Reasonably Designed Strengthen and protect your banking relationships by better understanding and executing upon BSA/AML compliance and risk mitigation expectations.

November 19, 2015

Who and What Are You?

• Know Yourself• Third Party Payment Processor?• Money Transmitter?

• Are State Money Transmitter Licenses required?

Money Transmitter

31 CFR 1010.100(ff)(5)

(5) Money transmitter—(i) In general. (A) A person that provides money transmission services. The term “money transmission services” means the acceptance of currency, funds, or other value that substitutes for currency from one person and the transmission of currency, funds, or other value that substitutes for currency to another location or person by any means. “Any means” includes, but is not limited to, through a financial agency or institution; a Federal Reserve Bank or other facility of one or more Federal Reserve Banks, the Board of Governors of the Federal Reserve System, or both; an electronic funds transfer network; or an informal value transfer system; or

(B) Any other person engaged in the transfer of funds.

Facts & Circumstances

Limitations(ii) Facts and circumstances; Limitations. Whether a person is a money transmitter as described in this section is a matter of facts and circumstances. The term “money transmitter” shall not include a person that only:

(A) Provides the delivery, communication, or network access services used by a money transmitter to support money transmission services;

(B) Acts as a payment processor to facilitate the purchase of, or payment of a bill for, a good or service through a clearance and settlement system by agreement with the creditor or seller;

(C) Operates a clearance and settlement system or otherwise acts as an intermediary solely between BSA regulated institutions. This includes but is not limited to the Fedwire system, electronic funds transfer networks, certain registered clearing agencies regulated by the Securities and Exchange Commission (“SEC”), and derivatives clearing organizations, or other clearinghouse arrangements established by a financial agency or institution;

(D) Physically transports currency, other monetary instruments, other commercial paper, or other value that substitutes for currency as a person primarily engaged in such business, such as an armored car, from one person to the same person at another location or to an account belonging to the same person at a financial institution, provided that the person engaged in physical transportation has no more than a custodial interest in the currency, other monetary instruments, other commercial paper, or other value at any point during the transportation;

(E) Provides prepaid access; or

(F) Accepts and transmits funds only integral to the sale of goods or the provision of services, other than money transmission services, by the person who is accepting and transmitting the funds.

More…Facts & Circumstances

Limitations

State Money Transmitting Licenses

• Concerned with “Safety and Soundness” and “Consumer Protection”

• Typically apply when receive and hold consumer funds with promise to make available / deliver elsewhere

• Felony under 18 USC § 1960 to operate without license when required

• Agent of Payee exemption: California, Nevada, New York, North Carolina, Ohio, Texas, Virginia

• Agent of Payee may potentially not be exempt in: Arkansas, the District of Columbia, Florida, Illinois and Washington

Culture of Compliance

FinCEN Advisory FIN-2014-A007 was released August 11, 2014. It is instructive in clearly laying out expectations and identifying foundational issues which can prevent or lead to problems.

It is another tool you can use to influence your organization’s leadership…to help them live and breathe BSA/AML the same way that you

do.

“Based on the enforcement cases I have seen time and time again, both during my time as a prosecutor at the U.S. Department of Justice and now as Director of FinCEN, I can say without a doubt that a strong culture of compliance could have made all the difference. If I were to find myself responsible for BSA/AML compliance within any financial institution, my first order of business would be to pay attention to these core, fundamental concepts. Because once you have a strong culture in place, including the support of your institution’s leadership, you have a firm foundation on which to build an effective program.”

Jennifer Shasky Calvery, Director, FinCENFIBA, Anti-Money Laundering Conference

February 20, 2014

What might compliance look like?

Knowing what you are required to do and getting it done• A Culture of Compliance• Ethical Conduct• Know Your Customer• Secure and verify customer ID• Report cash transactions as required• Be alert for, monitor activity and report Suspicious Activity• Effective oversight of third parties • Effective corporate governance practices - accountability

6 Ways to Strengthen Any Program

A financial institution can strengthen its BSA/AML compliance program by ensuring:• Engaged Leadership

“its leadership actively supports and understands compliance efforts”• Compliance not compromised

“efforts to manage and mitigate BSA/AML deficiencies and risks are not compromised by revenue interests”

• Lines of Communication“relevant information from the various departments within the organization is shared

with compliance staff to further BSA/AML efforts”• Human and Technological Resources

“the institution devotes adequate resources to its compliance function”• Competent Independent Testing

“the compliance program is effective by, among other things, ensuring that it is tested by an independent and competent party”

• Purpose“its leadership and staff understand the purpose of its BSA/AML efforts and how its

reporting is used”

AML Regulations NOT meant to shut legitimate business out of

the financial system

“Just because a particular customer may be considered high risk does not mean that it is ‘unbankable’ and it certainly does not make an entire category of customer unbankable. Banks and other financial institutions have the ability to manage high risk customer relationships.

It is not the intention of the AML regulations to shut legitimate business out of the financial system. I think we can all agree that it is not possible for financial institutions to eliminate all risk. Rather, the goal is to provide banking services to legitimate businesses by understanding the applicable risks and managing them appropriately.”

Jennifer Shasky Calvery, Director, FinCENFIBA, Anti-Money Laundering Conference

February 20, 2014

Decisions of Board & Senior Management

are Critical

“The fact is, when we look at the issues underlying BSA infractions, they can almost always be traced back to decisions and actions of the institution’s Board and senior management.”Deficiencies fall into four (4) areas:

• Culture of Compliance• Resources Committed to BSA compliance• Strength of Information Technology and monitoring processes• Quality of risk management

Thomas J. CurryComptroller of the Currency

ACAMS, March 17, 2014

Walk the TalkBoard and senior management must send right message AND also “walk the talk”

• by ensuring that there is an alignment between good compliance practices and the financial system’s system of compensation and incentives.

