2017 ERO Compliance Training

Transcription

1 2017 ERO Compliance Training

2 Purpose of Compliance Training The purpose of the Refundo Compliance Training is to ensure adequate training, monitoring and supervision of tax preparers in the performance of designated activities related to the offering of Refundo Financial Products. Prior to the 2017 Tax Season, all EROs and their staff must study this Refundo Compliance Training manual, and pass Refundo s Compliance Test before offering Refundo products to any applicant. When completing this training, you will learn about different laws and policies affecting the delivery and processing of Refundo products. This training is not exhaustive, but rather highlights certain key points. ERO s should view this training as a starting point. By completing and passing Refundo s compliance training you will gain an awareness of certain banking and consumer credit laws. You will have confidence in providing each applicant with the Refundo product they select. Refundo is committed to protecting its reputation as well as its safety and soundness by implementing practices and controls, and exercising due diligence to deter the use of its services by money launderers and terrorist financiers. To that end, Refundo has adopted, among others, a comprehensive Anti-Money Laundering Policy to address its responsibilities with respect to money laundering compliance as established by the BSA, USA Patriot Act of 2001, and the U.S. Department of the Treasury s OFAC.

3 During your online Compliance Training you will study various acts and policies, including but not limited to: 1. IRS Publication Office of the Comptroller of the Currency - OCC Bulletins 3. Federal Trade Commission Act of 1914 ( FTC Act ) 4. Anti-Money Laundering ( AML ) 5. Bank Secrecy Act of 1970 ( BSA ) 6. Money Laundering Control Act of Gramm-Leach-Bliley Act of 1999 ( GLBA ) 8. USA Patriot Act of USA Patriot Act & Customer Identification Program (CIP) 10. Office of Foreign Assets Control (OFAC) 11. Fair and Accurate Credit Transactions Act of 2003 ( FACTA )

4 IRS Publication 4600 Information Safeguards Shortlist 1. Maintain a list of all the locations you handle taxpayer information. Office buildings, self-storage facilities, residence, temporary return preparation sites Filing cabinets, desk drawers, boxes Computers, optical disks, zip drives, USB removable media (thumb drives, memory sticks) 2. Assess the risk of unauthorized access, use, disclosure, modification, or destruction of the taxpayer information you handle. Can visitors access taxpayer information you keep? Can an employee with malicious intentions modify taxpayer information on a return? Can return preparation software you provide for customers cause an inadvertent disclosure of one taxpayer s information to another? Can a computer virus corrupt taxpayer returns you transmit? Can a flood destroy paper and electronic taxpayer records you maintain? 3. Assess the impact of unauthorized access, use, disclosure, modification, or destruction of taxpayer information you handle. Can your client become the victim of identity theft? Can a denial of service attack cause you to lose customers? Can your business incur criminal or civil penalties? 4. Write and follow an Information Security Plan that shows how you are addressing risks. There are examples of Information Security Plans on the internet. Describe the paper/electronic information system(s) you use to handle taxpayer information. Document the safeguards you need and have.

5 Title 26 Internal Revenue Code (IRC) 6713 imposes monetary penalties on the unauthorized disclosures or uses of taxpayer information by any person engaged in the business of preparing or providing services in connection with the preparation of tax returns. IRS Publication 4600 (Continued) 5. Specify in contracts with service providers the safeguards they must follow. Monitor how contractors handle taxpayer information. 6. Test, monitor, and revise your Information Security Plan on a periodic basis. Can you recover records from backup files and systems if primary records are destroyed? Do you prohibit and avoid leaving taxpayer information unsecured on desks or photocopiers, in mailboxes, vehicles, trash cans, or rooms in the office or at home? Are your employees following information security procedures? Did your computer system pass vulnerability testing? Are you using shredders when discarding paper taxpayer records? Are your contractor service providers following an acceptable Information Security Plan? 7. Put in place additional safeguards as needed. 8. Provide privacy notices and practices to your customers, if required by the Federal Trade Commission Privacy Rule. 9. Follow your federal, state, and local laws and regulations. NOTE: Title 26 Internal Revenue Code (IRC) imposes criminal penalties on any person engaged in the business of preparing or providing services in connection with the preparation of tax returns who knowingly or recklessly makes unauthorized disclosures or uses of information furnished to them in connection with the preparation of an income tax return.

