Bank Secrecy Act CUNA Must Know Mondays November 17, 2014 1
David A. Reed Attorney at Law Reed & Jolly, PLLC Fairfax, Virginia david@reedandjolly.com (703) 675-9578 2 2
The contents of this presentation are intended to provide you with a general understanding of the subject matter. However, it is not intended to provide legal, accounting, or other professional advice and should not be relied on as such. 3
BSA Laws Anti-Drug Abuse Act of 1986 Money Laundering Control Act of 1986 Bank Secrecy Act of 1970 Currency and Foreign Transactions Reporting Act NCUA Rules and Regulation Part 748.2 Financial Recordkeeping and Reporting of Currency and Foreign Transactions rules Title III of the USA PATRIOT Act 4
BSA Compliance Issues Board s Role in BSA Compliance Anti-Money Laundering Policy Reportable Cash Transactions/CTRs CTR Exemptions Suspicious Activity Reports Monetary Instruments Recordkeeping Documentation of Funds Transfers USA PATRIOT Act CIP/MIP and Information Sharing Record Retention Penalties 5
What s New with BSA? It continues to be a high examination priority. New CTR and SAR forms (March 31, 2013). Mandatory electronic filing of CTR and SAR forms. New leadership at FINCEN 6
NCUA Rule 701.4 Clarification and standardization of key FCU director duties in one place. Only applies to FCU directors! Best practices for ALL directors. 7
Duties of a Director (1) Carry out his or her duties as a director in good faith, in a manner such director reasonably believes to be in the best interests of the membership of the Federal credit union as a whole, and with the care, including reasonable inquiry, as an ordinarily prudent person in a like position would use under similar circumstances; (2) Administer the affairs of the Federal credit union fairly and impartially and without discrimination in favor of or against any particular member; 8
Duties of a Director (3) At the time of election or appointment, or within a reasonable time thereafter, not to exceed six months, have at least a working familiarity with basic finance and accounting practices, including the ability to read and understand the Federal credit union's balance sheet and income statement and to ask, as appropriate, substantive questions of management and the internal and external auditors; and (4) Direct management's operations of the Federal credit union in conformity with the requirements set forth in the Federal Credit Union Act, this chapter, other applicable law, and sound business practices. 9
The All Seeing Eye 10
Board Responsibilities - The Buck Stops With You! Being a Board member is NOT a spectator sport! Directors are the ultimate decision makers You can delegate the task, not the associated responsibility 1
Things to consider How is the compliance function supported at your credit union? BSA Compliance What s in your system? Product development and delivery systems Compliance committee What s the worse that can happen? 12 1
What the Examiner Wants to See An effective compliance management system is commonly comprised of three interdependent elements: Board and management oversight Compliance program Compliance audit When all elements are strong and working together, an institution will be successful at managing its compliance responsibilities and risks now and in the future. 1
The Moving Parts of Security Part 748 Security Program Part 748.1 Filing of Reports Compliance Report Catastrophic Act Suspicious Activity Report Part 748.2 BSA Compliance Establish a compliance program CIP Appendix A Safeguarding Member Information Appendix B Response Program Unauth. Access
Board Responsibilities Board, appropriate committee, or designated employee in senior management should: Assign specific responsibility for the Program s implementation Approve initial Program and changes and record in the board's minutes Review annual reports regarding compliance Have staff responsible for Program report to the board 1
The Certification The chairperson of the Credit Union s Board of Directors is required to certify compliance with Part 748 each year. The statement of compliance is provided at the bottom of the Credit Union Profile Form that is submitted annually to the regional director following the credit union s election of officials. Source: NCUA CU Profile Form 6/14
I hereby certify to the best of my knowledge and belief that this credit union has developed and administers a security program that equals or exceeds the standards prescribed by Part 748.0of the NCUA Rules and Regulations; that such security program has been reduced to writing, approved by this credit union's Board of Directors; and this credit union has provided for the installation, maintenance, and operation of security devices, if appropriate, in each of its offices. Further, I certify that I am the president or managing official of the credit union or that the president or managing official has authorized me to make this submission on his/her behalf. YOUR NAME HERE
Anti-Money Laundering Policy and Program NCUA Rules and Regulations, Part 748 Designation of BSA Compliance Officer Development of internal controls, procedures, and policies Ongoing training Independent audit function/testing of program 1
Risk Assessment: It All Starts Here The risk assessment should be considered the foundation of a BSA/AML compliance program. Without a comprehensive risk analysis of its business, it is highly unlikely that a credit union can design an effective program well suited to manage the risks of that particular institution. 19 1
Currency Transaction Reports Credit unions are required to report: Deposits, withdrawals, transfers and other transactions Involving currency (cash) Exceeding $10,000 Includes single or multiple transactions made on the same day (aggregate weekends, ATM and night deposit transactions) 2
Currency Transaction Reports Includes transactions made by the member or on behalf of the member Joint accounts CTR should list all joint owners on account for deposits. In the case of account withdrawals, list only the individual who is making the withdrawal unless you have facts to suggest that all or additional joint owners will benefit from the transaction. CTR forms must be filed within 15 days of the transaction. 2
Completing and Filing the CTR FinCen Form 104 Part I - Person(s) involved in the transaction Section A Section B Part II Amount and type of transfer Part III Credit union information Filing 2
Proper Identification Person presenting a reportable transaction Name Address Person on whose behalf a reportable transaction is made Identity Account number SSN/TIN 2
