Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Bank Secrecy Act
CUNA
Must Know Mondays
November 17, 2014
1
2
David A. Reed
Attorney at Law
Reed & Jolly, PLLC
Fairfax, Virginia
(703) 675-9578
2
3
The contents of this presentation are intended
to provide you with a general understanding
of the subject matter. However, it is not
intended to provide legal, accounting, or
other professional advice and should not be
relied on as such.
BSA Laws
• Anti-Drug Abuse Act of 1986
• Money Laundering Control Act of 1986
• Bank Secrecy Act of 1970
• Currency and Foreign Transactions Reporting
Act
• NCUA Rules and Regulation Part 748.2
• Financial Recordkeeping and Reporting of
Currency and Foreign Transactions rules
• Title III of the USA PATRIOT Act
4
BSA Compliance Issues
• Board’s Role in BSA Compliance
• Anti-Money Laundering Policy
• Reportable Cash Transactions/CTRs
• CTR Exemptions
• Suspicious Activity Reports
• Monetary Instruments Recordkeeping
• Documentation of Funds Transfers
• USA PATRIOT Act – CIP/MIP and Information Sharing
• Record Retention
• Penalties
5
What’s New with BSA?
• It continues to be a high examination priority.
• New CTR and SAR forms (March 31, 2013).
• Mandatory electronic filing of CTR and SAR forms.
• New leadership at FINCEN6
NCUA Rule 701.4
• Clarification and standardization of key
FCU director duties in one place.
• Only applies to FCU directors!
• Best practices for ALL directors.
7
Duties of a Director(1) Carry out his or her duties as a director in good
faith, in a manner such director reasonably believes to be in the best interests of the membership of the Federal credit union as a whole, and with the care, including reasonable inquiry, as an ordinarily prudent person in a like position would use under similar circumstances;
(2) Administer the affairs of the Federal credit union fairly and impartially and without discrimination in favor of or against any particular member;
8
Duties of a Director
(3) At the time of election or appointment, or within a reasonable time thereafter, not to exceed six months, have at least a working familiarity with basic finance and accounting practices, including the ability to read and understand the Federal credit union's balance sheet and income statement and to ask, as appropriate, substantive questions of management and the internal and external auditors; and
(4) Direct management's operations of the Federal credit union in conformity with the requirements set forth in the Federal Credit Union Act, this chapter, other applicable law, and sound business practices.
9
The All Seeing Eye
10
1
1
Board Responsibilities - The Buck
Stops With You!
• Being a Board member is NOT a spectator sport!
• Directors are the ultimate decision makers
• You can delegate the task, not the associated responsibility
1
2
Things to consider
• How is the compliance function supported
at your credit union?
• BSA Compliance – What’s in your
system?
• Product development and delivery
systems
• Compliance committee
• What’s the worse that can happen?
12
1
3
What the Examiner Wants to See
• An effective compliance management system is
commonly comprised of three interdependent
elements:
– Board and management oversight
– Compliance program
– Compliance audit
• When all elements are strong and working together,
an institution will be successful at managing its
compliance responsibilities and risks now and in the
future.
The Moving Parts of Security
• Part 748 Security Program
• Part 748.1 Filing of Reports
– Compliance Report
– Catastrophic Act
– Suspicious Activity Report
• Part 748.2 BSA Compliance
– Establish a compliance program
– CIP
• Appendix A Safeguarding Member Information
• Appendix B Response Program – Unauth. Access
1
5
Board Responsibilities
• Board, appropriate committee, or designated employee in senior management should:
– Assign specific responsibility for the Program’s implementation
– Approve initial Program and changes and record in the board's minutes
– Review annual reports regarding compliance
– Have staff responsible for Program report to the board
The Certification
“The chairperson of the Credit Union’s Board of Directors is required to certify compliance with Part 748 each year. The statement of compliance is provided at the bottom of the Credit Union Profile Form that is submitted annually to the regional director following the credit union’s election of officials.”
Source: NCUA CU Profile Form 6/14
I hereby certify to the best of my knowledge and belief that this credit union has developed and administers a security program that equals or exceeds the standards prescribed by Part 748.0of the NCUA Rules and Regulations; that such security program has been reduced to writing, approved by this credit union's Board of Directors; and this credit union has provided for the installation, maintenance, and operation of security devices, if appropriate, in each of its offices. Further, I certify that I am the president or managing official of the credit union or that the president or managing official has authorized me to make this submission on his/her behalf.
