BSA/AML/OFAC Update Presented By: Daniel J. Mahalak Daniel J. - - PowerPoint PPT Presentation

bsa aml ofac update
SMART_READER_LITE
LIVE PREVIEW

BSA/AML/OFAC Update Presented By: Daniel J. Mahalak Daniel J. - - PowerPoint PPT Presentation

Jun 27, 2023 94 likes •658 views

BSA/AML/OFAC Update Presented By: Daniel J. Mahalak Daniel J. Mahalak Dan is the President of Mahalak Consulting Co. He spent most of his career at Cindrich, Mahalak & Co., a CPA firm that specialized in working with credit unions and their

slide-1
SLIDE 1

BSA/AML/OFAC Update

Presented By: Daniel J. Mahalak

slide-2
SLIDE 2

Dan is the President of Mahalak Consulting Co. He spent most of his career at Cindrich, Mahalak & Co., a CPA firm that specialized in working with credit unions and their subsidiaries. He joined that firm in 1980 upon graduating from Eastern Michigan University and became a partner in 1988. Mahalak Consulting Co. provides professional services in the following areas: Throughout his career, Dan worked in all phases of the CPA practice. He has been involved in all audit activities, staff training and development, and a wide range of consulting projects. His extensive experience allows him to provide clients with unique insights into any problems, issues, or challenges they are facing. Throughout his tenure, Dan has been responsible for hundreds of credit union audits. He continues to work with credit unions in strategic planning, budgeting and forecasting, asset‐liability management consulting, mergers and acquisitions, regulatory consulting, human resources consulting, and a variety of other consulting projects. He has worked in fraud/embezzlement investigations, including filing bond claims, working with authorities, and testifying in criminal

  • proceedings. He is a frequent speaker on topics related to the credit union industry on both a local and national level, and

has written articles for several credit union publications. Dan is also an independent consultant representing Doeren Mayhew in providing services to credit unions. As one of the nation’s largest CPA and Advisory firms with a highly specialized, focused financial institutions group, DM has a strong local and national reputation based on technical expertise, industry knowledge, along with exceptional service to credit unions.

Daniel J. Mahalak

2

SEPTEMBER 2019

  • Strategic Planning
  • Regulatory Matters
  • Mergers
  • Budgets/Financial Plans
  • Net Worth Restoration Plans
  • Accounting Assistance/Advice
  • Policy/Procedure Development
  • Executive Search/Human Resources
  • Fraud/Embezzlement Investigations
  • CUSO Development/Consulting
  • Education & Training
  • Speaking Engagements
slide-3
SLIDE 3

Agenda

  • What is BSA
  • BSA Compliance
  • BSA/AML Topics
  • OFAC
  • Penalties & Fines
  • Questions

SEPTEMBER 2019

3

slide-4
SLIDE 4

What is BSA

  • In 1970, Congress passed the Currency and Foreign

Transactions Reporting Act (Bank Secrecy Act)

  • Other statutes that require financial institutions yo
  • btain and retain certain records, as well as report

certain transaction to the federal government.

  • These include:
  • Money Laundering Control Act
  • Anti‐Drug Abuse Act
  • USA PATRIOT Act, Title III

SEPTEMBER 2019

4

slide-5
SLIDE 5

Goals of BSA

  • The purpose is to help identify the source, volume, and

movement of currency and other monetary instruments transported or transmitted into or out of the U.S. or deposited into financial institutions

  • Safeguard the financial industry from threats of money

laundering and illicit finance

  • Ensure a recordkeeping and reporting system to prevent,

deter, investigate and prosecute financial crime

  • Aid in the investigation of money laundering, tax evasion,

international terrorism, or other illegal activity

SEPTEMBER 2019

5

slide-6
SLIDE 6

BSA Compliance Program

  • Establish and maintain a BSA compliance program
  • BSA Compliance Officer
  • Internal Controls
  • Education and Training
  • Independent Testing

SEPTEMBER 2019

6

slide-7
SLIDE 7

BSA Compliance Officer

  • Responsible for BSA compliance on a day‐to‐day basis
  • Must be approved by board of directors
  • Reports to board
  • Must be provided adequate authority to do his/her job

SEPTEMBER 2019

7

slide-8
SLIDE 8

Internal Controls

  • Required by the BSA
  • Consists of policies, procedures, and

processes to ensure systematic compliance with BSA

SEPTEMBER 2019

8

slide-9
SLIDE 9

Independent Testing

  • Required by the BSA
  • Should be completed every 12 to 18 months

SEPTEMBER 2019

9

slide-10
SLIDE 10

Training

  • Regular ongoing training is required
  • All staff whose duties require

knowledge of the BSA

  • Board of Directors and other volunteers
  • BSA compliance officer

SEPTEMBER 2019

10

slide-11
SLIDE 11

Risk Assessments

  • Assessing the CU’s risk profile is required to implement

adequate risk management processes

  • Review risk categories (products, services, members,

entities, geography, transactions, etc.)