Suspicious Activity Reporting FinCen Form TD-F- 90-22.47 When to file a Suspicious Activity Report? Insider abuse involving any amount Violations aggregating $5,000 or more where a suspect can be identified Violations aggregating $25,000 or more, regardless of a potential suspect Transaction aggregating $5,000 or more that involve potential money laundering or violations of the BSA 2
Suspicious Activity Reports Credit unions are also advised to file a SAR: whenever it suspects that identity theft has occurred, or if it detects money laundering or structuring transactions to evade currency transaction reporting. if there is reason to suspect a transaction is relevant to a possible violation of law or regulation the catch-all provision. 2
What s suspicious activity? There are a number of activities that should raise a red flag as possibly facilitating money laundering or terrorist financing. Red flags warrant closer scrutiny, which will sometimes include filing a SAR. 2
Red Flags A member uses unusual or suspicious identification documents that cannot be readily verified. A member makes frequent or large transactions and has no record of past or present employment experience. 2
Red Flags A member tries to persuade a credit union employee not fill out a CTR or maintain required records. A member separates a cash transaction over $10,000 in to several transactions in an attempt to avoid the CTR reporting threshold. 2
Red Flags When establishing a new account, a member is reluctant to provide complete information about the nature and purpose of his business, anticipated account activity, prior relationships with financial institutions, information on the location of the business or the names of its officers and directors. 2
Suspicious Activity Transactions involving illegal funds Structuring Uncooperative members Evasion of BSA reporting requirements Inconsistent member activity Computer Intrusion Terrorist activity Identity theft 3
Notifying the Board of SAR Filings Management must promptly notify the CU s board of directors (or designated committee) of any SAR filings. Promptly means at least monthly, e.g., the monthly board meeting. 3
Notifying the Board of SAR Filings There is no required format for sharing SAR information with the board: May use a spreadsheet or otherwise summarize the SARs that were filed. May also share a copy of the actual SAR with the board; however, remember SAR confidentiality if an insider was involved in the reported activity! 3
Confidentiality Is Essential! FINCEN emphasized this fact in their 3/12 bulletin: FinCEN reminds financial institutions to be vigilant in maintaining the confidentiality of SARs. This includes ensuring all employees, agents, and individuals appropriately entrusted with information in a SAR are informed of the individual obligation to maintain SAR confidentiality. This obligation applies not only to the SAR itself, but also to information that would reveal the existence (or non-existence) of the SAR. Likewise, such persons should be informed of the consequences for failing to maintain such confidentiality, which could include civil and criminal penalties as explained herein. 3
Your Experience Matters Review the credit union s CTRs and SARs history. How many are filed each year? Are the numbers increasing or decreasing? What are the recurring themes? 3
Money Laundering Red Flags Appendix F of the FFIEC BSA Manual Contains examples of suspicious activity Red flags don t mean illegal activity, only the need for additional due diligence Great resource for your BSA program 3
Monetary Instrument Recordkeeping Sales of monetary instruments involving $3,000 - $10,000 cash Cashier s checks Teller checks Money orders Traveler s checks 3
USA PATRIOT Act Customer/Member Identification Program (CIP/MIP) 1)Verify the identity of any person seeking to open an account. 2)All information used to verify the person s identity must be recorded and maintained. 3)Each new member s name must be screened against any government list of known or suspected terrorists. 4)Member Identification Program must be approved by the credit union s Board of Directors. 3
Remember BSA Forms CTRs do not have to be confidential SARs are confidential When completing these forms, do not write I don t know Unavailable or unknown 3
BSA - Bank Secrecy Act INTRODUCTION AND PURPOSE REPORTS PENALTIES RECORD RETENTION REQUIREMENTS REGULATORY REFERENCES Risk Assessment / Scoping Yes/No Comments 1.0.0 Does review of the AIRES Compliance Violations module indicate that all prior violations are resolved? 2.0.0 Has the credit union received correspondence from law enforcement or outside regulatory agencies relating to BSA compliance since the last examination? 3.0.0 Does the credit union maintain a list of high risk accounts? 4.0.0 Has the credit union completed an appropriate assessment of BSA AML risk? 4.0.a a. If response to Question 4.0.0 is no, assess BSA risk using examiner judgment and note exam BSA risk assessment in Comments box. Basic Requirements - Policy Yes/No Comments 5.0.0 Has the board of directors established an appropriate written program to assure the CU meets BSA reporting and recordkeeping requirements? Does the written BSA compliance program address: 5.0.a 5.0.b 5.0.c 5.0.d 5.0.e a. Internal Controls (748.2(c)(1)) b. Independent Testing (748.2(c)(2)) c. Responsible Individual (748.2(c)(3)) d. Training (748.2(c)(4)) e. Customer Identification (748.2(b)) 3
4
Most Common Violations Training Not recent Not documented Independent Testing Not covering all credit union operations Not recent (12 to 18 months) 4
Most Common Violations Internal Controls Risk assessment not updated Suspicious Activity Monitoring System inadequate Information Sharing (FinCEN 314(a) lists) Not checking the lists No documentation Self certification 4
Most Common Violations Notification of SAR filings to BOD Not included in minutes Not referenced in policy 4
Penalties Individuals who intentionally violate the BSA could face criminal penalties of not more than $500K and imprisonment not to exceed 10 years. Currency and other monetary instruments are subject to seizure and forfeiture if certain violations are committed. 4
Be sure to read!!! The FFIEC Bank Secrecy Act/Anti-Money Laundering Examination Manual Available online at http://www.ffiec.gov/bsa_aml_infobase/defaul t.htm Considered the BSA bible by examiners! 4
Online Resources National Credit Union Administration www.ncua.gov Financial Crimes Enforcement Network www.fincen.gov MSB Resources found at www.msb.gov or www.fincen.gov Office of Foreign Assets Control www.treas.gov/offices/enforcement/ofac 4
QUESTIONS? 4