101/2014
AML/BSA 101: Essential Training for Compliance Professionals
Edwin F. Beemer III APR, CAMS
Principal
ComplianceComm
Arlington, VA
R. Joe Soniat, CFE, CAMS, BCP
Bank Secrecy Act Officer
Union Bancshares
Richmond, VA
AGENDA
01/2014 2
8:45 am –9:00 am
WelcomeRemarks
12:15 pm –1:15 pm
Networking Luncheon
9:00 am –10:00 am
Exploring the Evolution of Money Laundering & Financial Crime
1:15 pm –3 :00 pm
Laying a Solid Foundation for your AML Operations with an Effective Risk Assessment Program
10:0 am –10:15 am
Networking & Refreshment Break
3:00 pm –3:15 pm
Networking & Refreshment Break
10:15 am –12 :00pm
Examining the Four Pillars of AML/BSA Programs
3:15 pm –4:45 pm
Analyzing Key Elements of a Robust AML Program
12:00 pm –12:15 pm
Interactive Q&A 4:45 pm –5 :00pm
Q&A Closing Remarks
DEFINITION1. Money laundering -- the process of concealing the
source of funds gained through illegal activity by attempting to “wash” the money through legitimate financial channels.
2. Money laundering is the disguising of funds derived from illicit activity so that the funds may be used without detection of the illegal activity that produced them. It is typically accomplished in three stages:
Placement
Layering
Integration01/2014 5
Who may play a part in laundering the money
01/2014 7
How
Banks and Other Depository Institutions
Electronic Transfers of Funds, Electronic Banking, Cash, Monetary Instrument, Electronic Cash, Lending Activity, Trade Financing, Correspondent Banking, Payable -Through Accounts, Concentration Accounts, Private Banking, Bank Complicity
Non-Bank Financial Institutions
Money Service Businesses (Money Remitters and Money Exchange Houses), Credit Card Industry, Pawn Shops, Casinos and card clubs., loan or finance companies, Dealers in High-Value Items (Precious Metals, Jewelry, Art , etc .)
Insurance Companies Most significant laundering and terrorist financing risks in the insurance industry are found in life insurance and annuities products.
Real Estate Industry The laundering cases that have involved the use of criminal proceeds in real estate transactions support the need for this sector to be under the anti-money laundering regulatory umbrella.
Vehicle Sellers 1. Structuring cash deposits below the reporting threshold, or purchasing vehicles with sequentially numbered checks or money orders.
2. Trading in vehicles and conducting successive transactions of buying and selling new and
used vehicles to produce complex layers of transactions.3. Accepting third-party payments, particularly from jurisdictions with ineffective money
laundering controls.
How
Travel Agencies 1. Purchasing an expensive airline ticket for another person who then asks for a refund.2. Structuring wire transfers in small amounts to avoid recordkeeping requirements, especially
when the wires are from foreign countries.
Gatekeepers : Notaries, Accountants, Auditors , Lawyers
1. Performing financial transactions2. Providing financial and tax advice3. Buying or selling property Creating corporate vehicles or other complex legal arrangements,
such as trusts. Such arrangements may serve to confuse the links between the proceeds of a crime and the perpetrator.
4. Providing introductions to financial institutions.
Investment and Commodity Advisers
1. Withdrawal of assets through transfers to unrelated accounts or to high-risk countries.2. Frequent additions to or withdrawals from accounts.3. Checks drawn on, or wire transfers from, accounts of third parties with no relation to the
client.
Trust and Company Service Providers
1. Acting as a formation agent of legal persons2. Providing a registered office, business address or correspondence for a company, a
partnership or any other legal person or arrangement.3. Acting as (or arranging for another person to act as) a trustee of an express trust.4. Acting as (or arranging for another person to act as) a nominee shareholder for another
person.5. Acting as (or arranging for another person to act as) a director or secretary of a company, a
partner of a partnership, or a similar position in relation to other legal persons.01/2014 8
Who may play a part in laundering the money
How
Nongovernmental Organizations and Charities
Because NGOs can be used to obtain funds for charitable organizations, the flow of funds both into and out of the NGO can be complex, making them susceptible to abuse by money launderers and terrorists.
Cash-Intensive Businesses Some businesses and entities may be misused by money launderers to legitimize their illicit proceeds. For example, a criminal may own a cash-intensive business, such as a restaurant, and use it to launder currency from illicit criminal activities. The restaurant’s currency deposits with its bank do not, on the surface, appear unusual because the business is legitimately a cash-generating entity.
Securities Broker-Dealers 1. Its international nature.2. The speed of the transactions.3. The ease of conversion of holdings to cash without significant loss of principal.4. The routine use of wire transfers from, to or through multiple jurisdictions.5. The competitive, commission-driven environment, which, like private banking,
provides ample incentive to disregard the source of client funds.
01/2014 9
Who may play a part in laundering the money
Evolution of Money Laundering and Financial Crime
• Understanding your requirements under the US Bank Secrecy Act, the USA PATRIOT Act and related AML requirements
• Examining the practical impact of the expanded definition of what constitutes a financial institution
• Connecting AML regulatory obligations to your responsibilities as a compliance professional
• Reviewing international AML standards, regulations and established procedures
01/2014 11
U.S. Regulations and Rules• Bank Secrecy Act (BSA), as amended, including the USA
PATRIOT Act
• 31 USC 5311 et seq.
• BSA Regulations (31 CFR 103 Chapter X)
• Federal Functional Regulator regulations and rules (e.g., OCC and Fed AML Program and SAR filing regulations, FINRA and SEC Rules)
• State regulations and rules (e.g., rules applicable to MSB licensing and registration, casinos)
01/2014 16
Bank Secrecy Act• Financial Institutions (FIs) must identify the source,
volume and movement of currency and other instruments deposited into financial institutions or transmitted into or out of the U.S.
