Bank Secrecy Act for Consumer Lending Staff Hello, and welcome to CUNA s Bank Secrecy Act for Consumer Lending Staff Training on Demand course! Compliance with the Bank Secrecy Act, otherwise known as the BSA, is a critical task for each and every credit union in the United States, so all credit union employees must be familiar with BSA requirements. To that end, this course provides an overview of the Bank Secrecy Act, including specific actions that you, as a member of your credit union s lending staff, must take to be BSA compliant. Of course, you also need to be sure that you know the BSA policy and procedures at your credit union. This is key to being in compliance with the requirements of the Bank Secrecy Act. Let s get started! Objectives As mentioned on the previous screen, the Bank Secrecy Act applies to all credit unions, and it requires that employees in these institutions carry out certain tasks. But what exactly does the BSA entail, and how does it affect lending staff in particular? By the end of this Training on Demand course, you ll know the answers to these questions. In fact, upon completing the course, you will be able to: Explain the Bank Secrecy Act; Understand the requirements related to Customer/ Member Identification Programs; Identify when to file Currency Transaction Reports (or CTRs) and Suspicious Activity Reports (or SARs) ; Describe how the Bank Secrecy Act affects a credit union s lending department; and List the potential penalties for noncompliance. What Is the Bank Secrecy Act? Not surprisingly, the first step to BSA compliance is understanding just what the Bank Secrecy Act involves and why it was enacted in the first place. In its current form, the BSA is more than just a single act of Congress; rather, it is a combination of multiple laws that have been passed over the last four decades.
These laws were enacted in order to assist law enforcement officials in the investigation of activities such as money laundering, tax evasion, and financing of terrorist groups, among other crimes. Collectively, these acts and their related regulations require financial institutions to obtain certain information and keep certain records, as well as to report certain financial transactions to the federal government. Today, BSA enforcement is the responsibility of an agency called the Financial Crimes Enforcement Network, or FinCEN. FinCEN is a bureau of the United States Department of the Treasury. Laws That Comprise the Bank Secrecy Act As described on the previous screen, the Bank Secrecy Act is not a single law, but rather a combination of multiple laws that have been enacted at the federal level. Some of the most important of these laws include: The Bank Secrecy Act of 1970; The Anti-Drug Abuse Act of 1986; The Money Laundering Control Act of 1986; and The USA PATRIOT Act of 2001. Although each of these laws deals with a different topic, each also has the same basic purpose: to create a paper trail for currency transactions. Now, let s take a look at each of these component laws in greater detail. Bank Secrecy Act of 1970 The Bank Secrecy Act of 1970 is the foundation upon which the current version of the BSA was built. So, what did this act entail? In short, the primary purpose of this law was to prevent financial institutions including credit unions from being used as intermediaries in currency transactions that might be linked to money laundering, tax evasion, and other criminal activities. To accomplish this goal, the Bank Secrecy Act of 1970 standardized recordkeeping and reporting requirements for all financial institutions in the United States. Many of these requirements will be discussed in greater detail later in this course.
Anti-Drug Abuse Act of 1986 A second major law that helped shape today s BSA was the Anti-Drug Abuse Act of 1986. This law was passed during a period of rising concern about the many negative effects of illicit drugs on American society. Therefore, the act sought to strengthen the U.S. government s War on Drugs by: Helping law enforcement thwart illicit drug crops; Stopping international drug trafficking; Improving the enforcement of existing anti-drug laws; and Establishing more effective drug abuse and prevention programs. Most notably for the purpose of this course, the Anti-Drug Abuse Act of 1986 also set the stage for the first piece of legislation to outlaw money laundering: the Money Laundering Control Act of 1986. Money Laundering Control Act of 1986 As mentioned on the previous screen, the Money Laundering Control Act of 1986 strengthened the BSA by making money laundering a federal crime. In particular, the Money Laundering Control Act resulted in regulations that: Criminalized the act of money laundering; Prohibited the act of structuring transactions to evade currency transaction report (or CTR) filings; and Introduced both civil and criminal penalties for violations of the BSA. More information about CTR filings and penalties for BSA noncompliance is provided later in this course. USA PATRIOT Act of 2001 Finally, yet another piece of legislation that played a significant role in shaping the BSA was the USA PATRIOT Act of 2001. This law is formally known as the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act, and it was passed in the wake of the terrorist attacks of September 11, 2001. Although the PATRIOT Act focuses on many different areas in its efforts to root out and prevent terrorism, one particular area of concern relates to the financing of terrorist activities.
