Melia D. Heimbuck, Esq., CUDE

Principal of Risk Management Solutions

CU Risk Intelligence

June 2020

▪ BSA Timeline

▪ Regulator & The Rules

▪ Recent Developments

▪ Breakout Activities

▪ Enforcement Actions & Outcomes

BSA TIMELINE

▪ Prior to the War of 1812, Treasury imposed sanctions against Great Britain for the harassment of American sailors.

▪ During the Civil War, transactions with the Confederacy were prohibited and the forfeiture of goods involved in such transactions were imposed.

▪ OFAC is the successor to the Office of Foreign Funds Control (the ``FFC''), which was established to prevent Nazi use of an occupied countries' holdings and forced repatriation.

▪ During World War II, the FFC played a leading role in economic warfare against the Axis powers by blocking enemy assets and prohibiting foreign trade and financial transactions.

▪ OFAC was formally created in 1950 when China entered the Korean War. OCAF blocked all Chinese and North Korean assets subject to U.S. jurisdiction.

▪ Today OFAC exists to administer and enforce economic and trade sanctions based on US foreign policy and national security goals against targeted foreign countries and regimes, terrorists, international narcotics traffickers, those engaged in activities related to the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the United States.

Before BSA,

there was

OFAC…

▪ 1970 Bank Secrecy Act

▪ Identify source, volume & movement of currency in/out of U.S. or deposited into an account

▪ Report CTR (over $10,000)

▪ Identify people making transactions

▪ recordkeeping

▪ 1978 Financial Institutions Regulatory and Interest Rate Control Act (FFIEC begins 1979)

▪ Prescribe uniform principles, standards, and reporting for federal regulators

▪ 1986 Money Laundering Control Act

▪ Establish money laundering as a federal crime

▪ Prohibit structuring to avoid CTR filings

▪ Require procedures to ensure BSA compliance

▪ 1988 Anti-Drug Abuse Act

▪ Expand reporting beyond financial institutions

▪ Require identity verification & recordkeeping of monetary instruments over $3,000

October 26, 1970

▪ 1990 Treasury Order 105-08

▪ Establish FinCEN to provide government-wide, multi-source information and analysis

▪ 1992 Annuzio-Wylie Anti-Money Laundering Act

▪ Require SARs & eliminates referral form

▪ Require identity verification & recordkeeping of wires

▪ 1994 Money Laundering Suppression Act

▪ Require MSB registration & expand requirements

▪ 1994 merge Treasury’s Office of Financial Enforcement with FinCEN

▪ Require banking agencies to enhance training, referrals to law enforcement and develop BSA exam procedures

▪ 1998 Money Laundering & Financial Crimes Strategy Act

▪ Require banking agencies train examiners on BSA

▪ Create High Intensity Money Laundering & Related Financial Crime Area (HIFCA) task forces

Then came

FinCEN…

▪ 2001 USA Patriot Act

▪ Criminalize terrorist financing

▪ Require due diligence of accounts

▪ Expand Treasury’s authority over “primary money laundering concerns” (casino, broker, insurance, etc)

▪ 2002

▪ Final rule on information sharing under 314

▪ BSA e-filing begins

▪ 2003

▪ Customer Identification Program becomes effective

▪ 2004 Intelligence Reform & Terrorism Prevention Act

▪ Enhanced reporting of foreign agents/counterparts

▪ 2005

▪ FFIEC releases BSA/AML Examination Manual

▪ 2009 Final Rule on CTR Exemptions (effective)

We will never

forget…

▪ 2011

▪ FinCEN regulations transfer to 31 CFR Chapter X

▪ 2012

▪ BSA e-filing becomes mandatory

▪ 2016 Final Rule – Customer Due Diligence

▪ Identify & verify customers/members

▪ Identify & verify beneficial owners at account opening

▪ Understand the nature & purpose of the account with risk profiles

▪ Ongoing monitoring by risk & update information

▪ Effective May 11, 2018

A new agency

is born for

almost

everything but

BSA …

REGULATOR & THE RULES

▪ Subpart H—Enforcement; Penalties; and Forfeiture

1010.810 Enforcement.

(b) Authority to examine institutions to determine compliance with the requirements of this chapter is delegated as follows:

(5) To the chairman of the Board of the National Credit Union Administration with respect to those financial institutions regularly examined for safety and soundness by NCUA examiners.

▪ NCUA Rules and Regulations Section 748.2 requires all federally insured credit unions establish and maintain a WRITTEN PROGRAM that provides for the CONTINUED ADMINISTRATION of the program reasonably designed to assure and monitor compliance with the Bank Secrecy Act, 31 CFR Chapter X.▪ Recordkeeping and reporting requirements

▪ Customer identification program

▪ Minimum contents

▪ Note: NCUA webinar on BSA June 17 at 1 p.m. MDT

12

(1) Internal Controls

(2) Independent Testing

(3) Individual Responsible

(4) Training

(5) Risk-based Procedures

- accounts & owners

*6 OFAC

▪ FinCEN Advisory (FIN 2014-A007)

▪ Leadership engagement

▪ Do not compromise compliance for revenue

▪ Share information throughout organization

▪ Adequate resources

▪ Independently Tested

▪ Understand how reports are used

▪ Ensure “program continuity despite changes”

▪ Risk Assessment▪ EVERYONE should know it

▪ SAR Filing▪ Not later than 30 calendar days after detection

▪ Plus 30 if no suspect was initially identified

▪ Some activities create a mandatory filing requirement

▪ Maintain records for 5 years

▪ Provide monthly summary to the Board

▪ Do NOT disclose the existence of a SAR – it’s a felony!

