Bank Secrecy Act & Anti-Money Laundering Program

Central Virginia Chapter Annual Training Session 2011

Primary Information Sources

www.fincen.gov 31 CFR Chapter X BSAs new home. As of March 1, 2011 the BSA has moved from 31 CFR 103 to its new home in Chapter X. FFIEC BSA Examiners Manual NCUA ARIES Exam Questionnaire

BSA/AML Legislative History

A group of laws designed to assist the government in its efforts to monitor, prevent, and prosecute money laundering and other financial crimes. 1970 Bank Secrecy Act (aka Currency & Foreign Transactions Act Established recordkeeping and reporting requirements for individuals and financial institutions. 1986 Money Laundering Control Act Imposed criminal liability on individuals and financial institutions that knowingly support or assist in money laundering activities. Required the establishment of programs to monitor and report such activities. 1990 Financial Crimes Enforcement Network (FinCEN) is created.

BSA/AML Legislative History

1992 Annunzio-Wylie Anti-Money Laundering Act Strengthened sanctions and Treasurys enforcement role. 1994 Money Laundering Suppression Act Further enhanced Treasurys enforcement role. 1996 The development of the Suspicious Activity Report. 2001 USA PATRIOT Act Response to the terrorist attacks of 9/11.

Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism

BSA/AML Basics

A policy approved by Board of Directors

Must be commensurate with an institutions BSA/AML risk level Must be reviewed and approved annually

A regular periodic BSA/AML risk assessment (generally performed annually) Annual independent review of the credit unions BSA/AML compliance program

Can be conducted by in-house personnel, if independent from BSA/AML processes (e.g. Supervisory Committee) Can be conducted by outside audit firm or League staff

BSA/AML Basics

An individual designated as BSA Compliance Officer

Must be provided the tools and training to effectively manage the institutions BSA/AML program Must be in a position of authority sufficient to manage the BSA/AML program

Annual training for all staff and volunteers as appropriate for job duties and responsibilities

BSA/AML Basics

Internal policies, procedures, and controls to ensure compliance with all aspects of the BSA/AML laws. Transaction Monitoring & Information Reporting

Currency Transaction Reports Suspicious Activity Reports Monetary Instrument Log PATRIOT ACT Section 314(a) PATRIOT ACT Section 326 Customer (Member) Due Diligence

Member Identification Requirements

Record Retention Requirements

BSA/AML Basics

Enforcement by Financial Crimes Enforcement Network (FinCEN), an agency of the Treasury Department Regulatory oversight by NCUA and BFI, depending on charter type. Often the NCUA will take the lead on BSA examinations even in state-chartered credit unions for reasons of safety and soundness Penalties can be civil, criminal, or both and may range from $500 into the millions for specific and systemic BSA violations

Recent Enforcement Actions

Pacific National Bank - $355,000,000 in assets, bank owned by the government of Ecuador

Ordered to pay Civil Money Penalty of $7,000,000 for failure to:

Adequately identify, monitor, and report suspicious activity Conduct sufficient due diligence Adequately audit high risk areas and transactions

Recent Enforcement Actions

Zions First National Bank - $56,000,000,000 in assets

Ordered to pay $8,000,000 penalty for:

Failure to implement effective AML program with regard to foreign accounts Failure to establish internal policies and controls Failure to designate individual responsible for day-today compliance with BSA/AML rules

Recent Enforcement Actions

Pamrapo Savings Bank $593,000,000 in assets

Forfeited $5,000,000 to US Government and Ordered to pay penalty of $1,000,000 for:

Failure to maintain and effective BSA/AML program including:

Lack of internal controls Unqualified BSA personnel Lack of training Deficient independent testing

BSA/AML Policy & Program

Each credit union is required to have a compliance program that includes: a system of internal controls to ensure ongoing compliance testing for compliance by the credit union or outside party a compliance officer responsible for monitoring day-to-day compliance training for appropriate employees. The written BSA compliance policies and procedures should be updated to reflect changes in the credit unions BSA risk assessment as well as any changes to the regulations. NCUA ARIES Exam Questionnaire

Risk Assessment

The credit unions risk assessment should consider the following factors during the risk identification process:

Customers Products Services Geographic locations

The risk assessment should be periodically reviewed and updated, particularly when new products, services, members and geographic locations are added.