Accordingly, the PATRIOT Act authorized the U.S. Department of the Treasury to issue regulations requiring all financial institutions in the United States to: Have minimum standards to verify the identity of new members when opening accounts; Have anti-money laundering programs in place; Search their records for information if requested by FinCEN; and Compare the names of members with a government list of known or suspected terrorists. All credit unions have the regulatory responsibility to screen their new and existing members against the OFAC Sanctions List released and regularly updated by the U.S. Office of Foreign Assets Control, or OFAC. How the BSA Affects Credit Unions The National Credit Union Administration (or NCUA) is responsible for ensuring that all credit unions comply with the provisions of the Bank Secrecy Act. In particular, during their periodic review of a credit union s operations, NCUA examiners ensure that the credit union has all four elements of an effective BSA program in place. These elements are: A system of internal controls including policies and procedures to ensure ongoing BSA compliance; A BSA officer in other words, a staff member with appropriate resources and authority who is responsible for coordinating and monitoring BSA compliance; A program that trains employees with regard to BSA compliance; and An independent testing program to monitor internal compliance. During an NCUA examination, employees (including lending staff) can be asked to prove that they know and understand BSA requirements. Thus, compliance with the Bank Secrecy Act isn t just the duty of the BSA officer it s everyone s responsibility. Moreover, good BSA practices help detect and prevent crimes that could harm the credit union and its member s money.
Customer/Member Identification Programs So, if Bank Secrecy Act compliance is everyone s responsibility, just what aspects of this law should you be familiar with? Certainly, for lending staff, one of the most important aspects of the BSA comes from Section 326 of the USA PATRIOT Act. This section requires all financial institutions to establish what is known as a customer identification program (or CIP) or, in the case of a credit union, a member identification program (or MIP). No matter what name such a program goes by, it must involve the implementation of reasonable procedures to verify the identity of any person or entity that applies to open an account with the financial institution. In short, a MIP must enable a credit union to form a reasonable belief that it knows the true identity of each potential account holder. Who Should Be Subject to Your CIP/MIP? But how do you determine whether someone should or should not be subject to your credit union s member identification program? Here is a quick list of everyone who should be covered by an MIP: All individuals and businesses who seek to open new accounts All entities that are not legal persons; examples include clubs, estates, and unincorporated businesses (Note, however, that a business may be considered a legal person in some instances) All corporations who seek accounts with your credit union, and all persons from those corporations who will be conducting transactions on the corporation s account All individuals who lack legal capacity, including minors The Four Big Requirements So, once you determine that an individual is, in fact, subject to your credit union s customer or member identification program, what s the next step? According to federal regulations, your credit union now needs to do four things: First, the credit union must provide adequate notice to potential members that certain information will be collected during the verification process. For example, the credit union should post a notice regarding ID requirements in the lobby, on its website, on a handout, or on the new account application form, depending on how the credit union allows individuals to apply for new accounts. Members of the credit union s lending staff can also orally provide notice to loan applicants.
Second, the credit union must verify the identity of anyone opening an account or establishing account access (such as joint account holders or co-borrowers). This means that the person s name, date of birth, physical street address, and identification number must all be verified. Acceptable numbers include an individual s Taxpayer Identification Number, Social Security Number, or Alien Identification Number. Your credit union may also accept certain documents issued by foreign governments as long as these documents evidence nationality or residence with a photograph or similar safeguard. When using a foreign document, be sure to record the place of issuance, number, issue date and expiration date. The Four Big Requirements Third, the credit union must record all of the documents that were used during the verification process. Acceptable documents include a person s current driver s license, passport, or other non-expired, government-issued ID; use of these types of identification is known as the documentary method of verification. Alternatively, it is possible to verify a person s identity by comparing the information he or she provides against items such as utility bills, credit bureau reports, rental agreements, or even a letter from a church; this is known as the nondocumentary method of verification. Usually more than one nondocumentary piece of identification is required before an account can be opened, depending on your credit union s policy. Also, a credit union must keep a record or description of all documents used to identify each member for at least five years. This description or record must include the type of document used, any identification number provided on the document, the place and date of issuance, and any applicable expiration dates. Fourth and finally, the credit union must check the government list of sanctions and known or suspected terrorists to determine whether the individual s name, entity, or country appears on the list. This is known as the OFAC Sanctions List. Note, however, that as a member of the lending staff, this responsibility may be taken care of for you. Specifically, as part of the loan process, you will be requesting a credit bureau report for the loan applicant. Most credit bureaus will offer to check the applicant s name against the OFAC Sanctions List for you, so you may not have to do this check yourself.