• by providing increased resources• by increasing the authority and status of the BSA Officer within the organization

• by ensuring proper incentives are incorporated throughout the organization

Thomas J. CurryComptroller of the Currency

ACAMS, March 17, 2014

Quick Primer: The Basics

“Bank Secrecy Act”TPPPs are partners with other FIs and Law Enforcement Protect our nation, communities and families from money laundering, terrorist financing and illicit activities.

The “4 Pillars”1. Development of Internal Policies,

Procedures and ControlsRisk focused policiesProcedures for each area or functionControls to Ensure ComplianceMonitoring and Reporting Systems

2. Designation of Compliance OfficerSufficient time, resources and authority

3. Training ProgramContent based on current procedures and systemsRelevant to specific audience position and responsibilitiesDocumentation

4. Independent TestingSufficient scope and testingReporting to the Board of DirectorsTimely action to address any concerns or weaknesses

Customer Identification and

Due Diligence

Is the customer who they claim to be?What is normal, reasonable and expected?How much potential risk does a customer represent?

Assess, Monitor, Investigate, Report, Terminate• Assess Risk

• Understand which customers present higher potential risk

• Do more where warranted• Transaction Monitoring• Reporting• Disciplinary Action and Termination

Independent Review

Required AND ValuableHelps Protect TPPP, Staff, Management and shareholders

Critical to protecting bank relationshipMany banks setting requirements to accept reviews

ACAMS - CAMS; ACFCS-CFCS, FIBA-FIU - CP/AML; former regulator

Scope and frequency commensurate with risk of the financial servicesIdentify deficiencies, evaluate complianceDetailed, written report - share with bank

Unfair Deceptive and Abusive Acts or Practices (UDAAP)

The term “UDAP” (Unfair or Deceptive Acts or Practices) has been around for several years. Section 5(a) of the Federal Trade Commission (FTC) Act prohibits “unfair or deceptive acts or practices in or affecting commerce”. The FTC standards are broad and apply to any unfair or deceptive practices affecting consumers or commercial businesses.

The Dodd-Frank Act introduced UDAAP and directs the Consumer Financial Protection Bureau (CFBP) to issue regulations designed to prevent UDAAP. The additional “A” adds the term “abusive” to the mix. The CFPB’s role is to supervise financial institutions’ consumer products and services. Even though the old UDAP standards applied to commercial and consumer commerce, UDAAP will concentrate on products and services directed towards consumers.

The practice causes or is likely to cause substantial injury.The injury cannot reasonably be avoided.The injury is not outweighed by any benefits.

What is “unfair”?

The practice misleads or is likely to mislead.A “reasonable” consumer would be misled.The presentation, omission or practice is material.

What is “deceptive”?

What is “abusive”?

The practice materially interferes with the consumers ability to understand a term or condition of a product or service.The practice takes unreasonable advantage of a consumer’s lack of understanding of the risk, costs and conditions of a products or service.

Pass Through Risk from Customer Transaction ActivityTPPPs and banks serving TPPPs could have potentially significant pass through risk from UDAAP issues. Any consumer product or service has the potential of being criticized for possible UDAAP violations.

Ones receiving a lot of attention include:

high interest small loans, e.g. payday lending

Loan payment processing

Debt restructuring / payment services

Loans with balloon payments

Credit life and disability insurance sales

Financial Product UDAAP Risk

Financial institutions subject to regulations such as UDAAP should evaluate their risks and mitigate the impact violations may have on their organization. Proactive steps FIs can take include:

Regularly review features of consumer products and services. Evaluate product features and promotional materials and determine if any terms fall within the broad definition of UDAAP.Evaluate new products for features that could be misunderstood or ones that have been omitted.Review revenue streams for trends that may suggest abusive practices.Evaluate written and oral methods of communicating product features to customers.Review third-party service provider agreements to develop a clear understanding of their practices surrounding the service being provided.Review all bank policies and procedures for practices that suggest unfair, deceptive, or abusive practices.Create a consumer-friendly culture within your organization.Evaluate customer complaints for signs of more serious systemic problems.

Regulatory Expectations for Your Bank

Policies and procedures for banking TPPPsReasonable understanding of TPPP risks and process to risk rateMeaningful additional action on higher potential risks Effective supervision/monitoring of TPPP accounts and activitySAR filing.Disciplinary Action and Termination, as appropriate.

Potential Risks of TPPP Relationships to Banks

• Liquidity: TPPPs may require large dollar transfers to/from their account. Bank must monitor volumes and be prepared to deal with potentially large fluctuations.

• Fraud: Merchant fraud, unauthorized transactions, abusive transactions, etc. may occur. Vigilance over TPPP relationship, their customer relationships, and monitoring of returns and customer complaints is a necessity.

• Compliance: BSA/AML/OFAC, ACH rules, Reg CC, Reg E, etc.• Consumer Protection and Liability: Bank could have liability if a TPPP

processes transactions for illegal activity. UDAP (FTC), UDAAP (CFPB)• Reputation: Public and regulators may perceive poor safety and soundness

if not managed well, loss or action against TPPP• Credit: Overdrawn accounts due to excessive returns and chargebacks may

become uncollectible.

Maintain and Build Banking Relationships

Establish and Maintain a Strong Compliance Program and CultureRespect and Partner with bank to ensure mutual risk mitigation requirements and regulatory requirements are effectively metMaintain open communications

Jay Postma, CAMSPresidentMSB Compliance Inc.Jay.Postma@MSBComplianceInc.com(678) 389-9068

www.LinkedIn.com/in/jaypostmawww.MSBComplianceInc.com

www.Twitter.com/MSBCompliance

Weekly newsletter:

www.paper.MSBComplianceInc.com