  • Detail and update this analysis of risk for each category on

an ongoing process

  • Should be reported to and approved by board

SEPTEMBER 2019

11

slide-12
SLIDE 12

Member Identification Program

  • Must be included in written BSA Compliance Program
  • Enable CU to form reasonable belief that it knows true identity
  • f member
  • Must include account procedures that specify the identifying

information obtained

  • Include reasonable and practical risk‐based procedures for

verifying identity of member

  • Compare identity to government lists

SEPTEMBER 2019

12

slide-13
SLIDE 13

Member Identification Program

  • Information required
  • Name
  • Address
  • Date of Birth
  • Identification number
  • Verification of identity
  • Who must provide this information
  • Record retention – 5 years

SEPTEMBER 2019

13

slide-14
SLIDE 14

Member Due Diligence

  • The cornerstone of a strong BSA/AML compliance

program is comprehensive CDD policies, procedures, and processes for all members, particularly those that present a higher risk for money laundering and terrorist financing

  • The objective is to predict with relative certainty the

types of transactions a member is likely to engage in

  • Helps evaluate the BSA risk of individual members

SEPTEMBER 2019

14

slide-15
SLIDE 15

Member Due Diligence

  • Policies, procedures, and processes can aid in
  • Detecting and reporting unusual or suspicious

transactions

  • Avoid criminal exposure from persons who use or

attempt to use CU products and services for elicit purposes

  • Adhering to safe and sound practices
  • This is an ongoing process from account opening

throughout relationship

SEPTEMBER 2019

15

slide-16
SLIDE 16

Enhanced Due Diligence

  • If credit union determines that a member is higher risk, it

requires closer monitoring and may require additional due diligence information to be collected, both at account opening and throughout the relationship

SEPTEMBER 2019

16

slide-17
SLIDE 17

Money Services Businesses

  • CU should determine if it has accounts with any MSBs
  • Dealer in foreign exchange
  • Check casher
  • Issuer or seller of traveler’s checks or money orders
  • Money transmitter
  • Provider of prepaid access
  • Seller of prepaid access
  • U.S. Postal Service
  • Must assess risk in these cases, and take appropriate steps to

mitigate this risk

  • Due diligence expetations

SEPTEMBER 2019

17

slide-18
SLIDE 18

Beneficial Ownership

  • Procedures must be designed to identify and verify beneficial
  • wners of legal entities account holders
  • Legal entities are corporations, limited liability companies, or
  • ther legal entities created by filing public documents with

Secretary of State

  • Beneficial owners
  • Control prong – single individual with significant responsibility to

control, manage, or direct a legal entity. One must be identified.

  • Ownership prong – individual who owns 25% or more or equity

interest in a legal entity. Up to 4 could be identified.

SEPTEMBER 2019

18

slide-19
SLIDE 19

Beneficial Ownership

  • CU must have written procedures detailing identifying

information to be obtained for each beneficial owner.

  • Name
  • Date of birth
  • Address
  • Identification number
  • These policies should also address:
  • Circumstances when the CU should not open an account
  • The terms under which an account may be used while CU attempts to

verify identity of beneficial owner(s)

  • When an account should be closed after verification attempts have failed
  • When a SAR should be filed

SEPTEMBER 2019

19

slide-20
SLIDE 20

Currency Transaction Reporting

  • Whenever a non‐exempt member deposits or withdraws

currency in excess of $10,000 the credit union will submit a CTR, FinCEN Form 104, electronically by the 15th day following the date of the transaction

  • Multiple currency transactions totaling more than

$10,000 are treated as one (aggregated)

  • CUs should obtain acceptable form of identification from

person conducting transaction

  • Copies must be retained for 5 years after filing

SEPTEMBER 2019

20

slide-21
SLIDE 21

CTR Exemptions

  • The CU may exempt a member from CTR reporting if

certain criteria are met. No CTR will be filed for a transaction involving an exempt person acting within the scope of his/her/its exemption. The CU must exercise due diligence in ascertaining whether any member that requests an exemption is eligible.

  • The CU may elect not to grant CTREs. If so, the BSA/AML

Policy should so state.