6 OCC Bulletin Risk Management for Banks that Offer Tax Refund Related Products Key components of oversight ERO should expect from Refundo and Refundo s Bank: Ensuring that tax preparer s compensation is not associated with higher-cost tax refund related products for customers. Tracking complaints from initiation to closing by putting in place policies and procedures to collect, review, and appropriately respond to customer complaints related to tax refund-related products. The bank should have the necessary systems independent of third-party provider to capture and monitor customer complaints. Assessing all facets of product delivery to customers. The assessment should be timely and focus on statistically representative population of customers using tax refund related products, as well as on a sample of tax preparation firms or personnel identified as high risk through exception reports and other means. Developing and monitoring exception reports designed to identify variances from predetermined acceptable levels of fees and interest charges on bank products and tax preparation services. Performing due diligence regarding the appropriateness of the third-party provider relationships on an ongoing basis. Management should periodically meet with third-party providers to discuss performance and operations issues, periodically monitor the adequacy of training provided to third-party provider employees, especially front-line personnel, and regularly review third-party provider audit reports.

7 Federal Trade Commission Act Unfair and Deceptive Acts and Practices The Federal Trade Commission (FTC) Act prohibits deceptive acts or practices in the conduct of business. The Act forbids deceptive omissions of information if such omissions are considered unfair or deceptive to customers.

8 Anti-Money Laundering ( AML ) Anti-Money Laundering (AML) is an international initiative. Its objective is to curb the flow of illegal funds through financial institutions. In the United States, there has been a series of laws passed to aid in the prevention, detection and reporting of money laundering executed through financial institutions. Funds acquired illegally through the sale of illegal substances, corruption, theft or fraud, are often deposited into a financial institution. The movement of the funds through the financial network creates the illusion that the funds are legitimate. Money laundering usually occurs in three stages: Placement or deposit of illegal funds into a financial institution Layering of funds through multiple transactions and/or through multiple institutions disguising the source of funds and obscuring the audit trail Integration of the funds back into the market through the withdrawal and purchase of assets.

9 The Bank Secrecy Act of 1970 BSA addresses the movement of large sums of illegal cash through financial institutions. The law requires individuals, banks, and other financial institutions to: File currency reports (CTRs) with the U.S. Department of the Treasury (U.S. Treasury), for cash transactions in excess of $10,000. Properly identify persons conducting transactions, and maintain a paper trail by keeping appropriate records of financial transactions. Report any suspicious activity to The Financial Crimes Enforcement Network (FinCEN) through a Suspicious Activity Report (SAR) within 30 days of identifying the activity as suspicious.

10 Money Laundering Control Act of 1986 The Money Laundering Control Act of 1986 criminalized money laundering and defined Willful Blindness. Willful Blindness is a criminal offense. You can be guilty of willful blindness if you: Deliberately ignore facts, which a reasonable person would consider suspicious such as: inconsistent information provided by the customer or knowledge that the customer s income is derived through illegal means, or Fail to acknowledge suspicious activity that should have been recognized and reported. 10

11 Gramm-Leach-Bliley Act of 1999 The Gramm-Leach-Bliley Act (GLBA) was signed into law in 1999 and is implemented by Regulation P. The privacy provisions of the Gramm-Leach-Bliley Act (GLBA) require financial institutions to provide policies and practices and to describe the conditions under which they may disclose non-public personal information to nonaffiliated third parties. An important aspect of the legislation provides consumers with a method to prevent financial institutions from disclosing non-public personal information to certain non-affiliated third parties by opting out of that disclosure, subject to various exceptions stated in the law. First, GLBA requires us to: Disclose to customers the types of information we collect about them Disclose to customers our information sharing practices Permit customers to opt out of our sharing of information with third parties Second, GLBA requires us to safeguard customer s personal information: Manage the physical security of our offices, computers and customer records to minimize vulnerability to information theft and unauthorized access to, or disclosure of, personal customer information. Manage the security and integrity of our computer systems to prevent unauthorized access and protect the data processed and stored by these systems. 11