• FIs must file Currency Transaction Reports (CTRs) for designated thresholds, which are used to identify individuals conducting cash transactions and maintain a paper trail
• FIs must file Suspicious Activity Reports (SARs) when transaction activity patterns might signify money laundering or other criminal activity.
01/2014 17
RegulationsBank Secrecy Act (BSA) Statute
• 31 U.S.C. 5311-5314e
• 5316-5330
• 5331
• 5332e
• 12 U.S.C. 1829b
• 12 U.S.C. 1951-1959e
• Federal Crime of Money Laundering - Title 18, U.S. Code, Crimes and Criminal Procedure
• Federal Crime of Operating an Unlicensed or Unregistered Money Transmitting Business - Title 18 U.S. Code, Crimes and Criminal Procedure
Codified Bank Secrecy Act (BSA) Regulations
• 31 CFR Chapter X (Effective March 1, 2011)
• 31 CFR Part 103 (Effective through February 28, 2011)
01/2014 18
19
USA PATRIOT Act• "Uniting and Strengthening America by Providing Appropriate
Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001
• Section 311– 5 Special Measures
• Section 312– Special Due Diligence for Correspondent & Private accounts
• Section 313– Prohibition against Foreign Shell Banks
• Section 314a– Sharing of information between Government & FIs
• Section 314b– Voluntary sharing of information between FIs
01/2014
USA PATRIOT Act• Section 319
– Reply within 120 hrs to U.S. regulator request– Reply within 1 week to law enforcement request– US FIs must know of an agent for service of legal process within the
U.S. address for foreign banks
• Section 326– A Customer Identification Program (CIP)
• Section 351– Suspicious Activity Reports (SAR) Safe Harbor
• Section 352– Requires Internal Control, Officer, Training & Independent Testing
• Section 373– Money Service Businesses (MSB) must be licensed
01/2014 20
Regulatory Environment• FinCEN• Federal Functional Regulators (e.g., CFTC,
Federal Reserve, FDIC, NCUA, OCC, SEC)• SROs (e.g., FINRA, NFA)• State Regulators (e.g., state banking, gaming or
insurance commissioners)• IRS• OFAC
01/2014 21
01/2014 22
Regulatory EnvironmentINDUSTRY Must file Form
8300Report of Cash Payments Over
$10,000 Received in a
Trade or Business
Must File SARs and CTRs
Mandatory E-File as of
04/01/2013
Must have AML Program
Must have Customer ID
Program
Depository Institutions No Yes Yes YesCasinos and Card Clubs No Yes Yes YesMoney Services Businesses(Check Cashers, Money Remittance, Currency Dealers and Exchangers)
No Yes Yes No
Securities Broker-Dealers No Yes Yes YesCredit Card Operators Yes No Yes NoMutual Funds Yes SARs only Yes YesFutures Commission Merchants No Yes Yes YesDealers in Precious Metals, Stones or Jewels Yes No Yes NoCertain Insurance Companies (company issues/underwrites permanent life insurance policy, annuity contracts & other insurance product with ash or investment features) Does not apply to agents or brokers
No SARs only Yes Yes
Residential Mortgage Loan Originators/Lenders
No Yes Yes Yes
A Bank’s BSA Compliance Program must have the following elements:
1. A system of internal controls to assure ongoing compliance with the BSA; 2. Independent testing for BSA/AML compliance; 3. A designated individual or individuals responsible for coordinating and monitoring BSA/AML compliance; and 4. Training for appropriate
Why is BSA / AML Important:
Protect the Safety and Soundness of the Financial Institutions
Current Economic Conditions
Enhanced Regulations
Centralized and Efficient Exchange of Information
Assisting Law Enforcement
Terrorist Financing
01/2014 23
BSA Compliance Program
• BSA AML Program Structures
– Size of the Bank
– Assessment of the risk
– Products and Services offered
– Business Lines at the bank
• Private Banking
• Mortgage
• Investments
01/2014 24
Elements of a BSA / AML Exam
01/2014 25
• The federal banking agencies require each bank under their supervision to establish and maintain a BSA compliance program
• In accordance with the Patriot Act, FinCEN’s regulations require certain financial institutions to establish an AML compliance program that guards against money laundering and terrorist financing and ensures compliance with the BSA and its implementing regulations.
• The federal banking agencies work to ensure that the organizations they supervise understand the importance of having an effective BSA/AML compliance program in place.
FinCEN ‘s Role: Under the Bank Secrecy Act (BSA), 31 U.S.C. 5311 et seq., and its implementing regulations at 31 C.F.R. Chapter X
FinCEN may bring an enforcement action for violations of the reporting, recordkeeping, or other requirements of the BSA. FinCEN's Office of Enforcement evaluates enforcement matters that may result in a variety of remedies, including the assessment of civil money penalties.
Civil money penalties may be assessed for recordkeeping violations under 31 C.F.R §1010.415 For reporting violations for failing to file a currency transaction report (CTR) in violation of 31 C.F.R. §1010.311, a suspicious activity report (SAR) in violation of 31 C.F.R. § 1021.320, a report of foreign bank and financial accounts (FBAR) in violation of 31 C.F.R §1010.350.
BSA/AML Examination Manual by FFIEC
Go to website: www.ffiec.gov to retrieve Manual
01/2014 26
Click BSA/AML Infobaseto access the BSA Exam
manual
27
The FATF 40 RecommendationsIssued in 1990
1996 – broadened scope beyond drug ML
After 2001 – added 9 recommendations on TF
2003 – stronger standard for ML predicate offenses, extended CDD and CIP, AML/CFT for nonfinancial businesses (casinos, real estate agents, dealers in precious metals/stones, lawyers, trust and company service providers, notaries, accountants (with some qualifiers); encouraged prohibition of shell banks; stronger safeguards for TF in the international space; expanded coverage to include TF
01/2014
International AML Standards• Financial Action Task Force (FATF) http://www.fatf-
gafi.org/
• European Directives on AML http://ec.europa.eu/eu_law/introduction/what_directive_en.htm
• The Wolfsberg AML Principles http://www.wolfsberg-principles.com/
• The Basel Committee on Banking Supervision http://www.bis.org/bcbs/
• Regional FATF Groups http://www.fatf-gafi.org/01/2014 28
What is FATF?