SEPTEMBER 2019

21

slide-22
SLIDE 22

CTR Exemptions

  • Must file Designation of Exempt Person (DOEP) one time

within 30 days of first exempted transaction

  • BSA Compliance Officer should review and approve
  • Should also be reviewed at least once per year and

documented

SEPTEMBER 2019

22

slide-23
SLIDE 23

CTR Exemptions

  • Phase I CTR exemptions
  • Financial institution (domestic operations)
  • Federal, state, or local government agency or

department

  • Any entity exercising governmental authority within

the US

  • Any entity whose common stock are listed on NYSE,

ASE, or NASDAQ

  • Any subsidiary of any “listed entity” at least 51%
  • wned by listed entity

SEPTEMBER 2019

23

slide-24
SLIDE 24

CTR Exemptions

  • Phase II CTR exemptions
  • Entity has maintained transaction account at CU for at

least 2 months

  • Frequently engages in currency transactions in excess of

$10,000

  • Is incorporated or organized under US or State law
  • Payroll customer

SEPTEMBER 2019

24

slide-25
SLIDE 25

CTR Exemptions

  • Ineligible for exemption
  • Serving as a financial institution or agent of one
  • Purchasing or selling motor vehicles, vessels, aircraft, farm

equipment, or mobile homes

  • Practicing law, accounting, or medicine
  • Auctioning of goods
  • Chartering or operation of ships, buses, or aircraft
  • Operating a pawn brokerage
  • Engaging in gaming
  • Engaging in investment advisory or investment banking services

SEPTEMBER 2019

25

slide-26
SLIDE 26

CTR Exemptions

  • Ineligible for exemption
  • Operating a real estate brokerage
  • Operating in title insurance activities and real estate closings
  • Engaging in trade union activities
  • Engaging in any other activity specified by FinCEN (marijuana‐related

businesses)

SEPTEMBER 2019

26

slide-27
SLIDE 27

Suspicious Activity Reporting

  • SAR reporting forms the cornerstone of the BSA

reporting system

  • There should be procedures in place to ensure that

suspicious financial transactions are reported on a SAR to FinCEN

  • Board should be notified of SAR filings

SEPTEMBER 2019

27

slide-28
SLIDE 28

Suspicious Activity Reporting

  • SARs required for
  • Criminal violations involving insider abuse in any amount
  • Criminal violations aggregating $5,000 or more when

suspect can be identified

  • Criminal violations aggregating $25,000 or more

regardless of a potential suspect

SEPTEMBER 2019

28

slide-29
SLIDE 29

Suspicious Activity Reporting

  • SARs required for
  • Transactions conducted or attempted, aggregating $5,000 or

more, if is suspected that:

  • It may involve potential money laundering or other illegal

activity

  • It is designed to evade BSA or its implementing regulations
  • It has no business purpose or is not the type of transaction the

member would normally engage in, and there is no reasonable explanation

  • SARs required to be electronically filed within 30 days
  • If no identified suspect, extended to 60 days

SEPTEMBER 2019

29

slide-30
SLIDE 30

Suspicious Activity Reporting

  • FinCEN and NCUA also recommend SAR filings for (not

all‐inclusive):

  • Suspected identity theft
  • Structuring transactions
  • Suspected elder abuse
  • Check fraud
  • Computer intrusion
  • Credit/debit card fraud
  • Wire transfer fraud
  • Mortgage loan fraud
  • Embezzlement
  • Terrorist financing

SEPTEMBER 2019

30

slide-31
SLIDE 31

Suspicious Activity Reporting

  • “Red Flags” that could indicate possible money

laundering or terrorist financing:

  • Member provides insufficient or suspicious information
  • Efforts to avoid reporting or recordkeeping requirements
  • Funds transfers
  • ACH transactions
  • Activity inconsistent with member’s business
  • Lending activities
  • Other unusual or suspicious activity
  • Employee activity that is unusual or suspicious

SEPTEMBER 2019

31

slide-32
SLIDE 32

Information Sharing – 314(a)

  • The Patriot Act requires CU to provide information about

specific accounts or transactions in response to requests from FinCEN

  • Search for
  • Current accounts
  • Accounts maintained in preceding 12 months
  • Transactions conducted outside of or on behalf of

account in preceding 6 months

  • Must search within 14 days
  • Requests generally every 2 weeks

SEPTEMBER 2019

32

slide-33
SLIDE 33

Information Sharing – 314(a)

  • Report to FinCEN if a match
  • No negative reporting
  • Cannot disclose request to any person, other than

FinCEN, the regulator, or law enforcement agency on whose behalf FinCEN has requested

  • Must maintain adequate procedures to protect security

and confidentiality of request

  • Maintain documentation of search

SEPTEMBER 2019

33

slide-34
SLIDE 34

Information Sharing – 314(b)

