Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Melia D. Heimbuck, Esq., CUDE
Principal of Risk Management Solutions
CU Risk Intelligence
June 2020
▪ BSA Timeline
▪ Regulator & The Rules
▪ Recent Developments
▪ Breakout Activities
▪ Enforcement Actions & Outcomes
BSA TIMELINE
▪ Prior to the War of 1812, Treasury imposed sanctions against Great Britain for the harassment of American sailors.
▪ During the Civil War, transactions with the Confederacy were prohibited and the forfeiture of goods involved in such transactions were imposed.
▪ OFAC is the successor to the Office of Foreign Funds Control (the ``FFC''), which was established to prevent Nazi use of an occupied countries' holdings and forced repatriation.
▪ During World War II, the FFC played a leading role in economic warfare against the Axis powers by blocking enemy assets and prohibiting foreign trade and financial transactions.
▪ OFAC was formally created in 1950 when China entered the Korean War. OCAF blocked all Chinese and North Korean assets subject to U.S. jurisdiction.
▪ Today OFAC exists to administer and enforce economic and trade sanctions based on US foreign policy and national security goals against targeted foreign countries and regimes, terrorists, international narcotics traffickers, those engaged in activities related to the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the United States.
Before BSA,
there was
OFAC…
▪ 1970 Bank Secrecy Act
▪ Identify source, volume & movement of currency in/out of U.S. or deposited into an account
▪ Report CTR (over $10,000)
▪ Identify people making transactions
▪ recordkeeping
▪ 1978 Financial Institutions Regulatory and Interest Rate Control Act (FFIEC begins 1979)
▪ Prescribe uniform principles, standards, and reporting for federal regulators
▪ 1986 Money Laundering Control Act
▪ Establish money laundering as a federal crime
▪ Prohibit structuring to avoid CTR filings
▪ Require procedures to ensure BSA compliance
▪ 1988 Anti-Drug Abuse Act
▪ Expand reporting beyond financial institutions
▪ Require identity verification & recordkeeping of monetary instruments over $3,000
October 26, 1970
▪ 1990 Treasury Order 105-08
▪ Establish FinCEN to provide government-wide, multi-source information and analysis
▪ 1992 Annuzio-Wylie Anti-Money Laundering Act
▪ Require SARs & eliminates referral form
▪ Require identity verification & recordkeeping of wires
▪ 1994 Money Laundering Suppression Act
▪ Require MSB registration & expand requirements
▪ 1994 merge Treasury’s Office of Financial Enforcement with FinCEN
▪ Require banking agencies to enhance training, referrals to law enforcement and develop BSA exam procedures
▪ 1998 Money Laundering & Financial Crimes Strategy Act
▪ Require banking agencies train examiners on BSA
▪ Create High Intensity Money Laundering & Related Financial Crime Area (HIFCA) task forces
Then came
FinCEN…
▪ 2001 USA Patriot Act
▪ Criminalize terrorist financing
▪ Require due diligence of accounts
▪ Expand Treasury’s authority over “primary money laundering concerns” (casino, broker, insurance, etc)
▪ 2002
▪ Final rule on information sharing under 314
▪ BSA e-filing begins
▪ 2003
▪ Customer Identification Program becomes effective
▪ 2004 Intelligence Reform & Terrorism Prevention Act
▪ Enhanced reporting of foreign agents/counterparts
▪ 2005
▪ FFIEC releases BSA/AML Examination Manual
▪ 2009 Final Rule on CTR Exemptions (effective)
We will never
forget…
▪ 2011
▪ FinCEN regulations transfer to 31 CFR Chapter X
▪ 2012
▪ BSA e-filing becomes mandatory
▪ 2016 Final Rule – Customer Due Diligence
▪ Identify & verify customers/members
▪ Identify & verify beneficial owners at account opening
▪ Understand the nature & purpose of the account with risk profiles
▪ Ongoing monitoring by risk & update information
▪ Effective May 11, 2018
A new agency
is born for
almost
everything but
BSA …
REGULATOR & THE RULES
▪ Subpart H—Enforcement; Penalties; and Forfeiture
1010.810 Enforcement.
(b) Authority to examine institutions to determine compliance with the requirements of this chapter is delegated as follows:
(5) To the chairman of the Board of the National Credit Union Administration with respect to those financial institutions regularly examined for safety and soundness by NCUA examiners.
▪ NCUA Rules and Regulations Section 748.2 requires all federally insured credit unions establish and maintain a WRITTEN PROGRAM that provides for the CONTINUED ADMINISTRATION of the program reasonably designed to assure and monitor compliance with the Bank Secrecy Act, 31 CFR Chapter X.▪ Recordkeeping and reporting requirements
▪ Customer identification program
▪ Minimum contents
▪ Note: NCUA webinar on BSA June 17 at 1 p.m. MDT
12
(1) Internal Controls
(2) Independent Testing
(3) Individual Responsible
(4) Training
(5) Risk-based Procedures
- accounts & owners
*6 OFAC
▪ FinCEN Advisory (FIN 2014-A007)
▪ Leadership engagement
▪ Do not compromise compliance for revenue
▪ Share information throughout organization
▪ Adequate resources
▪ Independently Tested
▪ Understand how reports are used
▪ Ensure “program continuity despite changes”
▪ Risk Assessment▪ EVERYONE should know it
▪ SAR Filing▪ Not later than 30 calendar days after detection
▪ Plus 30 if no suspect was initially identified
▪ Some activities create a mandatory filing requirement
▪ Maintain records for 5 years
▪ Provide monthly summary to the Board
▪ Do NOT disclose the existence of a SAR – it’s a felony!