• FATF – independent inter-governmental body that develops and promotes policies to protect the global financial system against ML, TF and financing of WMD
• 36 member countries
• Headquartered in Paris
• Originally was the G-7 FATF
• Regional FATF-like organizations01/2014 29
Regional FATF Organizations
• Asia/Pacific Group
• Caribbean FATF
• South America Task Force
• Middle East/North Africa Task Force
• Eurasian Group
• Eastern & South African AML Group
01/2014 30
FATF Focus:
• Spreading AML message worldwide by publishing guidance and best practices (setting global standards) and
• Monitoring implementation of FATF 40 recommendations (self assessment and mutual evaluation procedure) and ensuring compliance
• Identifying ML trends, threats and countermeasures
01/2014 31
32
The FATF 40 Recommendations – Highlights:• Risk-based approach
• Designated categories of offenses to serve as ML predicates
• TF and financing of proliferation
• Knowledge & criminal liability
• CDD measures
• Suspicious transaction reporting
• Transparency and beneficial ownership
• Powers and responsibilities of competent authorities
• International cooperation
01/2014
33
The FATF 40 RecommendationsIssued in 1990
1996 – broadened scope beyond drug ML
After 2001 – added 9 recommendations on TF
2003 – stronger standard for ML predicate offenses, extended CDD and CIP, AML/CFT for nonfinancial businesses (casinos, real estate agents, dealers in precious metals/stones, lawyers, trust and company service providers, notaries, accountants (with some qualifiers); encouraged prohibition of shell banks; stronger safeguards for TF in the international space; expanded coverage to include TF
01/2014
34
The FATF 40 Recommendations 2012 Revisions:
• Combined the nine special recommendations for TF into the 40 recommendations
• Created recommendation on assessing risks and applying risk-based approach
• Created recommendation for targeted financial sanctions related to WMD
• Focused more attention on domestic PEPs
01/2014
35
European Union Directives on ML • There are three EU Directives
• Require EU member states to achieve (by amending national law if necessary) specified results
• EU can adopt measures that have the force of law even without the approval of the national parliaments of the various member states; European law prevails over national law in the case of directives
• Directives have more weight than say FATF voluntary standards
01/2014
36
European Union Directives on ML • First – adopted June 1991; required members to enact laws to prevent
their financial systems from being used for ML
• Second – adopted December 2001; amended 1st directive to require stricter ML controls across the continent
– Extended scope beyond drug-related crimes
– Expanded coverage to bureaux de change and money remitters
– States that knowledge of criminal conduct can be inferred from objective factual circumstances
– Provided more precise definition of ML
– Expanded types of businesses and professions that are covered
01/2014
3rd European Directive• Defines Money Laundering & Terrorist Financing as separate
crimes
• Emphasizes the Beneficial Owner
• Details risk-based approach to Customer Due Diligence
• Protects employees who report suspicious activity
• Requires statistics related to reporting of suspicious activity be maintained
01/2014 37
3rd European Directive
• Applies to :
– Financial & Credit Institutions
– Auditors & Accountants,
– Tax Advisors & Lawyers
– Casinos
– Realtors
– Dealers who trade in cash
01/2014 38
2ND Differs from 3rd Because:
• Specifically includes category of trust and company service providers
• Covers all dealers trading in goods who trade in cash over 15,000 Euros
• Definition of financial institution includes certain insurance intermediaries
01/2014 39
What is the Wolfsburg Group?
• An association of 11 global banks that aims to develop financial services industry standards and related products for Know Your Customer, anti-money laundering and counter terrorist financing policies
• Formed in 2000
• Named for Wolfsburg Castle in Switzerland
01/2014 40
Wolfsberg Group• Their issued guidance includes:
– Risk-Based Approach for Managing Money Laundering Risks
– Private Banking
– Correspondent Banking
– Financing of Terrorism
– Monitoring Screening and Searching
• Principles in guidance hold NO force of law
01/2014 41
What is the Basel Committee on Banking Supervision?
• Committee of banking supervisors from around the globe that promote sound supervisory standards
• Associated with Basel, Switzerland
• Established in 1974
• Has issued white papers:
– Prevention of Criminal Use of the Banking System for the Purpose of ML
– Core Principles for Effective Banking Supervision
– Customer Due Diligence for Banks
01/2014 42
Basel Committee
• Also issued a document on the KYC process identifying four key elements of KYC including customer identification, risk management, customer acceptance and monitoring
• KYC guidance also emphasizes:
– Importance of KYC standards
– Elements of KYC standards
– Role of Supervisors
– Cross Border implementation of KYC01/2014 43
What is the Egmont Group?• A group of financial intelligence units (FIU) that
provide a forum to improve cooperation in the fight against ML among FIUs around the world
• Formed in 1996
• Member FIUs sign memoranda of understanding with each other to accommodate cooperation and sharing of information
• More than 100 members
01/2014 44
Office of Foreign Assets Control (OFAC) Certain economic trade and/or financial transactions are
prohibited against named individuals and entities. Assets must be blocked or frozen and reported to OFAC.
All U.S. persons must comply with OFAC regulations, (includes all U.S. citizens and permanent resident aliens regardless of where they are located, all persons and entities within the United States, all U.S. incorporated entities and their foreign branches).