  • Encouraged to share with other financial institutions and

associations of them

  • Protected from civil liability
  • Must notify FinCEN if going to participate
  • Effective for one year
  • Designate point of contact
  • Be sure other FI also has submitted required notice
  • Maintain security and confidentiality of information

SEPTEMBER 2019

34

slide-35
SLIDE 35

Information Sharing – 314(b)

  • Can only use info to
  • identify and report on money laundering and terrorist

activities

  • Determine whether to establish an account
  • Assist in BSA compliance
  • Can be used to determine whether to file a SAR
  • SAR info cannot be shared

SEPTEMBER 2019

35

slide-36
SLIDE 36

Purchase and Sale of Monetary Instruments

  • If CU purchases and/or sells monetary instruments, they are to

track and record information when the currency portion of transaction or aggregation of transactions is between $3,000 and $10,000, inclusive.

  • Monetary instruments are travelers checks, cashiers checks,

money orders, bonds, etc.

  • Specific requirements
  • Must document name and account number, date, type of

instrument, serial numbers of instruments, and dollar amount of transaction

SEPTEMBER 2019

36

slide-37
SLIDE 37

Purchase and Sale of Monetary Instruments

  • Specific requirements
  • If non‐member involved, must also include address,

social security number or alien ID number, date of birth, and date of purchase.

  • If CU does not allow non‐member transactions, policy

should so state.

  • A log should be maintained by each office unless

reporting is centralized.

  • BSA Compliance Officer should review logs monthly.

SEPTEMBER 2019

37

slide-38
SLIDE 38

Funds (Wire) Transfers

  • Credit unions are required to comply with the recordkeeping

requirements issued by the U.S. Treasury and the Board of Governors of the Federal Reserve System. This requires collection and retention of certain information for transactions

  • f $3,000 or more.
  • Specific requirements
  • Dual controls over incoming and outgoing wires
  • OFAC verifications on all non‐members, financial

institutions, and foreign countries

  • Logs should be kept and reviewed of wire activity

SEPTEMBER 2019

38

slide-39
SLIDE 39

Funds (Wire) Transfers

  • If originator, must obtain and retain
  • Name and address
  • Amount
  • Date
  • Payment instructions
  • Beneficiary’s institution
  • Name and address of beneficiary
  • Account number of beneficiary
  • Any other specific identifier of beneficiary

SEPTEMBER 2019

39

slide-40
SLIDE 40

Office of Foreign Assets Control

  • Applies to all financial institutions
  • Specific requirements
  • All new accounts should be scanned prior to

establishing the account

  • All current member accounts should be scanned

regularly

  • OFAC lists
  • SDN‐Specially Designated Nationals
  • Consolidated Non‐SDN
  • Software generally used for scans

SEPTEMBER 2019

40

slide-41
SLIDE 41

OFAC

  • Specific requirements
  • Any matches are not permitted to engage in financial

transactions in the U.S.

  • Sometimes there are false positives, which can be

resolved by calling OFAC Hotline.

  • Obligated to block or freeze funds if matches and

report to OFAC within 10 business days

  • Blocked account should be segregated into an interest

bearing account until delisted, rescinded or released by OFAC.

SEPTEMBER 2019

41

slide-42
SLIDE 42

OFAC

  • Specific requirements
  • In some cases there is no blockable interest in

transaction; if so it should be rejected.

  • All blocked transactions or property must be reported

within 10 business days and annually to OFAC (by Sep 30 as of Jun 30).

  • Full and accurate records of each rejected transaction

must be retained for 5 years

  • Records of blocked property must be retained while

blocked and five years after unblocked

SEPTEMBER 2019

42

slide-43
SLIDE 43

OFAC

  • Specific requirements
  • Credit unions should maintain an effective, written

OFAC program commensurate with risk profile

  • This will help identify high risk areas, provide for

appropriate internal controls, establish independent testing for compliance, designate an employee to be responsible, create a training program for employees and board of directors

