Melia D. Heimbuck, Esq., CUDE Principal of Risk Management Solutions - - PowerPoint PPT Presentation

Melia D. Heimbuck, Esq., CUDE Principal of Risk Management Solutions CU Risk Intelligence June 2020

▪ BSA Timeline ▪ Regulator & The Rules ▪ Recent Developments ▪ Breakout Activities ▪ Enforcement Actions &

Outcomes

BSA TIMELINE

▪ Prior to the War of 1812, Treasury imposed sanctions

against Great Britain for the harassment of American sailors.

▪ During the Civil War, transactions with the Confederacy

were prohibited and the forfeiture of goods involved in such transactions were imposed.

▪ OFAC is the successor to the Office of Foreign Funds

Control (the ``FFC''), which was established to prevent Nazi use of an occupied countries' holdings and forced repatriation.

▪ During World War II, the FFC played a leading role in

economic warfare against the Axis powers by blocking enemy assets and prohibiting foreign trade and financial transactions.

▪ OFAC was formally created in 1950 when China

entered the Korean War. OCAF blocked all Chinese and North Korean assets subject to U.S. jurisdiction.

▪ Today OFAC exists to administer and enforce economic

and trade sanctions based on US foreign policy and national security goals against targeted foreign countries and regimes, terrorists, international narcotics traffickers, those engaged in activities related to the proliferation of weapons of mass destruction, and

• ther threats to the national security, foreign policy or

economy of the United States.

Before BSA, there was OFAC…

▪ 1970 Bank Secrecy Act

▪ Identify source, volume & movement of currency

in/out of U.S. or deposited into an account

▪ Report CTR (over $10,000) ▪ Identify people making transactions ▪ recordkeeping

▪ 1978 Financial Institutions Regulatory and

Interest Rate Control Act (FFIEC begins 1979)

▪ Prescribe uniform principles, standards, and

reporting for federal regulators

▪ 1986 Money Laundering Control Act

▪ Establish money laundering as a federal crime ▪ Prohibit structuring to avoid CTR filings ▪ Require procedures to ensure BSA compliance

▪ 1988 Anti-Drug Abuse Act

▪ Expand reporting beyond financial institutions ▪ Require identity verification & recordkeeping of

monetary instruments over $3,000

October 26, 1970

▪ 1990 Treasury Order 105-08

▪ Establish FinCEN to provide government-wide, multi-

source information and analysis

▪ 1992 Annuzio-Wylie Anti-Money Laundering Act

▪ Require SARs & eliminates referral form ▪ Require identity verification & recordkeeping of wires

▪ 1994 Money Laundering Suppression Act

▪ Require MSB registration & expand requirements

▪ 1994 merge Treasury’s Office of Financial Enforcement

with FinCEN

▪ Require banking agencies to enhance training, referrals to

law enforcement and develop BSA exam procedures

▪ 1998 Money Laundering & Financial Crimes Strategy

Act

▪ Require banking agencies train examiners on BSA ▪ Create High Intensity Money Laundering & Related

Financial Crime Area (HIFCA) task forces

Then came FinCEN…

▪ 2001 USA Patriot Act

▪ Criminalize terrorist financing ▪ Require due diligence of accounts ▪ Expand Treasury’s authority over “primary money

laundering concerns” (casino, broker, insurance, etc)

▪ 2002

▪ Final rule on information sharing under 314 ▪ BSA e-filing begins

▪ 2003

▪ Customer Identification Program becomes effective

▪ 2004 Intelligence Reform & Terrorism Prevention

Act

▪ Enhanced reporting of foreign agents/counterparts

▪ 2005

▪ FFIEC releases BSA/AML Examination Manual

▪ 2009 Final Rule on CTR Exemptions (effective)

We will never forget…

▪ 2011

▪ FinCEN regulations transfer to 31 CFR Chapter X

▪ 2012

▪ BSA e-filing becomes mandatory

▪ 2016 Final Rule – Customer Due Diligence

▪ Identify & verify customers/members ▪ Identify & verify beneficial owners at account

• pening

▪ Understand the nature & purpose of the account with

risk profiles

▪ Ongoing monitoring by risk & update information ▪ Effective May 11, 2018

A new agency is born for almost everything but BSA …

REGULATOR & THE RULES

▪ Subpart H—Enforcement; Penalties; and Forfeiture

1010.810 Enforcement. (b) Authority to examine institutions to determine compliance with the requirements of this chapter is delegated as follows:

(5) To the chairman of the Board of the National Credit Union Administration with respect to those financial institutions regularly examined for safety and soundness by NCUA examiners.

▪ NCUA Rules and Regulations Section 748.2 requires all

federally insured credit unions establish and maintain a WRITTEN PROGRAM that provides for the CONTINUED ADMINISTRATION of the program reasonably designed to assure and monitor compliance with the Bank Secrecy Act, 31 CFR Chapter X.

▪ Recordkeeping and reporting requirements ▪ Customer identification program ▪ Minimum contents

▪ Note: NCUA webinar on BSA

June 17 at 1 p.m. MDT

12

(1) Internal Controls

(2) Independent Testing (3) Individual Responsible (4) Training (5) Risk-based Procedures

• accounts & owners

*6 OFAC

▪ FinCEN Advisory (FIN

2014-A007)

▪ Leadership engagement ▪ Do not compromise

compliance for revenue

▪ Share information

throughout organization

▪ Adequate resources ▪ Independently Tested ▪ Understand how reports

are used

▪ Ensure “program continuity despite changes” ▪ Risk Assessment

▪ EVERYONE should know it

▪ SAR Filing

▪ Not later than 30 calendar days after detection ▪ Plus 30 if no suspect was initially identified ▪ Some activities create a mandatory filing

requirement

▪ Maintain records for 5 years ▪ Provide monthly summary to the Board ▪ Do NOT disclose the existence of a SAR – it’s a

felony!