To keep it simple, the United States does not do business with the enemy.
http://www.treasury.gov/resource-center/sanctions/Pages/default.aspx
01/2014 46
OFACFinancial Institutions rely on OFAC interdiction systems that utilizes a filter to perform name validation to comply with OFAC as follows:New Accounts (new clients and loan applicants)
Incoming/Outgoing wire transfers
All parties related to a loan
Credit card issuance to commercial card holders
Letter of credit applicants, foreign banks, beneficiaries and vessels
Payments to new vendors before signing contracts
New hires to the Bank
Non-Customers (Cash Advances, US Bond Redemptions & Monetary Instruments)
Entire customer database on a monthly basis against the most current OFAC list.
01/2014 47
The Four Pillars of AML/BSA Programs
Internal controls, policies and procedures for compliance programs
Independent testing, Audit and validation
Importance of targeted employee training
AML officer’s role and responsibilities
01/2014 50
Internal Controls Should… • Identify banking operations (i.e., products, services, customers,
entities, and geographic locations) more vulnerable to abuse by money launderers and criminals; provide for periodic updates to the bank’s risk profile; and provide for a BSA/AML compliance program tailored to manage risks.
• Inform the board of directors, Audit committee, and senior management,
– compliance initiatives
– identified compliance deficiencies and corrective action taken
– Notify directors and senior management of SARs filed.
• Identify a person or persons responsible for BSA/AML compliance.
01/2014 51
Internal Controls Should…• Provide for program continuity despite changes in management or employee
composition or structure.
• Meet all regulatory recordkeeping and reporting requirements, meet recommendations for BSA/AML compliance, and provide for timely updates in response to changes in regulations.33
• Implement risk-based CDD policies, procedures, and processes.
• Identify reportable transactions and accurately file all required reports including SARs, CTRs, and CTR exemptions. (Banks should consider centralizing the review and report-filing functions within the banking organization.)
• Provide for dual controls and the segregation of duties to the extent possible. For example, employees that complete the reporting forms (such as SARs, CTRs, and CTR exemptions) generally should not also be responsible for the decision to file the reports or grant the exemptions.
01/2014 52
Internal Controls Should…• Provide sufficient controls and systems for filing CTRs and CTR
exemptions.
• Provide sufficient controls and monitoring systems for timely detection and reporting of suspicious activity.
• Provide for adequate supervision of employees that handle currency transactions, complete reports, grant exemptions, monitor for suspicious activity, or engage in any other activity covered by the BSA and its implementing regulations.
• Incorporate BSA compliance into the job descriptions and performance evaluations of bank personnel, as appropriate.
• Train employees to be aware of their responsibilities under the BSA regulations and internal policy guidelines.
01/2014 53
AML Officer’s Role and Responsibilities • The bank’s board of directors must designate a qualified
individual to serve as the BSA compliance officer.
• The BSA compliance officer is responsible for coordinating and monitoring day-to-day BSA/AML compliance.
• The BSA compliance officer is also charged with managing all aspects of the BSA/AML compliance program and with managing the bank’s adherence to the BSA and its implementing regulations.
• The board of directors is ultimately responsible for the bank’s BSA/AML compliance.
01/2014 54
55
Independent Testing, Audit and Validation • An evaluation of the overall adequacy and effectiveness of the BSA/AML
compliance program, including policies, procedures, and processes. Typically, this evaluation will include an explicit statement about the BSA/AML compliance program’s overall adequacy and effectiveness and compliance with applicable regulatory requirements. At the very least, the audit should contain sufficient information for the reviewer (e.g., an examiner, review auditor, or BSA officer) to reach a conclusion about the overall quality of the BSA/AML compliance program.
• A review of the bank’s risk assessment for reasonableness given the bank’s risk profile (products, services, customers, entities, and geographic locations).
• Appropriate risk-based transaction testing to verify the bank’s adherence to the BSA recordkeeping and reporting requirements (e.g., CIP, SARs, CTRs and CTR exemptions, and information sharing requests).
• An evaluation of management’s efforts to resolve violations and deficiencies noted in previous audits and regulatory examinations, including progress in addressing outstanding supervisory actions, if applicable.
01/2014
Independent Testing, Audit and Validation• A review of staff training for adequacy, accuracy, and completeness.
• A review of the effectiveness of the suspicious activity monitoring systems (manual, automated, or a combination) used for BSA/AML compliance. Related reports may include, but are not limited to:
– Suspicious activity monitoring reports.
– Large currency aggregation reports.
– Monetary instrument records.
– Funds transfer records.
– Nonsufficient funds (NSF) reports.
– Large balance fluctuation reports.
– Account relationship reports.
• An assessment of the overall process for identifying and reporting suspicious activity,
• Review of filed or prepared SARs to determine their accuracy, timeliness, completeness, and effectiveness of the bank’s policy.
• An assessment of the integrity and accuracy of MIS used in the BSA/AML compliance program. MIS includes reports used to identify large currency transactions, aggregate daily currency transactions, funds transfer transactions, monetary instrument sales transactions, and analytical and trend reports.
01/2014 56
Training Program
• Training must be provided to all personnel who require knowledge on BSA AML
• Training programs must be appropriately tailored and documented
• The Metrics, including attendance, must be available for exam review
01/2014 57
Culture of Compliance • Leadership should be engaged
– Players• Board of Directors • Senior and Executive Management • Owners and operators
– Commitment should be visible • To influence the attitudes of others within the organization
• Compliance should not be compromised by revenue interest – Compliance should be empowered with sufficient authority and
autonomy
• Information should be shared throughout the organization • Leadership should provide adequate human and technological
resources
Culture of Compliance • The program should be effective and tested by
an independent and competent party
• Leadership and staff should understand how their BSA reports are used – Serve as tips to initiate investigations
– Expand existing investigations
– Promote international information exchange
– Identify significant relationships, trends and patterns
Penalties for Non-Compliance• Criminal penalties for willful violations of the BSA and its implementing regulations under 31 USC 5322
and for structuring transactions to evade BSA reporting requirements under 31 USC 5324(d).
