[PPT] - Compliance for Experts June 27, 2012 Presenters John Misgen, CPA PowerPoint Presentation

SLIDE 1

Bank Secrecy Act Compliance for Experts June 27, 2012

SLIDE 2

Presenters

John Misgen, CPA

Senior Compliance Consultant with CliftonLarsonAllen LLP for more

than six years

Has provided regulatory compliance assistance, including

BSA/AML/OFAC testing, to financial institutions ranging from less than $5 million in assets to more than $1 billion in assets. Jeffrey Pratt

Deputy Assistant Director, Office of Compliance, Financial Crimes

Enforcement Network

The Office works to works to better ensure industry compliance with

the Bank Secrecy Act. The Office also tracks the performance of financial institutions experiencing significant Bank Secrecy Act compliance deficiencies.

SLIDE 3

Overview of the Regulations

Bank Secrecy Act USA Patriot Act Office of Foreign Assets Control

SLIDE 4

Staying Current With Changes

FinCEN provides a Weekly Digest Bulletin via email

– https://public.govdelivery.com/accounts/USFI NCEN/subscriber/new?preferences=true

NAFCU provides a daily compliance blog via email

– http://nafcucomplianceblog.typepad.com/nafc u_weblog/

SLIDE 5

BSA/AML Risk Assessment

Many effective methods and formats for

conducting the risk assessment

The development of the BSA/AML risk

assessment generally involves two steps

Business accounts pose more risk;

additional time and resources are needed to perform these assessments

SLIDE 6

BSA Compliance Program

Management should structure the financial institution’s BSA/AML compliance program to adequately address its risk profile The BSA/AML compliance program must provide for at least four requirements at a minimum

SLIDE 7

CIP Requirements

Each financial institution must implement a

written CIP

The CIP must be incorporated into the

financial institution’s BSA/AML compliance program

SLIDE 8

CIP Requirements

Three basic rules

– Verify – Check – Maintain

Verifying identity requires five important

pieces of information

Notice displayed where accounts are
pened
Obtain information to assess account risk

SLIDE 9

CIP: Lack of Verification

CIP must include procedures for when ID

can’t be verified

Examples:

– Unable to provide ID – False/modified ID – Online account opening – Red Flags

SLIDE 10

CIP: Comparison with Govt Lists

The CIP must include procedures for determining whether the member appears

n any federal government list of known or

suspected terrorists or terrorist

rganizations.

– OFAC Specially Designated Nationals (SDN) List – Must be done at time of account opening or earlier

SLIDE 11

CIP: Use of Other Parties

Permitted to rely on another financial institution if addressed in CIP certain criteria are met. Permitted to rely on third parties, but credit union is ultimately responsible

SLIDE 12

Member Due Diligence

Must have procedures in place to have a “reasonable expectation of the types of transactions a member conducts.”

At account opening
High-risk members and their transactions

should be reviewed more closely

SLIDE 13

Member Due Diligence

Determine which reports currently being

used will address any of the risks needing monitoring

Business accounts create additional

inherent risk and need additional monitoring

Every institution has specific risks.
Member due diligence procedures should

be documented

SLIDE 14

Suspicious Activity Monitoring

Most common is money laundering Other common types of suspicious activity

Check Fraud
Check Kiting
Counterfeit Check
Counterfeit Credit/Debit Card
Credit/Debit Card Fraud
Loan Fraud
Wire Transfer Fraud
Identity Theft

SLIDE 15

Detecting Suspicious Activity

Examples of Suspicious Activity
Credit unions should have a means for

front line staff to report suspicious activity to a supervisor or BSA Officer immediately.

SLIDE 16

Detecting Suspicious Activity

Need adequate monitoring system

– Determining whether manual or automated software is needed – Understanding the filtering criteria of a surveillance monitoring system is critical

Should establish policies, procedures, and

processes for identifying and monitoring subjects of law enforcement requests

SLIDE 17

17

Shared Branching

17

CTR Requirements
“By, through, or to”
FinCEN Ruling 2001-1
Establish written protocols
Aggregation

SLIDE 18

18

Shared Branching

18

SAR Requirements
“By, at, or through”
Confidentiality
Determine Risk
Importance of Communication

SLIDE 19

19

Shared Branching

19

Agent status
314(b)
Money Laundering/Terrorist Financing
FIN-2009-G002

“information relating to transactions that may involve the proceeds of one or more specified unlawful activities remain within the protection

f the section 314(b) safe harbor from liability”

SLIDE 20

20

Shared Branching

20

SAR Joint Filing

SLIDE 21

21

Electronic Filing Dates

21

Mandatory Electronic Filing July 1, 2012
New CTR and New SAR required March 31, 2013

SLIDE 22

FinCEN’s View on Monitoring Manual vs. Automated

SLIDE 23

Reporting Suspicious Activity

Do you know when a SAR is required to be filed? Do you know there is a safe harbor for SARs filed?

