Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bank Secrecy Act Compliance

Published byAdelia Richard Modified over 6 years ago

Similar presentations

Presentation on theme: "Bank Secrecy Act Compliance"— Presentation transcript:

1 Bank Secrecy Act Compliance
Sarah Bush, CFE, Supervision Analyst Region III Division of Supervision Bank Secrecy Act Compliance Good morning everyone! I will be discussing BSA Compliance and credit union operations with emerging or increasing BSA/AML risks. This is an area that we could actually discuss for an entire week and still not cover everything but I have an hour to give you as much information as possible. There will be a Q&A section at the end so if you have questions, I ask that you write your questions down and ask them at that time so I can get you as much information as possible. Georgia Compliance Council Meeting September 13, 2017

2 BSA/AML Supervisory Expectations
I want to start by discussing NCUA BSA supervisory expectations. Bank Secrecy Act Compliance

3 Bank Secrecy Act FEDERAL CREDIT UNIONS
Significant BSA Violations – Administrative Action Progression Initial Action – DOR Resolution within 90 days or less from first identification date. Second Action – Preliminary Warning Letter (PWL) or Letter of Understanding and Agreement (LUA) Resolution within 180 days or less from first identification date. Third Action – Cease and Desist Order (C&D) Resolution within 270 days or less from first identification date. Fourth Action – Civil Money Penalty (CMP) Resolution within 360 days or less from first identification date. As you all know, NCUA has an aggressive administrative action progression schedule for the resolution of significant BSA violations in federal credit unions. This administrative action progression is based on NCUA’s MOU with FinCEN. READ SCREEN NCUA BSA Instruction No (Rev. 1) Bank Secrecy Act Compliance

4 Bank Secrecy Act FEDERALLY INSURED, STATE CHARTERED CREDIT UNIONS
State Supervisory Authorities (SSA) Examiners-in-Charge - SSA establishes prompt deadlines for state chartered credit unions to comply and correct BSA violations. SSA and NCUA work together in enforcing BSA compliance in state chartered credit unions. Developing corrective action agreements. Monitoring progress in resolution of significant BSA violations. Following up on outstanding significant BSA violations. State supervisory authorities act as examiners-in-charge to establish prompt deadlines for state charted credit union compliance and correction of BSA violations. They are also responsible for the daily supervision of state charted credit unions. However, NCUA insures state chartered credit unions and has enforcement authority for state credit unions it examines , so NCUA works closely with SSAs to ensure state credit unions comply with BSA. Bank Secrecy Act Compliance

5 Customer Due Diligence Rule
Bank Secrecy Act Compliance

6 Bank Secrecy Act REGULATIONS
NEW 5th BSA Pillar - Customer Due Diligence (CDD) Rule Effective Date – July 2016 Compliance Date – May 11, 2018 Why a 5th Pillar? – To clarify and strengthen customer due diligence requirements. For the legal entity customer to identify its ultimate beneficial owner or owners and not “nominees” or “straw men.” In case you are not aware, FinCEN issued a “5th Pillar” called the Customer Due Diligence Rule. The new rule was issued to amend existing BSA regulations in order to clarify and strengthen customer due diligence requirements. Compliance Date - All federally insured credit unions must fully comply with the CDD Rule by May 11, 2018. FinCEN issued the rule to amend existing BSA regulations in order to clarify and strengthen customer due diligence requirements. FinCEN intends for the legal entity customer to identify its ultimate beneficial owner or owners and not “nominees” or “straw men.” DO NOT READ SCREEN Bank Secrecy Act Compliance

7 Bank Secrecy Act REGULATIONS
BSA/AML Compliance Program Must Now Include: Pillar #1 – System of internal controls Pillar #2 – Independent Testing Pillar #3 – Designation of compliance officer or individual responsible for day-to-day-compliance Pillar #4 – Training for appropriate personnel Pillar #5 – Risk-based procedures for ongoing customer due diligence READ SCREEN Bank Secrecy Act Compliance