– For example, a person, including a bank employee, willfully violating the BSA or its implementing regulations is subject to a criminal fine of up to $250,000 or five years in prison, or both.
– A bank that violates certain BSA provisions, including 31 USC 5318(i) or (j), or special measures imposed under 31 USC 5318A, faces criminal money penalties up to the greater of $1 million or twice the value of the transaction.
• Pursuant to 12 USC 1818(i) and 1786(k), and 31 USC 5321, the federal banking agencies and FinCEN, respectively, can bring civil money penalty actions for violations of the BSA. I
– Individuals may be removed from banking pursuant to 12 USC 1818(e)(2) for a violation of the AML laws under Title 31 of the U.S. Code, as long as the violation was not inadvertent or unintentional.
• Any property involved in a transaction or traceable to the proceeds of the criminal activity, including property such as loan collateral, personal property, and, under certain conditions, entire bank accounts (even if some of the money in the account is legitimate), may be subject to forfeiture.
• Pursuant to various statutes, banks and individuals may incur criminal and civil liability for violating AML and terrorist financing laws.
• Banks risk losing their charters, and bank Teammates risk being removed and barred from banking.
• All of these actions are publicly available.
01/2014 60
Testing and Reviews
• Testing staff on their comprehension of the training
– BSA AML Review
– Target Training to those who need it
• Know Your Employee
– Accountability for errors
– Assessing Risk
• Used in the employees incentive program01/2014 62
What is Tested and Reviewed• Customer Identification Program
• Customer Due Diligence Program (CDD)
• OFAC Compliance
• Currency Transaction Reporting
• Negotiable Instrument Log Tracking
• Data Validity
• Suspicious Activity monitoring
• Fraud monitoring
01/2014 63
Know Your Employee (KYE)• Accountability for errors
– When reviewing for errors by branch staff be sure to document who made the errors to track certain employees that need more training
• Assessing Risk
– Assess the risk of employees that may be overlooking certain regulations, use the opportunity to help coach them to understand the regulations
• Target Training for staff
– KYE gives the BSA Team the opportunity to give specialized training to areas of BSA that staff may need to be coached in further
01/2014 64
Effects of BSA Errors
• When reporting the errors to management it is important to point out certain factors
– What section of the BSA program is the error
– What is the exact BSA error
– What are the possible effects of the BSA errors on the Bank
– What can be done to resolve the errors going forward
01/2014 65
Summary
• Assess the risk of your institution being used as a conduit to launder funds though
• Review and test key BSA / AML functions to determine how employees perform
• Document information from investigations
• Use analytics to look for patterns and trends of the branch staffs compliance with BSA / AML functions
01/2014 66
Laying a Solid Foundation for your AML Operation with an Effective Risk Assessment Program
01/2014 67
Laying a Solid Foundation for your AML Operation with an Effective Risk Assessment
Program • Defining AML risk and understanding how to measure your
institution’s inherent risk
• Learning to identify the gaps in your AML operations and implementing effective risk mitigation controls and understand your residual risk
• Outlining the core components of the risk assessment you provide to examiners
• Communicating your institution’s risk vulnerabilities to senior management
01/2014 68
FFIEC BSA/AML Exam Manual (04/2010)http://www.ffiec.gov/bsa_aml_infobase/default.htm
01/2014 69
Parameters of Risk Assessment
INHERENT RISK
• Identify the risk exposure (list each risk) before any controls are in place as it applies to AML/BSA/OFAC in the various categories:
– Customer Base
– Products and Services
– Geography
• Identify the consequences of each risk
01/2014 70
Parameters of Risk Assessment
MITIGATED RISK
What controls are in place to reduce the risk exposure?
• Policies and Procedures
• Train staff
• Products and Services performed for customers only. Non-customer activity not allowed
• Certifications
• Independent Audits01/2014 71
Parameters of Risk Assessment
QUALITY OF RISK vs. QUANTITY OF RISK
• QUALITY of Risk = Residual Risk Exposure• Low• Moderate• High
• QUANTITY of Risk = Controls• Weak• Fair• Satisfactory
• NOTE: Larger institutions with dedicated business lines, should also have a Risk Assessment performed on each area that impacts your BSA program (i.e., Electronic Banking, Central Operations, International Division, Loan Operations, etc.)
01/2014 72
Parameters of Risk Assessment
IDENTIFY and MEASURE RISK
Aggregate your risk; summary judgment about the overall level of risk in these areas and as a whole:
– Products
– Services
– Customers
– Geographic Locations
01/2014 73
Parameters of Risk Assessment
DIRECTION OF RISK
A prospective assessment of the probable movement in aggregate risk over the next 12 months:
• Stable
• Decreasing
• Increasing
01/2014 74
Parameters of Risk Assessment
Results after Mitigants = Risk Based BSA Program
1. Internal Controls
2. BSA Compliance Officer
3. Training
4. Audit
The Four Pillars of a BSA/AML Program
01/2014 75
Risk Assessment Case Study A (handout)• Bank Maximus Bank
• Location Springfield, Illinois
• Number of Branches 90
• Summary:
– Headquartered in Springfield, Illinois, Maximus Bank, which has 90 branches and more than 150 ATMs throughout Illinois. Non-bank affiliates of the holding company include: Maximus Investment Services, Inc., which provides full brokerage services; Maximus Mortgage Group, Inc., which provides a full line of mortgage products. Maximus Bank
01/2014 76
77
Risk Assessment Case Study B (handout)• Bank Big Little Bank
• Location Miami, Florida
• Number of Branches 7
• Summary:
– Headquartered in Miami, Florida, Big Little Bank, which has 7 branches and more than 40 ATMs throughout Miami, the Florida Keys and one bank in the Bahamas. Non-bank affiliates of the holding company include: Big Little Investment Services, Inc., which provides full brokerage services; Big Little Mortgage Group, Inc., which provides a full line of mortgage products; and Big Little Insurance Group, LLC, which offers various lines of insurance products. Big Little Bank offers the following products and services and has a breakdown of the below customer base.