______________________________________________
YOUR NAME HERE
Anti-Money Laundering Policy
and Program
• NCUA Rules and Regulations, Part 748
– Designation of BSA Compliance Officer
– Development of internal controls,
procedures, and policies
– Ongoing training
– Independent audit function/testing of
program
1
8
1
9
Risk Assessment: It All Starts Here
• The risk assessment should be considered
the foundation of a BSA/AML compliance
program.
• Without a comprehensive risk analysis of
its business, it is highly unlikely that a
credit union can design an effective
program well suited to manage the risks of
that particular institution.
19
Currency Transaction Reports
• Credit unions are required to report:
– Deposits, withdrawals, transfers and other
transactions
– Involving currency (cash)
– Exceeding $10,000
• Includes single or multiple transactions made on
the same day (aggregate weekends, ATM and
night deposit transactions)
2
0
Currency Transaction Reports
• Includes transactions made by the member or on behalf of the member
• Joint accounts – CTR should list all joint owners on account for deposits. In the case of account withdrawals, list only the individual who is making the withdrawal unless you have facts to suggest that all or additional joint owners will benefit from the transaction.
• CTR forms must be filed within 15 days of the transaction.
2
1
Completing and Filing the CTR
• FinCen Form 104
• Part I - Person(s) involved in the transaction
– Section A
– Section B
• Part II – Amount and type of transfer
• Part III – Credit union information
• Filing
2
2
Proper Identification
• Person presenting a reportable transaction
– Name
– Address
• Person on whose behalf a reportable
transaction is made
– Identity
– Account number
– SSN/TIN
2
3
Suspicious Activity Reporting
• FinCen Form TD-F- 90-22.47
• When to file a Suspicious Activity Report?– Insider abuse involving any amount
– Violations aggregating $5,000 or more where a suspect can be identified
– Violations aggregating $25,000 or more, regardless of a potential suspect
– Transaction aggregating $5,000 or more that involve potential money laundering or violations of the BSA
2
4
Suspicious Activity Reports
• Credit unions are also advised to file a SAR:
– whenever it suspects that identity theft has
occurred, or
– if it detects money laundering or structuring
transactions to evade currency transaction
reporting.
– if there is reason to suspect a transaction is
relevant to a possible violation of law or
regulation– the “catch-all” provision.
2
5
What’s suspicious activity?
• There are a number of activities that
should raise a “red flag” as possibly
facilitating money laundering or terrorist
financing.
• “Red flags” warrant closer scrutiny,
which will sometimes include filing a SAR .
2
6
Red Flags
• A member uses unusual or suspicious
identification documents that cannot be
readily verified.
• A member makes frequent or large
transactions and has no record of past or
present employment experience.
2
7
Red Flags
• A member tries to persuade a credit union
employee not fill out a CTR or maintain
required records.
• A member separates a cash transaction
over $10,000 in to several transactions in
an attempt to avoid the CTR reporting
threshold.
2
8
Red Flags
• When establishing a new account, a
member is reluctant to provide complete
information about the nature and purpose
of his business, anticipated account
activity, prior relationships with financial
institutions, information on the location of
the business or the names of its officers
and directors.
2
9
Suspicious Activity
• Transactions involving illegal funds
• Structuring
• Uncooperative members
• Evasion of BSA reporting requirements
• Inconsistent member activity
• Computer Intrusion
• Terrorist activity
• Identity theft
3
0
Notifying the Board of SAR Filings
• Management must “promptly” notify the
CU’s board of directors (or designated
committee) of any SAR filings.
• “Promptly” means at least monthly, e.g.,
the monthly board meeting.
3
1
Notifying the Board of SAR Filings
• There is no required format for sharing
SAR information with the board:
– May use a spreadsheet or otherwise
summarize the SARs that were filed.
– May also share a copy of the actual SAR with
the board; however, remember SAR
confidentiality if an insider was involved in the
reported activity!
3
2
Confidentiality Is Essential!