8 Bank Secrecy Act REGULATIONS CDD Rule Requirements:
To establish and maintain written procedures that are reasonably designed to identify and verify the beneficial owners of legal entity customers. Procedures must enable the credit union to identify the beneficial owners of each customer at the time a new account is opened, unless the customer is otherwise excluded or the account is exempted. Procedures must establish risk-based practices for verifying the identity of each beneficial owner identified to the credit union, to the extent reasonable and practicable. Procedures must contain the elements required for verifying the identity of customers that are individuals under the CIP requirements. READ SCREEN Source: Fin-2016-G003 Bank Secrecy Act Compliance

9 Bank Secrecy Act REGULATIONS CDD Rule Requirements
In summary, credit unions are now required to obtain, verify, and record the identities of the beneficial owners of legal entity customers. READ SCREEN Source: Fin-2016-G003 Bank Secrecy Act Compliance

10 Bank Secrecy Act REGULATIONS CDD Rule Definitions Beneficial Owner
Each individual who directly or indirectly owns 25% or more of the equity interests of a legal entity customer and A single individual with significant responsibility to control, manage, or direct a legal entity customer, including an executive officer or senior manager (CEO, CFO, COO, Managing Member, GP, President, VP, or Treasurer); or any other individual who regularly performs similar functions. The Customer Due Diligence rule mentions at least three terms that you should understand in order to accurately apply the rule. Beneficial Owner – READ SCREEN Source: Fin-2016-G003 Bank Secrecy Act Compliance

11 Bank Secrecy Act REGULATIONS CDD Rule Definitions
Legal Entity Customer A corporation, LLC, or other entity created under state or foreign jurisdiction laws that opens an account. The definition does not include sole proprietorships, unincorporated associations, or natural persons opening accounts on their own behalf. New Account Each account opened at the credit union by a legal entity customer on or after the May 11, 2018 compliance date. READ SCREEN Source: Fin-2016-G003 Bank Secrecy Act Compliance

12 Emerging BSA/AML Risks
I am going to tell you about some emerging BSA/AML risks and then I will tell you how to mitigate the risks. Bank Secrecy Act Compliance

13 Automated Clearing House (ACH)
Bank Secrecy Act Compliance

14 Automated Clearing House Transactions
Office of Foreign Assets Control (OFAC) Domestic ACH Transactions Originating Depository Financial Institution (ODFI) is responsible for verifying – Originator is not an OFAC blocked party, and Originator is not transmitting blocked funds. Receiving Depository Financial Institution (RDFI) is responsible for verifying that the receiver is not a blocked party. One area of emerging BSA risks in a credit union is regarding OFAC checks on ACH transactions. With respect to domestic ACH transactions, the ODFI is responsible for verifying that the Originator is not a blocked party and making a good faith effort to ascertain that the Originator is not transmitting blocked funds. The RDFI similarly is responsible for verifying that the Receiver is not a blocked party. In this way, the ODFI and the RDFI are relying on each other for compliance with OFAC regulations. DO NOT READ SCREEN Source: FFIEC BSA/AML Manual Bank Secrecy Act Compliance

15 Automated Clearing House Transactions
Office of Foreign Assets Control (OFAC) International ACH Transactions (IAT) Inbound IAT – RDFI is responsible for compliance with OFAC sanctions. Outbound IAT – ODFI should not rely on OFAC screening by an RDFI outside of the United States. ODFI must exercise increased diligence to ensure illegal transactions are not processed. With respect to cross-border screening, similar but somewhat more stringent OFAC screening obligations hold for IATs. In the case of inbound IATs, and regardless of whether the OFAC flag in the IAT is set, an RDFI is responsible for compliance with OFAC sanctions. For outbound IATs, the ODFI should not rely on OFAC screening by an RDFI outside of the United States. In these situations, the ODFI must exercise increased diligence to ensure that illegal transactions are not processed. DO NOT READ SCREEN Source: FFIEC BSA/AML Manual Bank Secrecy Act Compliance