▪ CTR Filing▪ Within 15 calendar days of the reportable
transaction
▪ Currency of more than $10,000
▪ Aggregate transactions occurring in the same business day
▪ Monetary Instruments Records▪ Issuance for $3,000 or more which involves
currency
▪ Adequately reported
▪ Ensure independence
▪ Obtain an overall statement of compliance
▪ Timing
▪ Who is your BSA Officer … in the policy?
▪ BSA Culture Drivers
▪ Do not compromise compliance for revenue
▪ Adequate resources
▪ Share information throughout the organization
▪ Understand how reports are used
▪ Appropriate authority & access to resources
▪ Testing where issues have been discovered & incorporate lessons learned
▪ Document input
▪ BSA Culture Driver
▪ Leadership engagement
▪ Share information throughout the organization
▪ Understand how reports are used
▪ BSA Compliance Officer training
▪ Volunteer training
▪ Staff BSA training specific to job responsibilities
▪ Tellers
▪ Member Service Representatives
▪ Lending
▪ Back-office Departments
▪ IT
▪ Document training
▪ Customer Information Program
(1) Written CIP
(2) Risk-based procedures for verifying identity
▪ Documentary and Non-documentary methods
▪ Procedures for responding to lack of verification
(3) Recordkeeping
▪ Description of documents and methods used
▪ Maintain records for 5 years
(4) OFAC
(5) Adequate notice to members
Uniting and Strengthening
America by Providing
Appropriate Tools
Required to Intercept and
Obstruct Terrorism
▪ Customer Due Diligence
▪ (i) Understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and
▪ (ii) Conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.
▪ Beneficial Owners
▪ Written procedures
▪ Identify beneficial owners
▪ Certification (Appendix A)
▪ 25% or more ownership
▪ Individual with significant control
▪ Verify beneficial owners
▪ CIP
▪ Maintain records for 5 years
▪ OFAC requires:
▪ Written policy, procedures, and risk assessment
▪ Individual responsible
▪ Maintain a current list of prohibited countries, organizations, and individuals
▪ Check all individuals and organizations against the list regarding new accounts and transactions
▪ Periodically check all existing accounts against the list
▪ Maintain records for 5 years
▪ A Framework for OFAC Compliance Commitments
▪ May 2019
RECENT DEVELOPMENTS
▪ FinCEN Notices (March 16, April 3, May 18)
▪ Follow risk-based approach and diligenty adhere to BSA obligations
▪ Communicate COVID-19 challenges via “need assistance”
▪ PPP and Beneficial Owner reminder
▪ CTR completion for DBA accounts
▪ SAR Narratives – only include COVID-19 if the suspicious activity is related to COVID-19
▪ Information Sharing under 314(b)
▪ FinCEN Innovation Hour
▪ Second Thursday of each month
▪ FinCEN Advisories (October 31, 2017, May 18, 2020 & Notices)
▪ Benefits Fraud
▪ Charities Fraud
▪ Medical Scams
▪ Imposter Scams
▪ Investment Scams
▪ Product Scams
▪ Insider Fraud
▪ Stimulas Checks
▪ Zoom Meetings
▪ Tax defferal to July 15, 2020
▪ Virtual Currency Scams
▪ Business Email Compromise Schemes
▪ Elder Financial Exploitation
“we could have
made money
together”
COVID-19 STRESS AND CIVIL UNREST
BREAKOUT SESSIONS
▪ Group 1 – You are the BSA Officer and must ensure your BSA Program is up to the task of stopping them!
▪ Group 2 – You are the mastermind behind the plan – what is it?
DEA intelligence has
uncovered a plan by a
sophisticated drug gang to
place $100 million into
mainstream financial
services by the end of July
because they believe
weaknesses due to COVID-
19 can be exploited…
▪ Group 3 – You are the BSA Officer and must ensure your BSA Program is up to the task of thwarting insider fraud!
▪ Group 4 – You are a trusted employee but have grown tired of the 9-to-5 and believe that now is your chance to change your life!
To manage expenses and
ensure the health and
safety of credit union staff,
your credit union will be
moving to a more remote
workforce scenario …
▪ Group 5 – FinCEN’s Innovation Hour provides time for users and providers of regulatory and financial technology to discuss BSA-related innovative products and services. You have been selected to present your ideas and we can’t wait to hear them!
▪ Group 6 – As the BSA Officer, you are worried that staff does not take their BSA responsibilities seriously. Due to COVID-19 and a high percentage of older or unemployed members, you want to revamp internal BSA training. ▪ How would you educate members about
COVID-19 scams, especially those most vulnerable?
▪ What ideas do you have to help staff better understand their role in BSA?
▪ Breaking Bad Challenge
▪ Group 1 – BSA Program
▪ Group 2 – The bad guys
▪ Remote Workforce
▪ Group 3 – BSA Program
▪ Group 4 – Remote Workers
▪ Innovation Hour
▪ Group5
▪ Education Department
▪ Group 6
ENFORCEMENT ACTIONS & OUTCOMES
WHAT TO LOOK FOR…
beneficial owner
due diligence
cyber-activity
deposit-to-ATM & wire withdrawals
transaction
changes
RISK ASSESSMENT