01/2014
• Money Launderers can be everyday people
• Walter White is a bad bad man
• How using a cash intensive business can help launder funds
• How lawyers can be used by launderers to gain access to financial system
– Using lawyers to hide beneficial ownership
• How Casinos can be used to launder funds
• How investments can be used to hide the source of funds
• The intricacies of the scheme
• The three stages of Money Laundering
– Placement
– Layering
– Integration
• Criminals are aware of the money laundering regulation and work at ways to avoid reporting requirements
• Use of Safety Deposit Boxes to launder funds
Things We Learned
From Breaking Bad
About Money
Laundering…
01/2014 79
Things we learned from Homeland about Terrorist Financing How Shell Companies are used to hide funds
The use of OFAC to stop terrorist financing
How Terrorist Financing is a global affair
Utilizing companies to “wash their cash”
Using the soccer teams concessions and ticket sales to wash illicit funds through
Hiding the beneficial ownership of the company leading to hiding the true owner of the funds
01/2014 80
Analyzing Key Elements of a Robust AML Program
• Developing effective Know Your Customer (KYC) procedures, including customer identification programs (CIP), enhanced due diligence (EDD) processes and identifying Politically Exposed Persons (PEPs)
• Understanding your obligations under the Office of Foreign Assets Control (OFAC) and other international sanctions regimes
• Identifying the specific types of transactions that must be monitored to identify suspicious activity
• Addressing the many facets of suspicious activity reporting (SAR) requirements
01/2014 81
Know Your Customer (KYC)• From The Basel Committee on Banking Supervision
(CDD for banks paper)
– Without due diligence, banks can become subject to reputation, Operational, legal and concentration risk, which can result in significant financial cost
– Sound KYC policies and procedures are critical in protecting the safety and soundness of the banks and the integrity of the banking system
KEEP THE DIRTY MONEY OUT
01/2014 82
Know Your Customer (KYC)• Money Laundering continues to be a key issue for many banks and
businesses due to recent developments in the middle East and other areas of the world.
• Appropriate level of Due Diligence is risk-based to determine beneficial owners for example:
– Domestic versus Foreign
– Cash Intensive versus electronic transactions
– Volume of Activity
– Type of business (bakery versus manufacturer of machine parts)
• Determine types of business/clientele the Bank prohibits due to Bank’s risk tolerance.
01/2014 83
Know Your Customer (KYC)• Collect information on the client’s expected activity. This
information is used to compare activity that is inconsistent or out of pattern with “normal” business transactions.
• Information provided is utilized to review and assess the clients activity conducted through their accounts. (historical comparison)
– Helpful to know the occupation, business type, products/services client produces, client’s customer base, detail on volume of activity unique to client’s industry, etc.
– Ongoing process to keep client information updated: Should not have “stale” data on client.
01/2014 84
CDD Requirements • Key Elements
– Identifying and verifying the identity of customers• Already required
– Identifying and verifying the identity of beneficial owners of legal entity customers
– Understand the nature and purpose of the customer relationship
– Conducting ongoing monitoring to maintain and update customer information and to identify and report suspicious activity
Importance of CDD• Enhance availability of information to law
enforcement
• Identify assets and accounts of terrorist, money launderers, drug kingpins and other national security threats
• Help Financial institutions assess and mitigate risk
• Facilitate reporting and investigations in support of tax compliance
• Consistency in implementing and enforcing CDD regulatory expectations
Enhance availability of information to law enforcement
• Combat the use of shell companies used to launder illicit proceeds
• Combat the use of front companies
The Tale of Two Businesses
01/2014 88
Joe’s Pizza Smoe’s Pizza
• Mom and Pop pizza restaurant / sports bar located in a collage town
• Restaurant charges $10 for a large cheese pizza and $2 per topping
• Limited variety of beer on tap • Restaurant has a TV at each
table along with 30 Flat screen TVs on the walls and 2 inch TVs at each end of the restaurant
• Locally owned Pizza restaurant sports bar located in a collage town
• Restaurant charges $7 for a large cheese pizza and $1 per topping
• Multiple varieties of beer on tap • Restaurant has a TV at each
table along with 30 Flat screen TVs on the walls and 2 inch TVs at each end of the restaurant
Consider the Customer
01/2014 92
Low Risk Customer • Established existing
customer in good standing
• Predictable behavior
High Risk Customer • Type of business (Money
Service Business, Pawn Shop, Jewelry store etc.)
• Uses many of the banks products and services including wires and online banking
• New customer to the bank• “Cash intensive” customers
(enhanced reporting, additional monitoring)
93
Consider the Transaction• Low Risk Transactions
– Face to Face
– Domestic
– Typical (trends, patterns, etc.)
• High Risk Transactions
– Not Face to Face
– Foreign
– Atypical (trends, patterns, etc.)
– New customer relationship/account less than 90 days
01/2014
High Risk Accounts• Enhanced Due Diligence needed
• Cost / Benefit of having the account
– Does your bank want this type of account (Ex. Money Service Business / Cash Intensive)
– Will it benefit the institution
– What are the RISK
• Business Codes
– Utilized for monitoring purposes
– Utilized for Risk Ranking
01/2014 94
More Types High Risk Customers • Politically Exposed Persons (PEP)
– Senior Foreign Political Figure• Nonresident alien (NRA)
– an NRA is a non-U.S. citizen who: is not a lawful permanent resident of the United States during the calendar year and who does not meet the substantial presence test, or has not been issued an alien registration receipt card
• Cash-intensive businesses – Gas Station, Convenience Store
• Non-governmental organizations and charities (foreign and domestic) • Professional service providers
– Lawyers, Doctors, Accountants• Non-bank financial institutions
– Money Service Businesses
01/2014 95
Inconsistent Transactions • Nature of Business
– Does the transactions fit the business / Occupation of the customer.