The risk assessment process should determine the credit unions inherent risk (quantity of risk), how internal controls mitigate (reduce) risk exposure, and whether the remaining level of risk exposure is appropriate for the credit union. While fully offsetting all BSA/AML risk would be prohibitively expensive for most financial institutions, there should be a reasonable relationship between the level of unmitigated risk and resources devoted to BSA/AML.
NCUA ARIES Exam Questionnaire

Currency Transaction Reports

Report all currency transactions over $10,000 Must be filed within 25 days of the transaction Report must include:

Name Social Security Number & ID number Physical address Occupation Date of transaction Type of transaction Amount of transaction(s) rounded up to nearest dollar

CTR Continued

Deposits aggregated for any business day Withdrawals aggregated for any business day Deposits and withdrawals NOT aggregated All joint owners of an account into which a deposit is made must appear on the CTR.

True also for businesses. All beneficial owners of the business should appear on the CTR.

A recent conversation with FinCEN revealed that for withdrawals from joint accounts only the member we know will benefit must appear on the CTR.

CTR Filing Exemptions

Automatically exempt, no paperwork necessary:

Financial institutions operating in the US Federal or state governments Entities acting with governmental authority

Filing of Designation of Exempt Person form and annual review required:

Entities traded on major exchanges Non-listed businesses Payroll customers

Exemption Criteria

Entities listed on major national exchanges must be exempted using a form DOEP. An annual review of eligibility must be conducted and suspicious activity monitoring is still required Non listed businesses must meet the following:

Conduct at least 5 reportable transactions per year Maintain an account for two months (less if based on detailed risk analysis No more than 50% of gross income from prohibited activities File DOEP Annual review of eligibility Ongoing suspicious activity monitoring and reporting

Prohibited Activities

Serving as a financial institution or agents of a financial institution Purchase or sale of motor vehicles, aircraft, or farm equipment Chartering of ships, buses, or aircraft Gaming of any kind (except licensed parimutuel betting at race tracks)

Auctioning of goods Practice of law, accountancy, or medicine Investment advisory services & banking Real estate brokerage Pawn brokerage Title insurance and real estate closing services Trade union activities

Suspicious Activity Report

Credit unions are required to file Suspicious Activity Reports under the following conditions:

Tell the govt if someone tries to steal your treats!

Insider abuse of any amount Any Federal criminal violations of $5,000 or greater when a suspect can be identified Any Federal criminal violations of $25,000 when a suspect cannot be identified Computer Intrusion

Suspicious Activity Report

Things are not always what they seem!

Transactions of $5,000 or more involving potential money laundering and/or Bank Secrecy Act violations if:

The credit union knows, suspects, or has reason to suspect that: The transaction involves funds from illegal activities and is designed to hide or disguise the true nature of the funds The transaction is designed to avoid BSA reporting The transaction has no apparent business purpose and cannot be adequately explained by investigation

Suspicious Activity Report Timing

If a suspect is identified 30 days from the date activity is determined to be suspicious If no suspect was identified 60 days from the date activity is determined to be suspicious. If the activity giving rise to the SAR continues, new SARs must be filed every 90 days

Always keep an eye out for suspicious activity!

SAR Examples

A business member who suddenly starts making large cash deposits. A member who asks about the limit on filing a CTR report and then makes a transaction for an amount just under $10,000.00. A member who frequently exchanges small bills for large bills. Frequent cash deposits under $10,000 into accounts with low average balances. ATM cash deposits that are below the specified threshold. Businesses that do not normally generate cash in normal course of operation, making numerous cash transactions. An unusual cash deposit for a member given their account history and activity. The transaction has no business purpose or apparent lawful purpose or is not one that the member would normally be engaged in and the Credit Union knows of no reasonable explanation for the transaction after examining all available facts. Loan fraud, including large payment amounts, lies on loan applications, mortgage (both residential and business) loan fraud

SARs Are Secret!