16 Automated Clearing House Transactions
Office of Foreign Assets Control (OFAC) Inbound and Outbound IAT Due Diligence Screen all parties to ACH transactions Review details of the payment field information Indication of sanctions violations Investigating hits Blocking or rejecting transactions Due diligence for an inbound or outbound IAT may include screening the parties to a transaction, as well as reviewing the details of the payment field information for an indication of a sanctions violation, investigating the resulting hits, if any, and ultimately blocking or rejecting the transaction, as appropriate. What we have seen is that some credit unions are not performing OFAC checks as required. Oftentimes, the response examiners receive is that a 3rd party is performing the reviews but the credit union has no assurance that the checks have been completed. DO NOT READ SCREEN Source: FFIEC BSA/AML Manual Bank Secrecy Act Compliance

17 Emerging ACH Activities
Ridesharing Services Uber and Lyft Driver payments are typically via ACH Employee payments are weekly Lyft allows “Express Pay” Limit to $3,000 Allows cash out up to 5 times a day Digital Wallets Apple Pay Samsung Pay Android Pay The types of ACH transactions continue to grow. With the rise of ridesharing services, like Uber and Lyft, I am sure you are seeing these transactions in several member accounts. It is important that credit unions research ACH activities they are not familiar with so they can gain an understanding of what they are, how they work, and how often they should see those types of transactions flowing through member accounts. READ SCREEN for Ridesharing You may also see these and other types of digital wallets, which are very popular now. The payment systems can be connected to your member’s accounts so you would see ACH transactions with these services. With so many ways to connect directly to credit union members’ accounts, this increases the credit union’s BSA/AML risk. Bank Secrecy Act Compliance

18 Emerging ACH Activities
Reloadable Prepaid Cards Alternative to credit cards and carrying cash Accepted like traditional credit cards Reloadable Card Issued Credit Union Card 2 –Another State or Internationally Card 1 – Member Many consumers today do not have credit cards and do not like to carry cash; but, they want the benefits and flexibility that carrying cash offers. Credit unions are meeting the needs by offering reloadable prepaid access cards (i.e. prepaid Visa). Merchants generally accept the prepaid access cards like traditional credit cards and the cards may be used outside of the United States. Credit unions usually allow members to order secondary cards that will draw from the same funds as the primary card. Oftentimes, members send the secondary card to a family member residing in other states and even outside of the United States to allow them to access to the funds. This flexibility may increase a credit union’s exposure to money laundering activities (e.g., funds are deposited on the primary card and withdrawn via the secondary card by an unknown party across the country or internationally). DO NOT READ SCREEN Bank Secrecy Act Compliance

19 Virtual Currency Bank Secrecy Act Compliance
Now I am going to discuss the increasingly popular virtual currency. I am sure you have heard of it and have actually seen it flowing through member accounts but likely did not know it. Bank Secrecy Act Compliance

20 Virtual Currency AKA - Crypto-Currency, Virtual Money, or Digital Cash
What is virtual currency? A digital currency and payment system that lives entirely online and is created, stored, and traded within a decentralized computer network governed by complex encrypted computer algorithms. Virtual currency does not have legal tender status in any jurisdiction. READ SCREEN Bank Secrecy Act Compliance

21 Virtual Currency Bitcoin Ethereum Ripple Litcoin Dash Peercoin Monero
Some of the Most Common Types of Virtual Currency Bitcoin Ethereum Ripple Litcoin Dash Peercoin Monero Primecoin Zcash Namecoin READ SCREEN There are many types of virtual currency. Some even have names based on the types of things they are used to buy. Bank Secrecy Act Compliance