Words of Caution: Fair Lending and Indirect Lending Now that you are familiar with the four major components associated with MIPs, it s time for a few words of caution related to some of these components. The first warning relates to ID requirements and federal fair lending laws. In particular, when requesting, reviewing, and recording a person s identifying information, the credit union must ensure that any document containing a picture of an individual, such as a driver s license, is not improperly used in connection with any aspect of a loan transaction. A major concern is that loan officers may use photos to discriminate against certain applicants, which is a violation of fair lending laws. A second word of warning relates to any indirect lending programs in which your credit union is involved. It s critical to remember that all MIP requirements apply to your indirect lending programs as well! This means that your credit union is responsible for providing notice and putting a disclosure statement on all application forms that it supplies to car dealerships and other businesses that participate in these programs. Member/Customer Due Diligence Program Financial institutions are also expected to have a due diligence program in place that goes beyond the standard MIP requirements. In fact, a due diligence program is considered the cornerstone of a strong BSA/anti-money laundering compliance program. A good member due diligence program must be designed to enable a credit union to obtain enough information at account opening to develop an understanding of the normal and expected activity for a particular member and/or account. This will allow the credit union to predict which types of transactions are normal for that member or that account. As you might expect, periodic monitoring of member accounts is a requirement for any due diligence program. This allows the credit union to stay current with any substantial changes to the information originally gathered regarding the member and the account. In addition, regular monitoring makes it easier for the credit union to detect any account activity that seems unusual or suspicious.
Be sure to read and understand all of the procedures outlined in your credit union s member due diligence program. Money Laundering As previously mentioned, many BSA-related regulations focus on money laundering but what, exactly, does money laundering entail? In short, money laundering refers to any process in which criminals try to make funds that were obtained through illegal activities look like they were instead acquired through legal sources. Often, this involves passing the funds through a financial institution as part of a legitimate transaction for instance, a criminal may use this money to pay back a loan. Given this situation, all members of a credit union s lending staff should be aware of various actions that may be signs of money laundering in the loan area, including placement, layering, and integration. Placement refers to the manner in which the funds to be laundered are first introduced into the credit union. Often, placement involves the use of wire transfers, cash deposits, and various monetary instruments, although many other methods may be used by enterprising criminals. Layering is the process of moving funds into multiple accounts to hide activity and ownership of the funds. Often, this involves a series of complex transactions designed to shift the money between accounts while leaving a paper trail that is difficult, if not impossible, to follow. Finally, integration refers to the portion of the laundering process in which the funds are legitimized. This can be done in a number of different ways. For instance, the criminal could open a checking account with illegal cash and then use a cashier s check from the credit union to purchase a car. Similarly, he or she could obtain a share-secured loan to purchase real estate and then pay off this loan using the ill-gotten money. Currency Transaction Reports So, what can you and your credit union do to help prevent and detect money laundering? For one, you must always follow the BSA regulations related to Currency Transaction Reports, or CTRs. Under current federal regulations, all financial institutions including credit unions are required to file a CTR any time they process a deposit, withdrawal, or exchange of cash in excess of $10,000. In other words,
a CTR is required for each and every transaction of $10,000.01 or more. This amount includes multiple same-day transactions completed at any credit union branch by, or on behalf of, the same individual or entity. For the purposes of a CTR, deposits made at night, over a weekend, or on a holiday are treated as if they are received on the next business day. To get a better idea of what an actual CTR form looks like, click on the Resources tab. Also, note that one easy way to remember when to file a currency transaction report is by recalling the following phrase: More than $10,000 today, a CTR is on the way. Currency Transaction Reports Completed Currency Transaction Reports must be filed electronically within 15 days of the transaction. When you recognize that a CTR needs to be completed, you may inform the member that you are filing a report. However, it s usually best to keep the details of the filing to yourself! Also, whenever you complete a CTR, be sure to verify the member s basic information including name, address, and taxpayer ID number prior to recording it on the CTR form. Keys to the CTR Form Again, if you haven t done so already, you can reference the required information to complete a CTR form using the Resources section. As you look at that document, note that it consists of three major sections: Part I of the CTR form asks for information about the people involved in the transaction. In particular, Section A pertains to the person who benefited from the transaction, whereas Section B pertains to the person who actually conducted the transaction (if that person is different than the one described in Part A). Part II of the CTR asks for information about the transaction itself, such as how much cash was involved and what accounts (if any) were affected. Finally, Part III of the CTR form asks for details about the financial institution at which the transaction took place.