The filing and content of SARs are to be considered secret. The Bank Secrecy Act regulations prohibit the disclosure of the existence and/or content of any SAR filing. Discussions within the credit union should be limited to those with a direct involvement in the identification of the activity or the preparation of the SAR.

SAR Resources

www.fincen.gov

SAR Narrative Guidance SAR Tips and Trends SAR Powerpoint Presentation

Money Services Businesses (MSBs)

Currency dealer or exchanger Check Casher Issuer of travelers checks, money orders, stored value Seller or redeemer of travelers checks, money orders, stored value Money transmitter All except money transmitters subject to $1,000 for any person on any day rule. All money transmitters are MSBs regardless of activity level day = business day = day communicated to members that their transactions will normally post

Why We Care About MSBs

FinCEN requires all MSBs to be registered If an MSB is not registered and is a member of your credit union you have a SAR filing responsibility. Check the MSB list at http://www.fincen.gov/financial_institutions/m sb/msbstateselector.html

Monetary Instrument Log

Record all cash purchases of cashiers checks, travelers checks and money orders in the amounts of $3,000 - $10,000 Required info: Name Address Date of Birth ID # Amount of transaction Type of instrument Number of instrument Date of purchase Most credit unions do not have to keep a physical log because they do not offer these products to non-members. If you do, you will probably need to keep a log.

PATRIOT ACT 314(a)

Requires financial institutions to respond to periodic requests for account/member information from the international law enforcement community. Credit unions must:

Identify an employee as the 314(a) point of contact. This person is listed as such on the 5300. Compare the 314(a) biweekly list against the CUs membership. Any matches must be communicated to the requesting officer/agent within 12 days of the request.

PATRIOT ACT 314(b)

Section 314(b) provides for voluntary sharing of information with other financial institutions. A CU must complete a free registration process. There is no requirement to participate in this program.

PATRIOT Act 326

Requires financial institutions to: Implement reasonable procedures to verify the identity of any person seeking to open an account. Maintain records of the information used to verify the persons identity. Determine whether the person appears on any lists of known or suspected terrorists or terrorist organizations provided to the FI by any government agency. Provide the consumer opening a new account with notice of the information collection requirement.

PATRIOT Act 326 continued

At a minimum, must obtain and maintain records of the following for each new member: Name Date of birth (for individuals) Address (physical address is required) Identification number

Social Security Number Individual Tax Identification Number Passport Number and Country of Issuance An Alien Identification Card Number Number and Country of Issuance of any other foreign government issued ID

Member Due Diligence

From the FFIEC BSA/AML Exam Manual:

"The cornerstone of a strong BSA/AMLprogram is adoption and implementation of comprehensive MDD policies, procedures, and processes for all members, particularly those that present a higher risk for money laundering or terrorist financing. The objectiveshould be to allow the credit union the predict with relative certainty the types of transactions the member is likely to engage.

Member Due Diligence

The concept of MDD begins with verifying the members identity and assessing the risks associated with the member. Processes should also include enhanced MDD for higher risk members and ongoing due diligence for the entire membership.

Record Retention

BSA generally requires record retention of 5 years from the date of creation of the record MIP (PATRIOT ACT 326) requires

Member name, address, date of birth, ID number must be kept for 5 years following the closing of the account Documents relied upon to verify the members identity must be retained for 5 years from the date of the creation of the record

Records do not have to be physical

Money Laundering

What is money laundering?

Moving dirty money (funds from illegal enterprises) through financial systems to disguise the origin of the funds and make them appear legal or clean.

The Stages of Money Laundering

Placement: Physically placing bulk cash proceeds. (e.g. making a deposit into a credit union account) Layering: Separating the proceeds of criminal activities from their origins through layers of complex financial transactions. (e.g. buying big ticket items such as securities, cars, travel tickets often placed in someone elses name to further distance the criminal from the cash.) Integration: Providing an apparent legitimate explanation for the proceeds. (e.g. business investments or transactions)

Money Laundering and Your Credit Union

Financial institutions are prime targets for money launderers based on the many products and services offered that can be used to facilitate all three stages of money laundering.