22 Virtual Currency How does it work?
Digital Coins - Buy Online, ATMs, Kiosks - Sent Via Internet Person-to-Person Transfer Digital Exchanges Maintained in Digital Wallets Transfer Easy & Can Purchase Anything Digital Coin Miners Verify Transactions “Blockchain” – Public Virtual Transaction Ledgers Digital cash can be purchased online or in some states at ATMs, kiosks, and stores. The digital coins are sent through the internet. They are transferred directly from person-to-person via the internet. This means lower fees, you can use them in every country, your account cannot be frozen like bank and credit union accounts, and no account applications or similar requirements like bank and credit union accounts. Many virtual currency exchanges exist where you can buy and sell digital coins. Once you buy your digital coins, they are maintained on your computer or mobile device in a digital wallet. Sending digital coins is as simple as sending an and the coins can be sued to purchase anything. The digital coin network is secured by individuals called miners. Digital mining is open to anyone and it involves solving complex mathematical algorithms. Miners compete to solve the most recent transactions by finding the solution for the algorithms. Anyone can buy the software online. The miners are rewarded newly generated digital currency for verifying the transactions. After the transactions are verified, they are recorded in a public transaction ledger called a blockchain. Source: weusecoins.com Bank Secrecy Act Compliance

23 Virtual Currency How does it work?
Converted to U.S. dollars through an administrator or exchanger There are over 100 virtual currency exchanges such as: Coinbase Poloniex BTC-e Coinsetter Cryptsy READ SCREEN Administrator – person engaged as a business in issuing (putting into circulation) a virtual currency, and who has the authority to redeem (to withdraw from circulation) such virtual currency. Exchanger – person engaged as a business in the exchange of virtual currency for real currency, funds or other virtual currency. Bank Secrecy Act Compliance

24 Virtual Currency Major BSA/AML Risk – User Anonymity
Potential for money laundering, terrorist financing, and other illicit uses. Digital coin address – A string of numbers and letters. (e.g. 1LmHSKLndRdrfkX12AuTsqA3aEp-wuPU9Jg) Typically different for each transaction. Some virtual currencies are completely anonymous and some are stored in the “Blockchain” (public transaction ledger), which stores transactions and not the identities of the users. Of course, a major BSA risk is anonymity. The digital coin address is only a string of numbers and letters. The digital coin address is temporary and users are encouraged, for security reasons, to create a new address for every transaction they make. Some currencies are totally anonymous with no user tracking. In cases of the Blockchain, it is possible to associate IP addresses with the transactions but The Onion Router can be used to hide a user’s IP address, granting total anonymity. Onion routing is a way to hide online activity encrypted messages though a distributed network of randomly selected proxy services before they are sent to the final destination. READ SCREEN Bank Secrecy Act Compliance

25 Virtual Currency Credit Union BSA/AML Risk Example Digital Coins
PayPal Funds Can Be Transferred to CU Account Funds Sent to Linked – CU Account, Wire Transfer, or PayPal Schedule Withdrawal/Sell Convert Digital Coins to Cash Virtual Currency Exchange - Digital Wallet Digital Coins This graphic gives an example of how transactions can occur. Let’s say the user has or wants to buy digital coins. The user has an account or “digital wallet” with a virtual currency exchange. The user can link their credit union account and/or credit cards to their virtual currency exchange accounts so they can make deposits into their digital wallet to buy digital coins. They buy and sell in the virtual currency world through their digital wallet. As previously mentioned, many if not all of those transactions are anonymous. The user can then convert their digital coins to U.S. currency for the an exchange rate determined at that time. The user can schedule a withdrawal or sell so the funds can be transferred out of the digital wallet. The transfer would be made via ACH to the linked credit union account, via wire transfer to their account or to their PayPal account. Understand, even if the user transfers the funds to their PayPal account, PayPal funds can be linked to the user’s credit union account so the virtual currency related funds can still be transferred to their credit union account. Bank Secrecy Act Compliance

26 Virtual Currency Credit Union BSA/AML Compliance Risk Example
Member A–Buys & Sells Digital Coins Member A–Converts Digital Coins to Cash Member A–Transfers Converted Cash to CU Account Member A–Transfers Funds to Venmo Account Member A–Venmo Funds Transfer Sent to Members B, C, D, E. This diagram shows how the risk can spread within a credit union. READ SCREEN Venmo is a money transfer service and is a part of PayPal. The Venmo user can transfer funds to friends, family, and even strangers. Bank Secrecy Act Compliance