▪ CTR Filing

▪ Within 15 calendar days of the reportable

transaction

▪ Currency of more than $10,000 ▪ Aggregate transactions occurring in the same

business day

▪ Monetary Instruments Records

▪ Issuance for $3,000 or more which involves

currency

▪ Adequately reported ▪ Ensure independence ▪ Obtain an overall statement of

compliance

▪ Timing

▪ Who is your BSA Officer … in the policy? ▪ BSA Culture Drivers

▪ Do not compromise compliance for revenue ▪ Adequate resources ▪ Share information throughout the organization ▪ Understand how reports are used

▪ Appropriate authority & access to resources ▪ Testing where issues have been discovered &

incorporate lessons learned

▪ Document input

▪ BSA Culture Driver

▪ Leadership engagement ▪ Share information throughout the organization ▪ Understand how reports are used

▪ BSA Compliance Officer training ▪ Volunteer training ▪ Staff BSA training specific to job responsibilities

▪

Tellers

▪

Member Service Representatives

▪

Lending

▪

Back-office Departments

▪

IT

▪ Document training

▪ Customer Information Program

(1) Written CIP (2) Risk-based procedures for verifying identity

▪ Documentary and Non-documentary methods ▪ Procedures for responding to lack of verification

(3) Recordkeeping

▪ Description of documents and methods used ▪ Maintain records for 5 years

(4) OFAC (5) Adequate notice to members Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism

▪ Customer Due Diligence

▪ (i) Understanding the nature and purpose of

customer relationships for the purpose of developing a customer risk profile; and

▪ (ii) Conducting ongoing monitoring to identify and

report suspicious transactions and, on a risk basis, to maintain and update customer information.

▪ Beneficial Owners

▪ Written procedures ▪ Identify beneficial owners ▪ Certification (Appendix A) ▪ 25% or more ownership ▪ Individual with significant control ▪ Verify beneficial owners ▪ CIP ▪ Maintain records for 5 years

▪ OFAC requires:

▪ Written policy, procedures, and risk assessment ▪ Individual responsible ▪ Maintain a current list of prohibited countries,

• rganizations, and individuals

▪ Check all individuals and organizations against the list

regarding new accounts and transactions

▪ Periodically check all existing accounts against the list ▪ Maintain records for 5 years

▪ A Framework for OFAC Compliance Commitments

▪ May 2019

RECENT DEVELOPMENTS

▪ FinCEN Notices (March 16, April 3, May 18) ▪ Follow risk-based approach and diligenty

adhere to BSA obligations

▪ Communicate COVID-19 challenges via

“need assistance”

▪ PPP and Beneficial Owner reminder ▪ CTR completion for DBA accounts ▪ SAR Narratives – only include COVID-19 if the

suspicious activity is related to COVID-19

▪ Information Sharing under 314(b)

▪ FinCEN Innovation Hour

▪ Second Thursday of each month

▪ FinCEN Advisories

(October 31, 2017, May 18, 2020 & Notices)

▪ Benefits Fraud ▪ Charities Fraud ▪ Medical Scams ▪ Imposter Scams ▪ Investment Scams ▪ Product Scams ▪ Insider Fraud

▪ Stimulas Checks ▪ Zoom Meetings ▪ Tax defferal to July 15, 2020 ▪ Virtual Currency Scams ▪ Business Email Compromise

Schemes

▪ Elder Financial Exploitation

“we could have made money together”

COVID-19 STRESS AND CIVIL UNREST

BREAKOUT SESSIONS

▪ Group 1 –You are the BSA Officer

and must ensure your BSA Program is up to the task of stopping them!

▪ Group 2 –You are the mastermind

behind the plan – what is it?

DEA intelligence has uncovered a plan by a sophisticated drug gang to place $100 million into mainstream financial services by the end of July because they believe weaknesses due to COVID- 19 can be exploited…

▪ Group 3 –You are the BSA Officer

and must ensure your BSA Program is up to the task of thwarting insider fraud!

▪ Group 4 –You are a trusted

employee but have grown tired of the 9-to-5 and believe that now is your chance to change your life!

To manage expenses and ensure the health and safety of credit union staff, your credit union will be moving to a more remote workforce scenario …

▪ Group 5 – FinCEN’s Innovation

Hour provides time for users and providers of regulatory and financial technology to discuss BSA-related innovative products and services. You have been selected to present your ideas and we can’t wait to hear them!

▪ Group 6 – As the BSA Officer, you are

worried that staff does not take their BSA responsibilities seriously. Due to COVID-19 and a high percentage of

• lder or unemployed members, you

want to revamp internal BSA training.

▪ How would you educate members about

COVID-19 scams, especially those most vulnerable?

▪ What ideas do you have to help staff

better understand their role in BSA?

▪ Breaking Bad Challenge

▪ Group 1 – BSA Program ▪ Group 2 – The bad guys

▪ Remote Workforce

▪ Group 3 – BSA Program ▪ Group 4 – Remote Workers

▪ Innovation Hour

▪ Group5

▪ Education Department

▪ Group 6

ENFORCEMENT ACTIONS & OUTCOMES

WHAT TO LOOK FOR…

beneficial owner due diligence cyber-activity deposit-to-ATM & wire withdrawals transaction changes

RISK ASSESSMENT

Melia D. Heimbuck Melia.Heimbuck@CUSolutionsGroup.com 303-981-4444