• FINCEN emphasized this fact in their 3/12 bulletin:
“FinCEN reminds financial institutions to be vigilant in maintaining the confidentiality of SARs. This includes ensuring all employees, agents, and individuals appropriately entrusted with information in a SAR are informed of the individual obligation to maintain SAR confidentiality. This obligation applies not only to the SAR itself, but also to information that would reveal the existence (or non-existence) of the SAR. Likewise, such persons should be informed of the consequences for failing to maintain such confidentiality, which could include civil and criminal penalties as explained herein.”
3
3
Your Experience Matters
• Review the credit union’s CTRs and SARs
history.
• How many are filed each year?
• Are the numbers increasing or decreasing?
• What are the recurring themes?
3
4
Money Laundering Red Flags
• Appendix F of the FFIEC BSA Manual
• Contains examples of suspicious activity
• Red flags don’t mean illegal activity, only
the need for additional due diligence
• Great resource for your BSA program
3
5
Monetary Instrument
Recordkeeping
• Sales of monetary instruments involving
$3,000 - $10,000 cash
– Cashier’s checks
– Teller checks
– Money orders
– Traveler’s checks
3
6
USA PATRIOT Act• Customer/Member Identification Program
(CIP/MIP)
1)Verify the identity of any person seeking to open an account.
2)All information used to verify the person’s identity must be recorded and maintained.
3)Each new member’s name must be screened against any government list of known or suspected terrorists.
4)Member Identification Program must be approved by the credit union’s Board of Directors.
3
7
BSA Forms
• Remember
– CTRs do not have to be confidential
– SARs are confidential
– When completing these forms, do
not write “I don’t know”
• Unavailable or unknown
3
8
3
9
BSA - Bank Secrecy Act
INTRODUCTION AND PURPOSE
REPORTS
PENALTIES
RECORD RETENTION REQUIREMENTS
REGULATORY REFERENCES
Risk Assessment / Scoping Yes/No Comments
1.0.0 Does review of the AIRES Compliance Violations module indicate that all
prior violations are resolved?
2.0.0 Has the credit union received correspondence from law enforcement or
outside regulatory agencies relating to BSA compliance since the last
examination?
3.0.0 Does the credit union maintain a list of high risk accounts?
4.0.0 Has the credit union completed an appropriate assessment of BSA AML risk?
4.0.a a. If response to Question 4.0.0 is no, assess BSA risk using examiner
judgment and note exam BSA risk assessment in Comments box.
Basic Requirements - Policy Yes/No Comments
5.0.0 Has the board of directors established an appropriate written program to
assure the CU meets BSA reporting and recordkeeping requirements?
Does the written BSA compliance program address:
5.0.a a. Internal Controls (748.2(c)(1))
5.0.b b. Independent Testing (748.2(c)(2))
5.0.c c. Responsible Individual (748.2(c)(3))
5.0.d d. Training (748.2(c)(4))
5.0.e e. Customer Identification (748.2(b))
4
0
4
1
Most Common Violations
• Training
– Not recent
– Not documented
• Independent Testing
– Not covering all credit union operations
– Not recent (12 to 18 months)
4
2
Most Common Violations
• Internal Controls
– Risk assessment not updated
– Suspicious Activity Monitoring System inadequate
• Information Sharing (FinCEN 314(a) lists)
– Not checking the lists
– No documentation
– Self certification
4
3
Most Common Violations
• Notification of SAR filings to BOD
– Not included in minutes
– Not referenced in policy
Penalties
• Individuals who intentionally violate the
BSA could face criminal penalties of not
more than $500K and imprisonment not to
exceed 10 years.
• Currency and other monetary instruments
are subject to seizure and forfeiture if
certain violations are committed.
4
4
4
5
• The FFIEC Bank Secrecy Act/Anti-Money
Laundering Examination Manual
• Available online at
http://www.ffiec.gov/bsa_aml_infobase/defaul
t.htm
• Considered the “BSA bible” by examiners!
Be sure to read!!!
Online Resources
– National Credit Union Administration
www.ncua.gov
– Financial Crimes Enforcement Network
www.fincen.gov
– MSB Resources found at www.msb.gov or
www.fincen.gov
– Office of Foreign Assets Control
www.treas.gov/offices/enforcement/ofac
4
6
4
7
QUESTIONS?