12 Gramm-Leach-Bliley Act of 1999 (continued) What should you do to comply? Open the tax interview by answering any questions regarding the Refundo privacy policy that a customer may have. The privacy notice includes important information on how Refundo protects our customer s non-public, personal information and provides instructions on how customers can opt out of information sharing. Refundo has established policies and procedures for the safeguarding of confidential customer information. You have responsibilities under the Refundo s Privacy Policy to keep your physical work area and customer records secure; and to use the company s computer systems as instructed to maintain good security. This includes use of proper passwords and keeping your passwords private. 12

13 Know Your Customer (KYC) KYC is a critical part of Refundo s overall AML program. It encompasses the customer's relationship, beginning with the account opening process and continuing through the entire life of the customer's relationship. Refundo strives to do business with individuals and businesses of sound character and good reputation. One of the most effective methods to minimize compliance, regulatory, operational, and reputational risks associated with money laundering and terrorist financing is for all tax preparers to know the customers applying for credit with Refundo. Additionally, knowing one's customer mitigates credit risk and enhances the customer experience. In order to fulfill KYC requirements, when opening a new account, you must: Determine and verify the identity of the account holder; Identify the sources of wealth and the applicant s occupation; Determine the purpose of the account 13

14 The USA PATRIOT Act of 2001 The USA PATRIOT Act of 2011 furthered the requirements to prevent, detect and report money laundering and terrorist financing. The law requires financial institutions to establish AML Programs which must include: Policies and procedures to protect the institution against money-laundering and terrorist financing The appointment of an AML Compliance Officer to oversee the activities with respect to anti-money laundering Ongoing training for the staff to ensure knowledge of the law and compliance procedures. (Training attendance records must be retained for 5 years and be available for review by Regulators.) Independent testing of procedures to ensure effectiveness. Customer Identification Program ("CIP") Section 326 of the USA PATRIOT Act of 2001, commonly referred to as the Customer Identification Program ( CIP ), requires financial institutions to make a reasonable effort to determine the true identity of all customers requesting services, at the time of the customers initial request. Financial institutions must implement, and cause customers to comply with, reasonable procedures for: Verifying the identity of any person seeking to open an account to the extent reasonable and practicable (via documentary or non-documentary method) Maintaining records of the information used to verify a person s identity, including name, address, and other identifying information (must be retained for 5 years after account has been terminated) Consulting lists of known or suspected terrorists or terrorist organizations provided to the financial institution by any government agency to determine whether a person seeking to open an account appears on any such list (e.g. OFAC). 14

15 CIP Minimum Requirements The PATRIOT Act was specific regarding minimum identification requirements. On behalf of Refundo, tax preparers must obtain from each applicant: Full legal name Physical address (No PO, CPO boxes) Date of birth Social Security Number ("SSN") Customer identification through documentary or non-documentary means For Non-US Individuals (Note: Not applicable to financial product customers): Passport number, country of issuance, issue date, expiration date, or an Individual Taxpayer Identification Number ( ITIN ). Non-U.S. individuals may be required to file a U.S. tax return, but may not be eligible for a Social Security Number. Address Verification Physical Address (Mandatory) it is critical that we capture a customer s residential address. Product applications listing only a P.O. or C.P.O. Box address will be rejected. If the primary and joint applicants live at two different addresses, both addresses must be captured and verified. The primary and/or joint applicant s residential address cannot be populated with the tax office s address. Phone Verification The primary and/or joint applicant s home phone number field cannot be populated with the tax office s phone number. The primary and/or joint applicant s home phone number field should not be populated with sequential numbers or invalid numbers. 15

16 Documentary Identification Requirements for Refundo Financial Products (Check or Direct Deposit)(Continued) Group B - One of these in this group must be a photo ID Place of Issuance Mexican consular card Copy of form 8453 or IRS E-file signature authorization (Deposit Authorization) within the last 10 years including the 1040 PC) Copy of prior year tax return (within last 10 years including the 1040 PC) Prior customer on file - receipt Check cashing ID Current paystub Department Store/Gas company credit card Motor vehicle registration Social security card - name as it appears on card Union membership ID Local # / Union Name Voter Registration Card IRS ITIN or ATIN letter Employee ID / Name of employer Food stamp ID Major credit card name (Visa, MC, AMEX, Discover, Optima) State welfare ID Indian Tribal Card / Name of Tribe 16 State of residence State of residence State of residence State of residence City/State where employer located City/State of residence County/State where vehicle is registered Not applicable State of residence County/State where registered Government issued City/State where employer resides City/State of residence City/State of residence City/State of issuance Tribal address