27 Virtual Currency Credit Union BSA/AML Compliance Risk Example
Some financial institutions have rejected marijuana related accounts, so now they have turned to virtual currency. READ SCREEN Bank Secrecy Act Compliance

28 Virtual Currency Credit Union BSA/AML Risk
In 2013, FinCEN deemed virtual currency exchangers and administrators to be money services businesses (MSBs). Two Credit Union High Risk Areas – Member Accounts Third-Party Relationships READ SCREEN Bank Secrecy Act Compliance

29 Virtual Currency Credit Union BSA/AML Risk Member Accounts
Virtual currency administrators or exchangers – (MSBs). Member could be involved in illicit activities (money laundering, terrorist funding, illegal drugs, etc.). Third-Party Relationships (e.g. Payment Processors, vendors) Processors generally are not subject to BSA/AML requirements/ Processors may process transactions for higher-risk merchants involved in virtual currency. Vendors might accept and/or transact virtual currency. Your members could be administrators or exchangers and have not disclosed it to the credit union. They would be required to register as MSBs and comply with BSA. Your member could merely be involved in illicit activities. 3rd Party Payment Processors – are not generally subject to BSA/AML requirements. They contract with merchants to process transactions between the merchant and its customers. This is typically accomplished through the use of bank accounts. There is a level of anonymity where the bank is unable to identify and understand the nature and source of transactions processed. This may be an attractive option for higher-risk merchants who would prefer not to deal directly with a bank. 3rd Party Vendors – read screen Bank Secrecy Act Compliance

30 How does a credit union mitigate its BSA/AML risk?
None of the emerging risk areas I just mentioned are illegal and should not be viewed instantly as illegal activities flowing through your members’ accounts. They are merely new and emerging financial activities that credit union members might be involved in and that might increase the credit union’s risk to money laundering and other illicit activities. As such, it is important that credit unions mitigate their risks. How can credit unions do that? Bank Secrecy Act Compliance

31 BSA/AML Risk Mitigation
Know Your Customer (KYC) Transaction Monitoring 3rd Party Vendor Due Diligence Bank Secrecy Act Compliance

32 BSA/AML Risk Mitigation
Know Your Customer (KYC) Customer Identification Program (CIP) Customer Due Diligence Program (CDD) Enhanced Due Diligence Appropriate Risk Ratings Transaction Monitoring Analyze account transactions (identify patterns) Do transactions match member account activity disclosure? Ask questions! Credit unions must develop and implement a system of internal controls to ensure ongoing BSA compliance. This includes CIP and CDD beginning in May 2018 as well as monitoring. It is imperative that credit unions continually review and assess their BSA risks and ensure that they modify their controls, procedures, documentation requirements, etc. that commensurate with their BSA risks and complexity. READ SCREEN Talk about making sure they file SARs and CTRs when necessary. They also need to have written policies and procedures for when they deem an account need to be closed due to the risks, etc. Bank Secrecy Act Compliance

33 BSA/AML Risk Mitigation
3rd Party Vendor Due Diligence Conduct enhanced due diligence on any company dealing with virtual currency with which they are considering doing business. Consider requiring the processor to identify major merchants and verify that they are operating legitimate businesses. Consider reviewing the processor’s due diligence standards for new merchants. Credit union must adopt risk-based processes for third-party relationships commensurate with the level of risk and complexity inherent in those relationships. READ SCREEN Bank Secrecy Act Compliance

34 QUESTIONS? Bank Secrecy Act Compliance

35 Helpful Resources Bank Secrecy Act www.ncua.gov www.fincen.gov
Bank Secrecy Act Compliance

36 Office Contact Page Feel free to contact our office with questions or comments. Primary Staff: Sarah Bush, CFE Supervision Analyst Office Phone: Bank Secrecy Act Compliance

Download ppt "Bank Secrecy Act Compliance"

Similar presentations

1 Financial Crimes Enforcement Network “FinCEN” Anna Fotias Senior Regulatory Compliance Specialist Office of Regulatory Policy 202-354-6400

1 Financial Crimes Enforcement Network “FinCEN” Anna Fotias Senior Regulatory Compliance Specialist Office of Regulatory Policy
Anti-Money Laundering and OFAC Compliance for Transfer Agents SSA Annual Conference July 25, 2008.