SEPTEMBER 2019

43

slide-44
SLIDE 44

OFAC

  • Specific requirements
  • Risk assessment
  • Should be completed annually, reviewed and

approved by Board

  • Should address all areas in which OFAC compliance is

needed and how it is to be implemented

  • Once high risk areas are identified, appropriate

policies, procedures and processes should be developed to address the risks

SEPTEMBER 2019

44

slide-45
SLIDE 45

OFAC

  • Specific requirements
  • Internal controls
  • If OFAC scan is after account is opened, procedures should be in

place to prevent transactions until after it occurs

  • Account should be frozen until scanned
  • Assign responsibility to update OFAC information and how
  • All parties to an ACH transaction are subject to OFAC
  • For domestic ACH transactions, ODFI is responsible for verifying
  • riginator
  • RDFI is responsible for verifying receiver
  • ODFIs are not responsible for unbatching; if they do, they

become responsible as though it had batched them originally

  • All non‐members need to be checked on IATs

SEPTEMBER 2019

45

slide-46
SLIDE 46

OFAC

  • Specific requirements
  • Independent testing
  • Required to have independent test of their program
  • Should be conducted by someone qualified and

independent of the BSA and OFAC programs

  • Responsible individual
  • Should assign qualified individual to be responsible

for day‐to‐day compliance

  • Training
  • All employees and board of directors required to be

trained annually

SEPTEMBER 2019

46

slide-47
SLIDE 47

OFAC

  • Specific requirements
  • Items requiring OFAC verification
  • On‐us checks cashed for non‐members
  • Sales of stamps, amusement park tickets, etc. to non‐

members

  • Credit card cash advances to non‐members
  • Wire transfers for non‐members
  • Loans with non‐member as co‐signer or owner of

collateral

  • ACH

SEPTEMBER 2019

47

slide-48
SLIDE 48

OFAC

  • Specific requirements
  • Items requiring OFAC verification
  • Payees of corporate drafts or money orders issued to

non‐members

  • New employees
  • New members
  • Joint owners
  • Beneficiaries
  • Powers of attorney
  • Any non‐member the CU does business with

SEPTEMBER 2019

48

slide-49
SLIDE 49

Proposed Changes

  • H.R. 388: Financial Reporting Threshold Modernization Act
  • Introduced January 9, 2019 to 116th Congress
  • For CTRs, update each $10,000 threshold to $30,000
  • For SARs, update each $5,000 threshold to $10,000 and each $2,000

threshold to $3,000

  • For MSB definition thresholds, update each $1,000 threshold to

$3,000

  • Bill is in first stage of legislative process (introduced into Congress)
  • 4% chance of being enacted (according to Skopos Labs)
  • Was also introduced as H.R. 6850 in 115th Congress (went nowhere)

SEPTEMBER 2019

49

slide-50
SLIDE 50

Penalties & Fines

  • BSA
  • Criminal Penalties
  • Money laundering can result in up to 20 years in prison and a fine of up

to $500,000

  • Willful violations can result in criminal fines up to $500,000 and up to

10 years in prison

  • CUs that violate certain BSA provisions face criminal money penalties

up to $1M, or twice the value of the transaction

  • Civil Penalties
  • Willful violations may result in fines up to $100,000
  • Fines for negligent breach of BSA will not exceed $500 per violation.

For patterns of negligence, fines will not exceed $50,000 in domestic cases, and up to $1M for international activities

SEPTEMBER 2019

50

slide-51
SLIDE 51

Penalties & Fines

  • OFAC regulations provide for
  • criminal penalties of up to 10 years in prison, up to $1M in

fines for corporations, and up to $250,000 in fines for individuals.

  • Civil penalties of up to $55,000 (or more in some cases) per

violation may be imposed.

SEPTEMBER 2019

51

slide-52
SLIDE 52

Credit Union Fines

North Dade Community Development FCU

  • $4 million in assets, 5 employees
  • Significant BSA violations
  • Failed to have an effective AML program
  • Failed to implement an effective system of internal controls
  • Did not perform a risk assessment until November 2013
  • Insufficient controls to identify suspicious activity
  • Provided services to 56 MSBs outside of its FOM – Central America,

Middle East, Mexico

  • Accounted for 90% of CU revenue
  • Over $1 billion in outgoing wires
  • $984 million in remotely captured deposits
  • $300,000 civil money penalty – November 2014

SEPTEMBER 2019

52

slide-53
SLIDE 53

Credit Union Fines

Bethex FCU

  • 12 million in assets
  • MSB volume increased from $657 million domestic transactions in

2010 to over $4 billion in domestic and international transactions in 2012

  • Failed to make commensurate changes in compliance controls to

account for risks posed by MSB accounts

  • No risk assessment conducted in 2011
  • 2012 risk assessment did not assess MSB risk
  • $500,000 civil money penalty – December 2016

SEPTEMBER 2019

53

slide-54
SLIDE 54

SEPTEMBER 2019

54

slide-55
SLIDE 55

Daniel J. Mahalak

President dmahalak@cm‐co.com www.mahalakconsulting.com

My Contact Information…..

586.296.1155 Office 586.899.8029 Mobile

SEPTEMBER 2019

55

Mahalak Consulting Co Mahalak Consulting Co.

Accounting and Advisory Services