SLIDE 24

Reporting Suspicious Activity

A SAR must be filed within 30 days after

the initial detection if the suspect is known.

You have up to 60 days, if suspect is not known.
Narrative—Be complete!
Keep but do not file supporting documents
Account should be monitored for

continuing activity

SLIDE 25

Reporting Suspicious Activity

All investigations should be documented
Required reporting to the board

– Board or an appropriate board committee – Regulations do not mandate a particular notification format

SLIDE 26

Confidentiality of SARs

Highly confidential!
Only those in the credit union who need to

know should be informed of a SAR

DO NOT TELL MEMBER
This should be included with each training

session (employees and board)

SLIDE 27

Currency Transaction Reporting

Currency = coin and paper money of the

U.S. or any other country designated as legal tender

Cash Transactions > $10,000
CTRs must be filed with FinCEN within 15

days after the date of the transaction

– You have up to 25 calendar days if you are E-Filing (until March 31, 2013)

SLIDE 28

CTR Reporting

All beneficiaries must be reported – Gets confusing!

For deposits, all those who are known to

benefit from the transaction must be identified on the CTR.

For withdrawals, only person conducting

transaction unless…

Examples

SLIDE 29

CTR Reporting

For businesses:

sole proprietorships
separate legal entity with a TIN - general

rule

Separately incorporated entities are

presumed to be independent persons, unless information shows otherwise

Examples

SLIDE 30

CTR Exemptions

Not required to exempt
2 phases – Phase I and Phase II

– Phase I – Phase II

SLIDE 31

Currency Purchases of Monetary Instruments

Recordkeeping only required if daily

purchases aggregate to $3,000 or more

Requirements for member purchases
Non-members = need more
Need to have a process in place to

aggregate multiple purchases at multiple branches < $3,000 if daily aggregation is $3,000 or more

SLIDE 32

Funds Transfers Recordkeeping

Originator responsibilities
Beneficiary responsibilities
Must be retrievable by name and account

number for five years

Must have a process to monitor funds

transfers for suspicious activity

SLIDE 33

OFAC

Should conduct an OFAC risk assessment Should have policy and procedures

Designate an OFAC officer
Independent testing
Screening requirements
How to determine and document whether OFAC hit is

valid or false-positive

Procedures for reporting blocked funds to OFAC
Training

SLIDE 34

Commonly Cited Violations

In the news:

2010: Wachovia Bank

$110,000,000

2010: Pamrapo Savings Bank

$5,000,000

2010: ANB AMRO Bank

$500,000,000

2011: Zions First Nat’l Bank

$8,000,000

2011: Oceans Bank

$10,900,000

2011: Mendoza (individual)

$25,000 and 6 months prison

2012: Citibank, N.A.

Cease and desist

2012: ING Bank N.V.

$619,000,000

SLIDE 35

Commonly Cited Violations

What we see:

BSA/AML risk assessment not detailed
MDD procedures not specifically documented
Inadequate MDD on MSBs
Inadequate MDD on share branching/3rd party
SARs not completed correctly (narrative)
CTRs not listing all those benefiting
No specific OFAC risk assessment
Weak or undocumented OFAC policy/procedures
No procedures for reviewing law enforcement requests
Training deficiencies

SLIDE 36

Penalties for Non-Compliance

Failure to comply with the BSA can have serious consequences for you and for your institution.

BSA violations involve civil, criminal, and intangible

penalties

The federal banking agencies and FinCEN can bring civil

money penalty actions

In addition to above, individuals may be removed from banking

SLIDE 37

Changes in Next 12 Months

Known:

Exemption changes for payroll members – Immediate
E-filing requirements – July 1, 2012
BSA implications on non-bank mortgage lenders –

August 13, 2012

New CTR, SAR, and DOEP forms – March 31, 2013

– Testing site: http://sdtmut.fincen.treas.gov/main.html

SLIDE 38

Changes in Next 12 Months

Expected:

Member Due Diligence Requirements

SLIDE 39

39

Available Resources

The SAR Activity Review, Trends, Tips, and

Issues

SAR reporting guidance
Advisories/Bulletins/FAQs/Fact Sheets
Analytic Assessments – Mortgage Loan Fraud,

Commercial Real Estate Fraud, Identity Theft

FinCEN web site – Law Enforcement Cases

and Success Stories

39

SLIDE 40

40

Contact Information

FinCEN Regulatory Helpline 1-800-949-2732 Financial Institutions Hotline 1-866-556-3974 www.fincen.gov E-Filing Service Desk Number 1-866-346-9478 (Option 1) BSAEFilingHelp@fincen.gov

40

SLIDE 41