Anti-Money Laundering and OFAC Compliance for Transfer Agents SSA Annual Conference July 25, 2008.
07-08Available from BankersOnline.com Bank Secrecy Act (BSA) For New Hires.

07-08Available from BankersOnline.com Bank Secrecy Act (BSA) For New Hires.
Anti-Money Laundering (AML)

Anti-Money Laundering (AML)
1.7.2.G1 Electronic/Online Banking & Bill Pay Take Charge of Your Finances.

1.7.2.G1 Electronic/Online Banking & Bill Pay Take Charge of Your Finances.
Money Laundering 23 September 2014. Contents 1 What is money laundering? 2. The ‘primary’ money laundering offences 3. Failure to report and tipping off.

Money Laundering 23 September Contents 1 What is money laundering? 2. The ‘primary’ money laundering offences 3. Failure to report and tipping off.
February 10, 2012 Michelle Hemerley Director, Compliance Consulting

February 10, 2012 Michelle Hemerley Director, Compliance Consulting
Top 10 Things a New BSA Officer Must Know. What is Associated Risk Group? Premier provider of BSA/AML regulatory best practices to financial institutions.

Top 10 Things a New BSA Officer Must Know. What is Associated Risk Group? Premier provider of BSA/AML regulatory best practices to financial institutions.
Revisions to the FFIEC BSA/AML Examination Manual and Federal Reserve Board BSA/AML Examination Findings and Issues Timothy P. Leary Senior Special AML.

Revisions to the FFIEC BSA/AML Examination Manual and Federal Reserve Board BSA/AML Examination Findings and Issues Timothy P. Leary Senior Special AML.
Compliance and Regulation for Mobile Solutions Amanda J. Smith Messick & Lauer, P.C. May 16, 2013.

Compliance and Regulation for Mobile Solutions Amanda J. Smith Messick & Lauer, P.C. May 16, 2013.
Bank Secrecy Act Staying One Step Ahead of Your BSA Examiner September 2009 AMLA Chicago Chapter Event.

Bank Secrecy Act Staying One Step Ahead of Your BSA Examiner September 2009 AMLA Chicago Chapter Event.
Global Treasury Services Latin America Operating Risk.

Global Treasury Services Latin America Operating Risk.
1 September 18, 2009 NACHA Rule Change International ACH Transactions (IAT) Transactions Involving a Foreign Financial Institution or Foreign Agency.

1 September 18, 2009 NACHA Rule Change International ACH Transactions (IAT) Transactions Involving a Foreign Financial Institution or Foreign Agency.
HIPAA PRIVACY AND SECURITY AWARENESS.

HIPAA PRIVACY AND SECURITY AWARENESS.
Best Practices for Banking MSBs

Best Practices for Banking MSBs
Professional Values and Basic Business Legislation.

Professional Values and Basic Business Legislation.
Forensic and Investigative Accounting

Forensic and Investigative Accounting
1 A Presentation for Members of the Bank Compliance Association of Connecticut (BCAC) June 12, 2008 Rebecca Williams FDIC Case Manager (Special Activities)

1 A Presentation for Members of the Bank Compliance Association of Connecticut (BCAC) June 12, 2008 Rebecca Williams FDIC Case Manager (Special Activities)
Challenges and Opportunities in the Caribbean Financial Services Sector Rudolph F. Zepeda, Jr. Federal Reserve Bank of Atlanta Miami Branch.

Challenges and Opportunities in the Caribbean Financial Services Sector Rudolph F. Zepeda, Jr. Federal Reserve Bank of Atlanta Miami Branch.
ANTI-MONEY LAUNDERING COMPLIANCE PROGRAM FCM TRAINING

ANTI-MONEY LAUNDERING COMPLIANCE PROGRAM FCM TRAINING

Similar presentations

Ads by Google