▪ CTR Filing▪ Within 15 calendar days of the reportable

transaction

▪ Currency of more than $10,000

▪ Aggregate transactions occurring in the same business day

▪ Monetary Instruments Records▪ Issuance for $3,000 or more which involves

currency

▪ Adequately reported

▪ Ensure independence

▪ Obtain an overall statement of compliance

▪ Timing

▪ Who is your BSA Officer … in the policy?

▪ BSA Culture Drivers

▪ Do not compromise compliance for revenue

▪ Adequate resources

▪ Share information throughout the organization

▪ Understand how reports are used

▪ Appropriate authority & access to resources

▪ Testing where issues have been discovered & incorporate lessons learned

▪ Document input

▪ BSA Culture Driver

▪ Leadership engagement

▪ Share information throughout the organization

▪ Understand how reports are used

▪ BSA Compliance Officer training

▪ Volunteer training

▪ Staff BSA training specific to job responsibilities

▪ Tellers

▪ Member Service Representatives

▪ Lending

▪ Back-office Departments

▪ IT

▪ Document training

▪ Customer Information Program

(1) Written CIP

(2) Risk-based procedures for verifying identity

▪ Documentary and Non-documentary methods

▪ Procedures for responding to lack of verification

(3) Recordkeeping

▪ Description of documents and methods used

▪ Maintain records for 5 years

(4) OFAC

(5) Adequate notice to members

Uniting and Strengthening

America by Providing

Appropriate Tools

Required to Intercept and

Obstruct Terrorism

▪ Customer Due Diligence

▪ (i) Understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and

▪ (ii) Conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.

▪ Beneficial Owners

▪ Written procedures

▪ Identify beneficial owners

▪ Certification (Appendix A)

▪ 25% or more ownership

▪ Individual with significant control

▪ Verify beneficial owners

▪ CIP

▪ Maintain records for 5 years

▪ OFAC requires:

▪ Written policy, procedures, and risk assessment

▪ Individual responsible

▪ Maintain a current list of prohibited countries, organizations, and individuals

▪ Check all individuals and organizations against the list regarding new accounts and transactions

▪ Periodically check all existing accounts against the list

▪ Maintain records for 5 years

▪ A Framework for OFAC Compliance Commitments

▪ May 2019

RECENT DEVELOPMENTS

▪ FinCEN Notices (March 16, April 3, May 18)

▪ Follow risk-based approach and diligenty adhere to BSA obligations

▪ Communicate COVID-19 challenges via “need assistance”

▪ PPP and Beneficial Owner reminder

▪ CTR completion for DBA accounts

▪ SAR Narratives – only include COVID-19 if the suspicious activity is related to COVID-19

▪ Information Sharing under 314(b)

▪ FinCEN Innovation Hour

▪ Second Thursday of each month

▪ FinCEN Advisories (October 31, 2017, May 18, 2020 & Notices)

▪ Benefits Fraud

▪ Charities Fraud

▪ Medical Scams

▪ Imposter Scams

▪ Investment Scams

▪ Product Scams

▪ Insider Fraud

▪ Stimulas Checks

▪ Zoom Meetings

▪ Tax defferal to July 15, 2020

▪ Virtual Currency Scams

▪ Business Email Compromise Schemes

▪ Elder Financial Exploitation

“we could have

made money

together”

COVID-19 STRESS AND CIVIL UNREST

BREAKOUT SESSIONS

▪ Group 1 – You are the BSA Officer and must ensure your BSA Program is up to the task of stopping them!

▪ Group 2 – You are the mastermind behind the plan – what is it?

DEA intelligence has

uncovered a plan by a

sophisticated drug gang to

place $100 million into

mainstream financial

services by the end of July

because they believe

weaknesses due to COVID-

19 can be exploited…

▪ Group 3 – You are the BSA Officer and must ensure your BSA Program is up to the task of thwarting insider fraud!

▪ Group 4 – You are a trusted employee but have grown tired of the 9-to-5 and believe that now is your chance to change your life!

To manage expenses and

ensure the health and

safety of credit union staff,

your credit union will be

moving to a more remote

workforce scenario …

▪ Group 5 – FinCEN’s Innovation Hour provides time for users and providers of regulatory and financial technology to discuss BSA-related innovative products and services. You have been selected to present your ideas and we can’t wait to hear them!

▪ Group 6 – As the BSA Officer, you are worried that staff does not take their BSA responsibilities seriously. Due to COVID-19 and a high percentage of older or unemployed members, you want to revamp internal BSA training. ▪ How would you educate members about

COVID-19 scams, especially those most vulnerable?

▪ What ideas do you have to help staff better understand their role in BSA?

▪ Breaking Bad Challenge

▪ Group 1 – BSA Program

▪ Group 2 – The bad guys

▪ Remote Workforce

▪ Group 3 – BSA Program

▪ Group 4 – Remote Workers

▪ Innovation Hour

▪ Group5

▪ Education Department

▪ Group 6

ENFORCEMENT ACTIONS & OUTCOMES

WHAT TO LOOK FOR…

beneficial owner

due diligence

cyber-activity

deposit-to-ATM & wire withdrawals

transaction

changes

RISK ASSESSMENT

Melia D. Heimbuck

Melia.Heimbuck@CUSolutionsGroup.com

303-981-4444