Committee October 10, 2012 Presenter John Misgen, CPA Senior - - PowerPoint PPT Presentation

committee
SMART_READER_LITE
LIVE PREVIEW

Committee October 10, 2012 Presenter John Misgen, CPA Senior - - PowerPoint PPT Presentation

Jan 13, 2024 285 likes •655 views

BSA & OFAC Compliance for Directors & Supervisory/Audit Committee October 10, 2012 Presenter John Misgen, CPA Senior Compliance Consultant with CliftonLarsonAllen LLP (CLA) for more than six years Has provided regulatory

slide-1
SLIDE 1

BSA & OFAC Compliance for Directors & Supervisory/Audit Committee October 10, 2012

slide-2
SLIDE 2

Presenter

John Misgen, CPA

  • Senior Compliance Consultant with CliftonLarsonAllen LLP (CLA)

for more than six years

  • Has provided regulatory compliance assistance, including

BSA/AML/OFAC testing, to financial institutions ranging from less than $5 million in assets to more than $1 billion in assets.

  • CliftonLarsonAllen is the nation’s largest auditor of credit unions with

more than $40 million in assets

  • John is part of the regulatory compliance group within CLA. The

group focuses 100% of its time and resources performing compliance testing and providing regulatory compliance assistance to financial institutions

slide-3
SLIDE 3

Recent Enforcement Actions

In the news:

  • 2010: Wachovia Bank

$110,000,000

  • 2010: Pamrapo Savings Bank

$5,000,000

  • 2010: ANB AMRO Bank

$500,000,000

  • 2011: Zions First Nat’l Bank

$8,000,000

  • 2011: Oceans Bank

$10,900,000

  • 2011: Mendoza (individual)

$25,000 and 6 months prison

  • 2012: Citibank, N.A.

Cease and desist

  • 2012: ING Bank N.V.

$619,000,000

slide-4
SLIDE 4

Overview of the Regulations

Bank Secrecy Act USA Patriot Act Office of Foreign Assets Control

slide-5
SLIDE 5

Board of Directors’ Responsibilities

  • Approve the BSA/AML compliance program
  • Ensure the credit union maintains an effective BSA/AML

internal control structure

  • Track audit deficiencies and document corrective action
  • Designate a qualified individual to serve as the BSA

compliance officer.

  • To have developed policies, procedures, and processes

based on their risk assessment to ensure compliance with OFAC laws and regulations.

slide-6
SLIDE 6

1) BSA/AML Compliance Program

Management should structure the financial institution’s BSA/AML compliance program to adequately address its risk profile The BSA/AML compliance program must provide for at least four requirements at a minimum The Board is required to approve the program – MUST BE NOTED IN MINUTES

slide-7
SLIDE 7

Program Requirements

  • The BSA/AML compliance program must

provide for the following minimum requirements:

– A system of internal controls to ensure

  • ngoing compliance

– Independent testing of BSA/AML compliance – Designate an individual or individuals responsible for managing BSA compliance (BSA compliance officer) – Training for appropriate personnel

slide-8
SLIDE 8

2) Internal Controls

The Board, acting through senior management, is ultimately responsible for ensuring an effective BSA/AML internal control structure, including suspicious activity monitoring and reporting.

slide-9
SLIDE 9

Internal Control Requirements

  • Risk Identification
  • Inform Board of compliance initiatives,

deficiencies/corrective action, SARs filed

  • Identify person(s) responsible for BSA

compliance

  • Provide for program continuity
  • Meet recordkeeping & reporting

requirements

  • Provide timely updates in changes to Act
slide-10
SLIDE 10

BSA/AML Risk Assessment

  • BSA/AML Compliance Program must be designed

around a risk assessment

  • Many effective methods and formats for conducting the

risk assessment

  • Business accounts pose more risk; additional time and

resources are needed to perform these assessments

  • SHOULD BE REPORTED TO THE BOARD
slide-11
SLIDE 11

Internal Controls (cont)

Internal controls consist of policies, procedures, and processes designed to limit and control risks and to achieve compliance with the BSA. The level of sophistication of the internal controls should be commensurate with the size, structure, risks, and complexity

slide-12
SLIDE 12

Internal Controls (cont)

Internal controls should: –Inform the Board, or a committee, and senior management of compliance initiatives, compliance deficiencies and corrective action taken –Notify the Board of SARs filed

slide-13
SLIDE 13

Recordkeeping

  • Generally five years

– Purchase/sale of monetary instruments – Funds transfers – Foreign correspondent accounts (not covered)

  • Refer to Appendix P of the 2010 FFIEC

BSA/AML Examination Manual for detailed record retention schedule

slide-14
SLIDE 14

Monetary Instruments Recordkeeping

  • Recordkeeping only required if daily

purchases aggregate to $3,000 or more

  • Requirements for member purchases
  • Non-members = need more
  • Need to have a process in place to

aggregate multiple purchases at multiple branches < $3,000 if daily aggregation is $3,000 or more

slide-15
SLIDE 15

Funds Transfers Recordkeeping

  • Originator responsibilities
  • Beneficiary responsibilities
  • Must be retrievable by name and account

number for five years

  • Must have a process to monitor funds

transfers for suspicious activity

slide-16
SLIDE 16

Reporting Requirements

Should all be in policy

  • Suspicious Activity Reporting
  • Currency Transaction Reporting

– Exemptions available for certain accounts

  • Foreign Bank and Financial Accounts

Reporting (not covered)