Although many credit unions have software that automatically completes and files CTR forms when appropriate, all loan staffers should still be knowledgeable of the information necessary to complete a CTR and be able to file one electronically, if necessary. Suspicious Activity Reports Another important form involved in the prevention and detection of money laundering is the Suspicious Activity Report, or SAR. Under federal regulations, you are required to file a SAR for any suspicious transaction activity no matter whether it involves cash, check, wire transfer, or ACH. You can see what information is required to be filed on a SAR by clicking on the Resources section and reviewing the SAR E-Filing Guide. But under what circumstances should an SAR be completed? Per federal guidelines, this form must be filed in any of the following situations: The credit union has been the victim of a criminal violation involving an aggregated amount of $25,000 or more, and a suspect has not been identified. The credit union has been the victim of a criminal violation involving an aggregated amount of $5,000 or more, and the credit union has either identified a suspect or believes that money laundering or BSA violations have occurred. The credit union has been the victim of insider abuse involving funds in any amount. Suspicious Activity Reports You should also file an SAR for any transaction of $5,000 or more if the credit union knows, suspects, or has reason to suspect that the transaction is suspicious. Here, it s critical that you understand the difference between transactions that may be considered unusual and transactions that appear suspicious. Credit unions should always investigate transactions that appear unusual before categorizing them as suspicious. When unusual activities cannot be explained away, then it is probably appropriate for the credit union to file an SAR.
Again, you can remind yourself when to file an SAR by repeating the following phrase: More than $5,000 and suspicious today, an SAR might be on the way. Keys to the SAR Form Say you've investigated an unusual transaction and determined that it qualifies as suspicious. At this point, it's time to fill out the actual SAR form. Again, if you haven't done so already, you can reference the required information necessary to complete a SAR and guidance on how to provide a complete and accurate description of the suspicious activity using the Resources section. The SAR form consists of five different sections, each of which asks for a specific category of information: Part I of the SAR asks for information about the financial institution that is filing the report, including the institution s name, address, and taxpayer ID number, as well as the address of the branch where the transaction occurred and the numbers of any accounts involved with the suspicious activity. Part II of the SAR asks for the name, address, Social Security or taxpayer identification number, birth date, driver s license or passport number, occupation, and phone number of all persons involved in the suspicious activity. Part III of the SAR asks for information about the suspicious activity itself, including the date (or date range) of the activity, the total dollar amount involved, and the names of any law enforcement agencies that have been contacted with regard to the activity. Part IV of the SAR asks for contact information for the financial institution s compliance officer, or for whatever employee holds an equivalent position. Finally, Part V of the SAR is the location in which the reporting institution provides a written description of the suspicious activity. This is where you tell the story of why the transaction is suspicious and outlines the who, what, when, where, and how of the suspect activity. Remember, when filing an SAR, you are telling the story to the person who reviews the form so make that story as complete as possible!