• Similar situated businesses / members– Compare similar businesses in the same area to see if the transactions
fit.
• Between related relationships– Frequent internal transactions between like accounts (business to
Personal and vise versa)
• Avoidance of reporting or recordkeeping requirements– Structuring Transactions
• Deposit followed promptly by funds transferred
01/2014 96
EDD Tools
• Stay Current on AML issues and hot topics
• Review of Government Request: Subpoena and Search Warrants
• Visit to Businesses
• Visit to Branches
• Negative News
• Training
• Web Searches (refer to handout – Investigative Tools)01/2014 97
Hot Topics in BSA • Regulatory pressures
• Increase number of penalties and fines
• 3rd party payment processors
• Remote Deposit Capture: – Business
– Consumer
• Money Service Businesses
• Virtual Currency / Bitcoin
01/2014 99
Fraud Hot Topics• Elder Abuse
• Small Businesses at Greater Fraud Risk
• DDoS: Distributed Denial of service attacks
• Malware
• Mobile Attacks
• Account Takeover
• POS and Retail Breaches
• Anti-Fraud Investments
01/2014 100
• Customer Deposits $8,000 in cash once a week
– What are your next steps in investigations
01/2014 101
• Customer receives wires in from an eastern European country
• The funds from the wire go to purchase cashiers checks payable to car dealerships• What are your next steps in investigations
01/2014 102
• Customer Deposits a total of $15,000 a week in cash non of the cash ins are over $3,000.
• In the cash deposits there are also money orders purchased at a local MSB – What are your next steps in investigations
01/2014 103
Example 1:
Smurfing
• Involves the use of multiple individuals and/or multiple transactions for making cash deposits, buying monetary instruments or bank drafts in amounts under the reporting threshold.
01/2014 104
Securities Broker-Dealers• Its international nature.
• The speed of the transactions.
• The ease of conversion of holdings to cash without significant loss of principal.
• The routine use of wire transfers from, to or through multiple jurisdictions.
• The competitive, commission-driven environment, which, like private banking, provides ample incentive to disregard the source of client funds.
• The practice of brokerage firms of maintaining securities accounts as nominees or trustees, thus permitting concealment of the identities of the
true beneficiaries.
10/2014 105
01/2014 106
Securities Broker-Dealers Example• Josh opens a securities account at two brokerage firms with
money that he made through drug trafficking.
• One account, he takes a long position for a Eurodollar futures contract
• The other account, he takes a short position for a Eurodollar futures contract.
• Whatever the market does, the losses and profits will offset each other, and he can request the proceeds of his activity in the form of a check from a reputable brokerage firm.
Insurance Policies
• Colombian drug cartels were laundering large sums of money through the purchase of life insurance policies in Europe, the United States and offshore jurisdictions.
• The policies were purchased with drug proceeds sent to the insurance companies via wire transfers and checks by third parties around the globe.
• The cartel purchase at least 250 life insurance policies and launder some $80 million in drug proceeds.
10/2014 108
Money Laundering Insurance Companies• Borrowing against the cash surrender value of permanent life insurance
policies.
• Selling units in investment-linked products (such as annuities).
• Using insurance proceeds from an early policy surrender to purchase other financial assets.
• Buying policies that allow the transfer of beneficial interests without the knowledge and consent of the issuer (e.g., secondhand endowment and bearer insurance policies).215
• Purchasing insurance products through unusual methods such as currency or currency equivalents.
• Buying products with insurance termination features without concern for the product’s investment performance.
01/2014 109
Is This Suspicious? (handout)
01/2014 110
Unemployed homemaker receives round dollar ACH credits from PayPal aggregating to 25,000 per month. She withdraws $4,000 - $5,000 in cash every other Friday.
Client who owns a liquor store starts depositing large amounts of 3rd party checks. Some are payroll checks written to individuals, the largest one you see is for $1657.00.
Client queries about amounts of currency that can be deposited without a CTR being filed. He is never observed making cash transactions at the branch where he inquired.
Retired librarian deposits $66,000 in $100 bills.
Contractor deposits checks made payable to his business and always takes $8,500 in cash back. He states that it is to pay his subcontractors.
“Unemployed Student” opens an account with $100 cash. Account is dormant for 3 months and then 4 wires for $9965 USD are received from the same originating bank in the Bahamas over a 10 day period. The originating parties are all different individuals. All the funds are then wired to a 5th individual in the Czech Republic.
01/2014 111
Is This Suspicious? (handout)Pharmacist withdraws $7,000 to $9,000 in cash every 2 weeks from the business account for his pharmacy and states that it is his payroll. He has a direct deposit to his personal account from “Automatic Payroll Solutions” for $3,452.86 every 1st and 15th of the month.
Client requests $4,000 in $100 bills to refill the ATM machine at his liquor store.
Client requests to send a wire to “Iran Shadowy Company” in Germany.
Client deposits $14,000-15,000 in cash every month and states that it is rental income.
$50,000 Escrow check deposited. Withdrawals made in $7,000 increments over 2 weeks. Total withdrawn $49,000. Client states he is remodeling his home.
Employees of a business are purchasing cashier’s checks with cash payable to owner of business. Type of business not known to be cash intensive.
NBA player deposits $100,000 in cash.
HOW WOULD YOU LAUNDER THE MONEY???
If you were given $100,000 in cash a week, how would you launder the funds to hide the source?
01/2014 112
113
Getting the Point Across• Customer opens a business account for $500,000.00 (type of
business is a small mom and pop convenience store)
• The activity on the account shows cash ins from 6,000.00 –10,000.00 on a daily basis. Customer sends ACH transactions via western union on a daily basis. The Cash into the account = the ACH out of the account almost exactly
• The customer is investigated for possible structuring cash ins to avoid the CTR.
