified as high risk. The
bank does not open accounts
for non U.S. entities.
Standard. CIP
performed on all
signatories. HR
worksheet
updated annually.
Recent (less than 60
days) bank statement
required for
established businesses
opening new accounts
Yes, updated
annually
Conventional
daily reports
and annual
monitoring
covering 60
days of activity
5/High Rating of 15 or higher on HR
worksheet
Standard. CIP
performed on all
signatories. HR
worksheet
updated annually.
Recent bank statement
required for
established businesses
opening new accounts.
Principals must be
identified at account
opening. Copy of
annual audit. Annual
site visit.
Yes, updated
quarterly
Conventional
daily reports
and quarterly
monitoring
cover 30 days
of activity
* The bank does not retain accounts for consumers that might, due to activity or connections to high risk
jurisdictions, theoretically merit a rating higher than “2.”
**New businesses with are rated a “4” at account inception and then reviewed after 90 days for re-rating.
Most are then rated as a 3. All businesses subject to expanded examination overview are rated as a “4” or a
“5.”
Note: This is not a model or even a suggested rating system. It
is supplied for discussion purposes only.
Risk Rating
Entity and
Organizational
Customers at
Account
Inception
A financial institution’s ability to identify high risk entity and
organizational customers at account inception is dependent on
their status and their self-disclosed future activity. The system
illustrated here relies on an automatic assignment of “high risk”
status to all new entity and organizational customers followed
by an objective analysis once an account history is established.
Pegasus Educational Services, LLC 112
Risk Rating Customers
High Risk Worksheet
Objectively
Identifying
High Risk
Entity
Customers
If customer… then… Points
is subject to expanded examination overview or bank
believes customer is potentially high risk.
add 5
is an MSB rated as “low” risk add 3.
is an MSB rated as “moderate” risk add 6.
is an MSB rated as “high” risk add 10.
has been the subject of a legal order compelling the
bank to turn over information in the last 24 months
add 3 for each.
has relationships with other banks add 2 for each
relationship with this bank is less than 1 year old add 2.
is not eligible for exemption from CTR filing add 1.
makes routine use of wire transfers add 1.
sends wire transfers to destinations outside the U.S. or
receives from non U.S. points of origin
add 5.
is an originator of ACH activity add 3.
is a recipient of ACH credits or debits add 1.
is located in a HIFCA or HIDTA add 1.
has one or more significant customer or vendor
relationships in a HIFCA or HIDTA
add 1.
loans secured by cash equivalents add 1
place of business was not the object of a documented
on-site visit within the last 12 months.
add 1.
[Intentionally left blank]
SUBTOTAL
business activity does not involve significant amounts of
currency
subtract 1
place of business was the object of a documented on-
site visit within the last 12 months.
subtract 1.
has provided a current list of shareholders or principals subtract 1
has no relationships with other banks subtract 2.
is publicly traded on a major exchange subtract 5.
relationship with this bank is more than 2 years old subtract 1 for
each year over 2
lending relationship with this bank is more than 2 years
old and “paid as agreed”
subtract 2.
provided extensive financial information adequate to
support a lending relationship.
subtract 2.
business activities are readily comparable to those of
other bank customers in the same business
subtract 1.
[Intentionally left blank]
TOTAL
Risk Rating
3 4 5
0 - 5 5 - 15 More than 15
Note: How should previous SAR filings be factored into a customer
risk rating?
Pegasus Educational Services, LLC 113
Risk Rating Customers
Identifying
High Risk
Customers
During the
Life of the
Account
Clearly, a bank may already have many existing customers when it
implements a rating system. The high risk customers among them
will have to be identified using labor intensive methods. In
addition, some customers may offer projections that are inaccurate
or their actual activity may not be recognized until it appears on
the bank’s daily reports and it is discovered through due diligence
or enhanced due diligence.
What if We
Get it Wrong?
Customer rated too low – While the bank may have a good AML
system, it is not using it effectively on this particular customer.
Suspicious activity may go undiscovered.
Customer rated too high – The bank is squandering limited
resources by monitoring activity that is not likely to be productive.
No amount of monitoring is going to uncover suspicious activity
where there is none.
Pegasus Educational Services, LLC 114
To Do
Notes
Pegasus Educational Services, LLC 115
We hope you enjoy this seminar and believe your time and your
institution’s money were well spent. The manual you received today is
an excellent desk-top reference on this topic. If your financial
institution would like to order additional copies of this manual, you
may do so by completing the order form below. Please mail the order
form with payment to Pegasus Educational Services, LLC at the
address provided below.
Please mail completed order form with payment to Pegasus Educational Services, LLC
PO Box 6305 Louisville, KY 40206-0305
BSA – AML Compliance Management Manual Order Form
Ship to Financial Institution ____________________________________________________________
Attention of ___________________________________________________________________
Address ______________________________________________________________________
City/State/Zip _________________________________________________________________
Telephone ____________________________________________________________________
Personnel from our institution attended this program and we are enclosing a check for
$65 each (includes sales tax) for ________ additional copies of the manual. Every
fifth copy of the manual is free. Total amount enclosed $ ____________.
Personnel from our institution did not attend this program and we are enclosing a
check for $85 each (includes sales tax) for ________ copies of the manual. Every
fifth copy of the manual is free. Total amount enclosed $ ____________.
BSA –AML Compliance
Management
Seminar Attendees . . .
Pegasus Educational Services, LLC 116
(Blank Page)