17 Documentary Identification Requirements for Refundo Financial Products (Check or Direct Deposit) Documentary Identification Requirements for Refundo Financial Products Each taxpayer, including both spouses using married filing joint filing status, must provide an unexpired government-issued photo ID from Group A or two of the Group B ID options. Further, one of these Group B options must be a photo ID. The primary method of verification for CIP and KYC is obtaining unexpired forms of identification for the primary and joint applicant. Either one form of photo Identification ( ID ) from Group A or two forms of ID (one of which must be a photo ID) from Group B is required for each applicant. Identification number, place of issuance, date of issuance, and expiration date will be captured, where available, via tax software and sent to Refundo. IDs marked as duplicate are not allowed. Unless prohibited by law, ERO must maintain color copies of identification. The ERO will review the documentation provided by the applicant against the information provided on the application. If there is a discrepancy between the applicant s identification document(s) and information provided at time of account opening (Address on identifying documents in Groups A and B do not match current residential address), the ERO must inform Refundo of the type of discrepancy and how it was resolved. Identification documents must be reviewed in person by the ERO. ID Discrepancy Reminder The following examples ARE NOT ACCEPTABLE types of documents to confirm the physical address of the customer: Birth Certificate, Expired Documents, Spouse or another person s ID Group A Military ID City/State/County issued ID Driver s License Resident Alien ID U.S. Passport 17 Place of Issuance PROPER IDENTIFICATION FOR FINANCIAL PRODUCT FACILITATION - (See Group A on this slide and Group B on the following slide). U.S. Passport Card Place of issuance as indicated on ID City, State, County ID was issued in State of issuance County, City, State, or Government Country of issuance County, City, State, or Government

18 Office of Foreign Assets Control (OFAC) Compliance Office of Foreign Assets Control (OFAC) Compliance As a U.S. entity, Refundo is required to comply with the economic and trade sanctions administered by the Office of Foreign Assets Control (OFAC), a Department of the U.S. Treasury. OFAC administers and enforces economic and trade sanctions against targeted foreign countries, terrorist-sponsoring organizations, nuclear proliferators (including weapons of mass destruction sanctions) and international narcotics traffickers based on U.S. foreign policy and national security goals. OFAC acts under presidential wartime and national emergency powers and the authority granted by specific legislation to impose controls on transactions and to freeze foreign assets under U.S. jurisdiction. OFAC has promulgated regulations to help administer a variety of sanctions programs. OFAC maintains a list of Specially Designated Nationals (SDN) and Blocked Persons, which includes sanctioned individuals and entities that companies are prohibited to conduct business with. All U.S persons and entities, such as Refundo and its employees, including banks and overseas branches, offices and subsidiaries of U.S. banks, must comply with these laws and implement the related regulations. In general, these regulations: Require blocking assets/property, including accounts, or rejecting transactions and commercial activities of specified countries, entities, and persons. Prohibit unlicensed trade and financial transactions with specified countries, entities and persons. Initial and Ongoing OFAC Checks All new customers are checked against OFAC at the time of account opening. New employees are checked against OFAC at the time of hire. Investigating OFAC Hits All OFAC hits are worked by the Compliance Specialist and recorded on the OFAC log. Any validated matches are reported immediately to the AML Officer. Any hits that cannot be cleared or validated are reported to the AML Officer who contacts OFAC for further instruction. Reporting OFAC Matches If an OFAC match is confirmed, the AML Officer has 10 calendar days to report the hit to OFAC. The customer account is permanently suspended in the event of a validated OFAC match. The AML Officer also immediately reports the match to the issuing bank. Lack of Verification Refundo shall make reasonable efforts to know its customers. Accordingly, Refundo shall refuse to enter into a relationship with a customer if: The required identification information is not provided; The identification information of the customer, or prospective customer cannot be appropriately verified The identification information provided appears false; or Inconsistencies in information cannot be resolved. 18