Filing SARs Whenever an SAR is required, it must be filed with FinCEN within 30 days of the suspicious activity. However, if a suspect has not yet been identified, filing can be delayed for up to 30 additional days. All SAR filings are confidential, and unauthorized disclosure of an SAR filing is a federal criminal offense. In other words, any employee who has a suspicion must only discuss this suspicion with his or her supervisor and/or the credit union s BSA officer or compliance manager. No one else including coworkers or the member who is under suspicion can be informed that a filing has occurred. In fact, if a member even asks whether an SAR has been filed, that inquiry must be reported as well. Within your credit union, everyone is responsible for detecting and reporting suspicious activity. Federal Safe Harbor legislation means that you cannot be prosecuted for filing an SAR in good faith so don t be afraid to do so! Still, be absolutely sure that you follow your credit union s procedures regarding who actually completes and files your organization s SARs. Be sure to find out if your credit union has a person responsible for reviewing all CTRs and SARs before they are submitted. Signs of Suspicious Activity As a member of your credit union s lending staff, you should always be on the lookout for suspicious activity; after all, the loan process has been and can be used to launder money and to hide other illegal activities. But what should you be looking for? The following are some activities that may indicate potential money laundering: Use of share certificates as collateral: Here, an individual buys share certificates and uses them as collateral for a loan. In such cases, it s possible that illegal funds were used to purchase the share certificates. Sudden and/or unexpected payment on loans: Sometimes, members suddenly pay down or pay off large loans, with no evidence of refinancing or other explanation for the payment. When this happens, it s possible that the funds used for the payment are from illegal sources.
Reluctance to explain the purpose of a loan, or giving ambiguous reason for the loan: A customer who is seeking a loan with no stated purpose may be trying to disguise the true nature of the loan. For this reason, the BSA requires credit unions to document the purpose of all loans over $10,000, with the exception of those secured by real property. Inconsistent or inappropriate use of loan proceeds: Occasionally, you may encounter cases of inappropriate disbursement of loan proceeds, or of disbursements for purposes other than the stated loan purpose. Either situation may be a red flag for possible money laundering. Signs of Suspicious Activity Still other transactions and activities that may be signs of money laundering include the following: Overnight loans: Sometimes, members may use overnight loans to create high balances in accounts and to launder large amounts of money through a credit union in a relatively short period. Loan payments by a third party: When a loan payment is made by a third party, this could indicate that the assets securing the loan are actually those of the third party, who may be attempting to hide the ownership of illegally gained funds. Use of loan proceeds to purchase property in the name of a third party: Another potential indicator of money laundering is when a member uses loan proceeds to purchase real property in the name of a trustee, such as a shell corporation. Disbursement of loan proceeds by multiple bank checks: In some cases, a member may request disbursement of loan proceeds in multiple bank checks, each under $10,000. The member can then negotiate these checks elsewhere for currency, thereby avoiding CTR requirements and obscuring the paper trail. Obviously, these sorts of transactions should raise suspicion when detected by credit union employees. Unusual or atypical financial statements: Yet another red flag for potential BSA violations occurs whenever the composition of a business s financial statement differs greatly from that of similar businesses.
Government seizure of loan collateral: Any real or personal property that can be traced to illegal drug sales or that was purchased with laundered money is subject to government seizure and forfeiture. Therefore, as a loan officer, you must obtain enough information about loan applicants to protect your credit union and preserve loan collateral. Although this list is not all-inclusive, it does reflect many of the ways that money launderers have been known to operate. Of course, the transactions and activities listed here are not necessarily indicative of money laundering, especially if they are consistent with a member s legitimate business. Also, keep in mind that many instances of money laundering may involve more than one type of transaction. What Should You Do? Now, let s consider a few scenarios similar to those you may encounter at your credit union. Say, for example, that when reviewing a member s loan application, you notice that the member has had 13 auto loans in the past 24 months. He always trades his cars in, usually with the same dealer. You also notice that the member has never made more than two payments on any of his previous auto loans. What should you do? What Should You Do? In this situation, you should follow your credit union s policies for dealing with potentially suspicious transactions. Depending on the exact policies in place, you may need to pass information about the loan application on to the credit union s BSA officer, or you may need to seek more information on your own. But why, exactly, should this application raise a red flag? For one, the majority of credit union members with auto loans do not trade in a vehicle every other month just to purchase another one. Thus, either you or the BSA officer must take steps to determine whether this loan application represents merely an unusual transaction, or if it is better classified as a suspicious transaction. In order to make this determination, you should take the following steps: First, you should ask the member why he consistently trades in vehicles, and then determine whether his explanation makes sense.