• After a few months law enforcement looks into the reports filed and decides to seize the funds of the customer, they seize the amount of the funds suspected of structuring (around $460,000.00
01/2014
Getting the Point Across
01/2014 114
• Lets take the same scenario below and add in the information to the right
• Customer opens a business account for $500,000.00 (type of business is a small mom and pop convenience store)
• The activity on the account shows cash ins from 6,000.00 – 10,000.00 on a daily basis. Customer structuring (around $460,000.00) sends ACH transactions via western union on a daily basis. The Cash into the account = the ACH out of the account almost exactly
• The customer is investigated for possible structuring cash ins to avoid the CTR.
• After a few months law enforcement looks into the reports filed and decides to seize the funds of the customer, they seize the amount of the funds suspected of suspected of structuring (around $460,000.00)
• When account first opened customer obtained a business credit card with a $10,000.00 limit
• Customer also had a mortgage on their home for $250,000.00
• Law enforcement finds the customer was illegally selling prescription drugs out of their store
• Law enforcement seizes all assets of the customer and the customer’s are charged
• The customer has a balance on their credit card of $8,500.00
• Customer owes $247,000.00 on their mortgage
• Possible loss to the bank $255,500.00
Getting the Point Across• Customer opens a business account for $1,000,000.00 (type of
business is a Farm with a produce stand)
• The activity on the account shows cash ins from 4,000.00 –8,000.00 on a daily basis. It is noticed that the cash ins during the off season drop but do not stop, CTRs are completed on the customer, however they are split cash ins performed at different branches on the same business day
• The customer is investigated for possible structuring cash ins to avoid the CTR.
• After a few months law enforcement looks into the reports filed and decides to seize the funds of the customer, they seize the amount of the funds suspected of structuring (around $780,000.00)
01/2014 115
Getting the Point Across
01/2014 116
• Lets take the same scenario below and add in the information to the right
• Customer opens a business account for $1,000,000.00 (type of business is a Farm with a produce stand)
• The activity on the account shows cash ins from 4,000.00 – 8,000.00 on a daily basis. It is noticed that the cash ins during the off season drop but do not stop, CTRs are completed on the customer, however they are split cash ins performed at different branches on the same business day
• The customer is investigated for possible structuring cash ins to avoid the CTR.
• After a few months law enforcement looks into the reports filed and decides to seize the funds of the customer, they seize the amount of the funds suspected of structuring (around $780,000.00)
• When account first opened customer obtained a business credit card with a $15,000.00 limit
• Customer also had a real estate loan on the farm land for $1,500,000.00
• Law enforcement finds the customer was growing POT and had a drug prep area on the farm
• Law enforcement seizes all assets of the customer and the customer’s are charged
• The customer has a balance on their credit card of $12,000.00
• Customer owes $1,450,000.00. on their mortgage
• Possible loss to the bank $1,462,000.00
Suspicious Activity Reporting (SAR) Requirements
• Electronic Filing of BSA Reports as of 4/1/2013
• Addressing the many facets of money laundering and fraud
• Prepare a narrative that provides enough detail for law enforcement to take notice: Who, What, Where, When and How
• File within 30-days of detecting suspicious activity
• Repetitive SARs, have up to 120-days to file additional SAR
• Safe Harbor protection from civil liability suits when SAR filed
• Provide law enforcement with backup SAR documentation when requested without a subpoena
01/2014 117
Suspicious Activity Reporting Requirements• Law Enforcement can request documents that support a SAR
filing, all other information requires a subpoena.
• SAR Decision Making:– Have a process (policy, procedures, training) to refer and identify
suspicious activity
– Who is the decision maker to file a SAR? Individual or Committee
– Process to NOT file a SAR (document decision and include documentation to justify decision)
• Notify Board of Directors of SAR filings
• Protect confidentiality of SAR information
01/2014 118
Suspicious Activity Reporting (SAR)SAR BY THE NUMBERS (by FinCEN): 2013 National Totals
01/2014 121
Number of SAR Filings2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013
January 23,535 22,705 39,475 39,895 56,378 52,160 56,170 50,481 59,110 65,574 12,232
February 23,472 28,501 37,437 45,197 56,750 57,731 60,944 52,875 56,594 67,010 21,088
March 24,597 31,051 43,469 52,414 58,356 57,791 74,987 65,431 70,611 66,336 45,719
April 22,688 29,350 42,185 46,792 51,525 64,184 65,360 61,344 67,871 69,213 67,278
May 21,454 29,788 43,866 50,800 50,277 57,707 58,816 54,780 69,247 76,060 72,255
June 21,821 31,028 44,660 50,706 51,407 58,490 59,741 58,961 66,322 66,085 63,579
July 22,335 32,413 40,193 45,079 56,971 61,520 58,893 57,415 65,591 70,160 70,857
August 23,183 35,480 46,278 50,352 53,925 65,982 56,510 61,469 70,373 75,843 74,312
September 25,549 31,162 46,132 44,208 49,957 60,820 56,530 57,708 64,871 65,870 68,751
October 27,959 34,949 44,135 49,517 58,652 72,215 58,546 57,511 65,888 72,339 79,201
November 25,066 36,983 51,248 48,821 52,569 63,025 54,530 58,906 64,835 65,823 69,631
December 26,684 38,261 43,577 43,299 52,409 60,938 59,282 60,486 77,375 100,545 69,027
Subtotal 288,343 381,671 522,655 567,080 649,176 732,563 720,309 697,367 798,688 860,858 713,930
Total Filings 6,932,640
01/2014 123
Joe Soniat, CAMS, CFE, BCPBSA/AML OfficerUnion Bancshares [email protected]
Ed Beemer APR, [email protected]