  • International transportation of currency or

monetary instruments reporting (not covered)

slide-17
SLIDE 17

SAR Reporting Requirements

  • Criminal violations involving insider abuse in any amount
  • Criminal violations aggregating $5,000 or more when a suspect can

be identified

  • Criminal violations aggregating $25,000 or more regardless of a

potential suspect

  • Transactions conducted or attempted by, at, or through the financial

institution (or an affiliate) and aggregating $5,000 or more, if the financial institution or affiliate knows, suspects, or has reason to suspect that the transaction:

– May involve potential money laundering or other illegal activity (e.g., terrorism financing) – Is designed to evade the BSA or its implementing regulations – Has no business or apparent lawful purpose or is not the type of transaction that the particular member would normally be expected to engage in, and the financial institution knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction

slide-18
SLIDE 18

Detecting Suspicious Activity

  • Need adequate monitoring system

– Determining whether manual or automated software is needed – Understanding the filtering criteria of a surveillance monitoring system is critical

  • Should establish policies, procedures, and

processes for identifying and monitoring subjects of law enforcement requests

slide-19
SLIDE 19

Member Due Diligence

  • Procedures to form a “reasonable expectation of

the types of transactions a member conducts.”

  • Procedures to detect unusual/suspicious activity
  • High-risk members and their transactions should

be reviewed more closely

  • Business accounts create additional inherent

risk and need additional monitoring

  • Should be documented (part of the program)
slide-20
SLIDE 20

CTR Reporting Requirements

  • Currency = coin and paper money of the

U.S. or any other country designated as legal tender

  • Cash Transactions > $10,000
slide-21
SLIDE 21

CIP Requirements

  • Each financial institution must implement a

written CIP

  • The CIP must be incorporated into the

financial institution’s BSA/AML compliance program

slide-22
SLIDE 22

CIP: Use of Other Parties

Permitted to rely on another financial institution if addressed in CIP certain criteria are met. Permitted to rely on third parties, but credit union is ultimately responsible

slide-23
SLIDE 23

3) Audit Deficiencies

  • Auditor must be independent and qualified
  • Findings should be reported directly to the

Board, or audit committee

  • Board is responsible for tracking audit

deficiencies and documenting corrective action

– Can designate this responsibility to a committee – Can perform jointly with audit staff, if applicable

slide-24
SLIDE 24

4) BSA Compliance Officer

Board is responsible for designating a qualified individual to serve as the BSA compliance officer

– Do you know who this is in your credit union? – Officer should have sufficient authority and resources – Board is ultimately responsible – Communication between Board and officer – Specific/detailed training – Program continuity?

slide-25
SLIDE 25

5) OFAC Laws & Regulations

  • OFAC regulations not part of the BSA but

is frequently included in BSA/AML exam manual.

  • Board and senior management have

responsibility to developed policies, procedures, and processes based on their risk assessment to ensure compliance with OFAC laws and regulations.

slide-26
SLIDE 26

OFAC

Should conduct an OFAC risk assessment Should have policy and procedures

  • Designate an OFAC officer
  • Independent testing
  • Screening requirements
  • How to determine and document whether OFAC hit is

valid or false-positive

  • Procedures for reporting blocked funds to OFAC
  • Training
slide-27
SLIDE 27

BSA Board Reporting

Required:

  • Independent testing findings
  • SAR Filings

Optional but Recommended

  • BSA/AML risk assessment
slide-28
SLIDE 28

Confidentiality of SARs

  • HIGHLY CONFIDENTIAL!
  • DO NOT TELL MEMBER
  • Only those in the credit union who need to

know should be informed of a SAR

slide-29
SLIDE 29

Training Requirements

  • The Board and senior management should be

informed of changes and new developments in the BSA, its implementing regulations and directives, and the federal banking agencies’ regulations.

  • Examiners are looking to ensure the Board and

senior management are aware of BSA/AML regulatory requirements; effectively oversee BSA/AML compliance, and commit, as necessary, to corrective actions (e.g., audit and regulatory examinations).

slide-30
SLIDE 30

Commonly Cited Violations

What we see:

  • BSA/AML risk assessment not detailed
  • MDD procedures not specifically documented
  • Inadequate MDD on MSBs
  • Inadequate MDD on share branching/3rd party
  • SARs not completed correctly (narrative)
  • CTRs not listing all those benefiting
  • No specific OFAC risk assessment
  • Weak or undocumented OFAC policy/procedures
  • Training deficiencies
slide-31
SLIDE 31

Penalties for Non-Compliance

Failure to comply with the BSA can have serious consequences for you and for your institution.

  • BSA violations involve civil, criminal, and intangible

penalties

  • The federal banking agencies and FinCEN can bring civil

money penalty actions

In addition to above, individuals may be removed from banking

slide-32
SLIDE 32

Changes in Next 12 Months

Known:

  • Exemption changes for payroll members – Immediate
  • E-filing requirements – July 1, 2012
  • BSA implications on non-bank mortgage lenders –

August 13, 2012

  • New CTR, SAR, and DOEP forms – March 31, 2013

– Testing site: http://sdtmut.fincen.treas.gov/main.html – FinCEN recorded webinars www.fincen.gov

slide-33
SLIDE 33

Changes in Next 12 Months

Expected:

  • Member Due Diligence Requirements
slide-34
SLIDE 34

Staying Current With Changes

BSA Compliance Officer should stay current with changes.

  • FinCEN provides a Weekly Digest Bulletin via email

– https://public.govdelivery.com/accounts/USFINCEN/s ubscriber/new?preferences=true

  • NAFCU provides a daily compliance blog via email

– http://nafcucomplianceblog.typepad.com/nafcu_weblo g/

slide-35
SLIDE 35

Questions?

John Misgen, CPA

Senior Compliance Consultant CliftonLarsonAllen LLP 507-434-7032 John.misgen@cliftonlarsonallen.com