19 Office of Foreign Assets Control (OFAC) Compliance (Continued) Special Categories of Customers Refundo has established definitions and requirements with respect to Special Categories of Customers ("SCCs"). These include certain high profile individuals and businesses, which because of their public position or relationship to a public official, or the nature of their business are deemed to pose a heightened money laundering risk. The intent is to assess the level of risk associated with each potential SCC and to ensure that Refundo does not establish relationships or maintain customers that pose an unacceptable level of risk to Refundo s reputation. The following customers are defined as SCCs: Politically Exposed Persons (PEPs) Including current and former Heads of State of any country, current/former senior or high profile politicians of any country, high ranking officials of political parties/fund raisers, public enterprises or government owned entities. Known elected or appointed high-level officials of any foreign government and high-ranking military officials and personnel. Connected persons those connected to/associated with a Public Official. An individual, who owns, operates or exercises any control in relation to any of the businesses/activities listed below: Money Service Businesses (MSB): Companies offering services involving money/currency exchange, money transfer, check cashing, traveler s checks, money orders and stored-value cards. Casinos and other types of gaming/gambling operations Embassies, Consulates and Missions of foreign countries. Companies involved in the production or distribution of arms or other military products Dealers in rough diamonds Individuals who pose reputational risk to Refundo due to, for example, enhanced regulatory, legal, media or other public scrutiny. If you identify an applicant as an SCC, please send an to documents@refundo.com detailing the applicant s: Name and address Date of birth Occupation You will be contacted regarding the next steps to be taken. Prohibited Customers: Refundo does not open accounts for Businesses or Known politically exposed persons (PEPs) 19

20 Suspicious Activity Reports Refundo is required to report suspicious activity to the Financial Crimes Enforcement Network ("FinCEN") through the completion of a Suspicious Activity Report ("SAR"). A SAR must be submitted to FinCEN within 30 days after it has been determined that a customer s activity is suspicious. Suspicious activities may include: A customer s unwillingness to provide required information Identification documents which are expired or appear fraudulent Customer s source of income is questionable or income is known to be acquired illegally Information provided by the customer is inconsistent 20

21 Fair and Accurate Credit Transaction Act of 2003 (FACTA)-Red Flags Red Flags are defined by the final rules and guidelines that implement Section 114 of the Fair and Accurate Credit Transaction Act of 2003 (FACT ACT). A Red Flag refers to a pattern, practice, or specific activity that indicates the possible existence of identity theft. In order to comply with the most recent FACT ACT requirements that became effective on November 1, 2008, Refundo has enhanced its Red Flags Program to detect, prevent, mitigate and respond to identity theft. All EROs shall report to Refundo the occurrence of applicable Red Flags regarding customers and Applicants, and take appropriate steps to prevent or mitigate identity theft of customers and Applicants. Red Flag processes and procedures will be triggered in the following examples: 1. Documents provided for identification at the point of application by an Applicant appear altered or forged 2. The photograph or physical description on the identification is not consistent with the appearance of the Applicant or customer presenting the identification. 3. Other information on the identification of the Applicant is not consistent with information provided by the person presenting the identification. 4. An application appears to have been altered or forged. 5. The Applicant opening the account fails to provide all required personal identifying information on an application, or in response to notification that the application is incomplete. 6. A new Account is used in a manner Refundo would reasonably associate with known patterns of fraud. Tax preparers play a pivotal role in preventing fraud. They are in an important position because they are communicating directly with the taxpayer. When fraud is suspected, the office should resolve or correct the suspicious item(s) before processing the tax return. If Refundo is unable to verify the applicant s identity or if the application is missing certain information, Refundo may send applicant s tax refund back to the taxing authority. If any of the scenarios above occur when you are preparing a return, you should be concerned, and it is recommended that you: 1. Do not process the application 2. Look for similar issues, as a fraud ring may be present 3. Notify CID 21

22 Congratulations on successfully completing the Refundo Compliance Training. A good understanding and adherence to these rules protects both our reputation and our customer's best interests. Please continue to the Compliance Test, a minimum score of 80 is required to pass. Let's have a great tax season! 22