Second, you should review the loan application to determine the member s occupation and/or employer. Is the member trying to keep up with the Jones and impress his neighbors with different cars, or is he just barely getting by with little money? Next, take a look at the member s accounts, paying special attention to any deposits made into those accounts. Does anything about the accounts or the deposits appear suspicious? Once you ve reviewed the member s accounts, your next step should be to determine the sources of the funds the member has used to make previous car payments, if possible. Reviewing this aspect of the member s account history may lead to some interesting discoveries! Finally, after gathering all this information, you should make a decision as to whether the member s loan application and account activity make sense or whether they should be considered suspicious. When making this decision, be sure to discuss the situation with your credit union s BSA officer or compliance manager! If you agree that the situation is suspicious, an SAR must be filed. Of course, keep in mind the $5,000 threshold for SAR reporting. What Should You Do? Now, let s consider a different scenario. This time, say that a member applies for a $4,000 unsecured loan by phone. When the member s credit report is pulled, you discover that there is a fraud alert, along with a specific phone number listed for contact. What should you do? Again, in this situation, you must follow your credit union s policies for dealing with potentially suspicious transactions, no matter whether that means seeking more information on your own or passing the appropriate information on to the BSA officer. Let s say your credit union s policy requires you to acquire additional details on your own. You call the number listed on the fraud alert, and you are informed by the person who answers that you have the wrong number, and she doesn t know who you are looking for. Because you were unable to verify the information on the loan application and the credit report, the loan must be declined but must an SAR be filed? Here, because the dollar amount is below the $5,000 reporting threshold, action is not necessarily required. However, you would be wise to discuss this particular situation with your manager, as it may involve ID theft. For additional scenarios, click on the Resources tab.
Effects on Lending Good BSA practices are important to you, your credit union, and your members! As we have seen in this program, you as a lender are required to know your members, and you are also required to detect any instances of unusual and/or suspicious activity. Because you work more closely with members than nearly anyone else in the credit union, you therefore play a critical role in helping determine whether particular activities are suspicious for particular members. Also, whenever you ask a member about unusual activity, you must carefully consider whether the member s explanation of this activity is reasonable. But what happens if you neglect to carry out these responsibilities? Penalties for Noncompliance As you might expect, willful violation of the BSA is a serious problem, as is negligent reporting. When these types of violations occur, the NCUA and FinCEN have the power to impose fines, civil penalties, or criminal penalties on you, as an individual, as well as on your credit union. When individuals are charged with violating the BSA, the related penalties can be civil and/or criminal. Criminal penalties include monetary fines and incarceration. For instance, intentional, willful behavior that violates any provision of the Bank Secrecy Act can lead to fines not to exceed $500,000 and up to 10 years imprisonment. Credit union penalties include various fines. These fines may be imposed for participating in a violation, either willfully or as a result of gross negligence. These fines can go up to $500 for negligence, up to $50,000 for a pattern of negligence, and up to $100,000 in cases of intentional conduct. Other penalties may include forfeiture of any amounts involved in structuring activities. As you can tell, good BSA practices are important to you, your credit union, and your members! Now that you know how to comply with the Bank Secrecy Act, let s move on to a quick knowledge check of what you ve learned, followed by a review of today s topics.
Summary Congratulations on completing CUNA s Bank Secrecy Act for Lending Staff Training on Demand course! You should now be able to explain the Bank Secrecy Act and understand the requirements of a strong customer or member identification program. In addition, you should know when to file Currency Transaction Reports and Suspicious Activity Reports, and you should be able to describe how the BSA affects a credit union s lending department. Finally, you should understand what sorts of penalties can be levied for BSA noncompliance. Please refer to the final slide or the end of the workbook for instructions about taking the online final exam for this session. And remember, knowing your credit union s BSA policy and procedures is critical to being in compliance. Take time to review those documents! Thank you, and good luck!