Placement = deposit accounts (savings, money market, share certificates) Layering = purchase of monetary instruments for use in purchasing big ticket items (money orders, cashiers checks, travelers checks) and using wire transfers to move money around the country and the world Integration = cash used as down payment for real estate (loan obtained through credit union), investments in securities offered through CUSOs, obtaining business accounts for front businesses

Money Laundering Red Flags

Refusal or reluctance to proceed with or abrupt withdrawal of a transaction after learning of CTR filing Refusal or reluctance to provide required information or identification Structured or recurring non-reportable transactions Multiple transactions in even dollar amounts Transactions structured to lose the paper trail Suspicious movement of funds between institutions Non-local address

Money Laundering Red Flags

Multiple accounts for a single member High activity volume with low balances Share certificates used as collateral for loans Loan payments by third parties Disbursement of loan proceeds by multiple credit union checks Replacement of monetary instruments (e.g. purchasing travelers checks with a money order) Monetary instruments purchased with large amounts of cash

Office of Foreign Assets Control (OFAC)

OFAC is a division of the U.S. Treasury Department. OFAC administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals against targeted foreign countries, terrorist, international narcotics traffickers, and those engaged in activities related to the proliferation of weapons of mass destruction.

OFAC continued

OFAC can impose controls on transactions and freeze foreign assets in U.S. jurisdiction. In order to accomplish these goals OFAC has compiled a number of lists of nationals and other entities with whom FIs are prohibited from doing any sort of business. Each OFAC enforced sanction has different restrictions as determined by the federal government and often by order of the President.

Current OFAC Sanction Programs

Balkans Related Belarus Burma Cote dIvoire Counter Narcotics Trafficking Counter Terrorism Cuba Democratic Republic of Congo Diamond Trading Iran

Iraq Related Former Liberian Regime of Charles Taylor Lebanon Libya Non Proliferation Somalia Sudan Syria Zimbabwe

OFAC continued

Non-compliance with OFAC sanctions can result in personal penalties of up to $1,000,000 or 12 years in jail!

How to Stay Out of Trouble

Include OFAC compliance in your BSA/AML program Checks the names of payees for all Cashiers Checks and Wire Transfers against the OFAC master list(s). All new account applicants are checked against the master list(s) prior to providing services. The entire membership is checked against the OFAC master list(s) periodically, or as frequently as the list(s) are updated.

Recent Developments
Trends & Changes in Bank Secrecy Act and Anti-Money Laundering Regulations, Requirements, and Procedures

BSA Rules Get New Home

BSA formerly lived at 31 CFR 103 As of March 1, 2011 can now be found at 31 CFR Chapter X

New CTR and SAR forms are required

No substantive change to the forms or filing procedure. The only update is to code citations in the instructions.

For info on the change go to fincen.gov

NO CHANGE TO FILING REQUIREMENTS OR METHODS

New Data Fields Proposed for CTR and DOEP

Technical changes were proposed to both forms, with a comment period that ended March 28th. The changes are made to support FinCENs move to all electronic processing.

SAR Confidentiality Rules

New guidance allows SAR information sharing with domestic affiliates provided that the affiliate is also subject to SAR filing requirements, is linked to the filing entity by common ownership and is not itself the subject of the SAR.

BSA &Money Laundering in the News

Former Speaker of the House Tom DeLay convicted on money laundering and conspiracy charges. Sentenced to three years in prison Utah bank official charged with money laundering for accepting payments from online gambling companies to process transactions South Korean police say they've arrested a farmer for allegedly hiding about $10 million in cash in a garlic field. Police say his relatives made the money by running an illegal Internet gambling site. Digital currency, stored value cards, internet gambling, virtual life all possible avenues for money laundering

Summary

BSA Requirements

SAR filing reasons?

Board approved policy Annual risk assessment Annual training BSA Officer Annual independent review

Non-compliance penalties? Record retention? CTR filing limit? CTR timing?

Insider abuse any $$ $5,000 when suspect idd $25,000 w/o suspect Computer intrusion Money Laundering, Terrorist Financing, BSA avoidance

SAR timing? SAR Sharing? MIP minimums? OFAC?

The End

Contact: Jason Clarke jclarke@mydccu.com