Presentation is loading. Please wait.

Presentation is loading. Please wait.

Agenda Overview Updates to the Manual Sections Not Updated

Similar presentations


Presentation on theme: "Agenda Overview Updates to the Manual Sections Not Updated"— Presentation transcript:

0 The 2014 Revised FFIEC BSA/AML Examination Manual
ACAMS April 30, 2015

1 Agenda Overview Updates to the Manual Sections Not Updated
Areas of Regulatory Focus Questions Goals Overview of the key changes to the manual Provide some insights and best practices related to these changes Highlight areas where changes were not made, but have been focus of attention Highlight some areas where regulators are focusing

2 Overview Manual updates primarily incorporate regulatory guidance and changes since the 2010 update No significant new regulatory requirements Most changes are to Overview section and not the Examination Procedures There are some areas of regulatory focus that are not included or expanded upon. The manual is a helpful guide but not all-inclusive

3 Updated Sections Suspicious Activity Reporting
Currency Transaction Reporting Currency Transaction Reporting Exemptions Foreign Correspondent Account Recordkeeping and Due Diligence Foreign Bank and Financial Accounts Reporting International Transportation of Currency or Monetary Instruments Reporting Correspondent Accounts (Foreign) Bulk Shipments of Currency Automated Clearing House Transactions Prepaid Access Third-Party Payment Processors Embassy, Foreign Consulate and Foreign Mission Accounts Non-Bank Financial Institutions

4 Suspicious Activity Reporting
SAR E-Filing Requirements – Also in Appendix T Deadline for SAR Filing for Continuing Activity Clarifies prohibition on SAR disclosure Sharing SARs with Affiliates All changes are in Overview; no changes to Examination Procedures New SAR Form – Should fill in all fields where information is available, not just mandatory fields Reminder to check appropriate boxes and use key terms for suspicious activity – refer to guidance. (elder financial exploitation, commercial real estate fraud etc. ) 90 day review period, file within 120 days SAR Confidentiality: May disclose existence of SAR in order to fulfill duties under BSA as long as subjects of SAR are not notified. Underlying facts, transactions & supporting documents may be shared for joint SAR filing Disclose only if subpoena from FinCEN, Banking Regulator or appropriate law enforcement SAR Sharing: May share with Head Office and parents, whether foreign or domestic. Only share with affiliates if subject to SAR regulation Affiliate defined: Common control: Party has 25% or more control of shares or controls election of majority of directors Cannot be shared with foreign branches

5 Suspicious Activity Reporting
No updates for the following: Expectations related to the 2011 OCC Model Risk Management Guidance Language regarding SAR Decision Making process Make sure appropriate policies/procedures are updated for all of these areas

6 Currency Transaction Reporting
New E-Filing Requirements – Also in Appendix T Contact FinCEN Instead of IRS for Backfiling Determination Armored Car Guidance FIN-2013-R001 Guidance for Aggregating Activity for Businesses with Common Ownership Separately incorporated businesses can be aggregated separately Exception if businesses are do not operate independently and/or intermingling of funds Banks should have a process to identify these relationships E-Filing: should complete mandatory and non-mandatory fields where info is available - New filing deadline Businesses should operate independently of each other and the owner’s accounts Operate with same employees and same address One business pays expenses of other business accounts pay personal expenses of owner

7 CTR Exemptions Updates to Phase II Exemption Ineligible Businesses:
Incorporates guidance clarifying definition of dealers of motor vehicles Marijuana businesses are ineligible

8 Foreign Correspondent Account Recordkeeping, Reporting and Due Diligence
Added Requirements Related to Comprehensive Iran Sanctions Accountability and Divestment Act (CISADA) Banks Must Provide Information on Foreign Correspondent Customer Upon Written Request from FinCEN within 45 days Must Report to FinCEN Regardless of Whether Foreign Correspondent Customer Responds Bank Must Request that Foreign Correspondent Provide Notification of Subsequent Accounts Opened for Designated Entities Should Have Process to Reevaluate Customer Profile and Risk Rating Slight change to the title; Overview and Examination Procedures updated Changes are focused on CISADA – Comprehensive Iran Sanctions Accountability and Divestment Act; Distinct from OFAC SDN list – information gathering only FinCEN Provides a Model form; Alternative forms must contain same required information Must report to FinCEN if no relationship with requested Foreign Correspondent.

9 Foreign Correspondent Account Recordkeeping, Reporting and Due Diligence
Required Information: Whether the foreign bank maintains a correspondent account for an Iranian-linked financial institution designated under the International Emergency Economic Powers Act (EEPA); Whether the foreign bank has processed one or more transfers of funds within the preceding 90 calendar days for or on behalf of, directly or indirectly, an Iranian-linked financial institution designated under IEEPA, other than through a correspondent account; and Whether the foreign bank has processed one or more transfers of funds within the preceding 90 calendar days for or on behalf of, directly or indirectly, Iran’s Islamic Revolutionary Guard Corps (IRGC) or any of its agents or affiliates designated under IEEPA.

10 Foreign Bank and Financial Account Reporting (FBAR)
Updated to Address Electronic Filing Requirements Banks are Required to File on Accounts they Own or Control Also Must File on Accounts Owned by Others Where Bank has Signature Authority - FinCEN Notice Deadline Extended to June 30, 2016 Does not Mention Exemption for Correspondent and Bank Use/Nostro Accounts (but are)

11 International Transportation of Currency or Monetary Instruments Reporting
Overview Updated to state that CMIR filing or exemptions from filing do not relieve banks of other BSA monitoring, reporting and recordkeeping requirements: CTRs SAR Monitoring and Reporting

12 OFAC Minor Change to Overview Section to Include Enhanced Iran Sanctions

13 Correspondent Banking (Foreign) – Expanded Section
Several Additions to Examination Procedures: Determine whether the foreign correspondent financial institution has in place acceptable AML compliance processes and controls. Ensure that appropriate due diligence standards are applied to those accounts determined to be higher risk. Follow up on account activity and transactions that do not fit the foreign financial institution customer’s strategic profile (i.e., transactions involving customers, industries or products that are not generally part of that foreign financial institution’s customer base or market). Comments emphasize that Banks must have understanding of the effectiveness of the AML regime of the foreign jurisdictions in which their foreign correspondent banking customers operate. Expectation that FCB customer AML controls are evaluated Enhanced monitoring expectations – Follow-up with FCB on activity, risk based due diligence Understandable in light of recent failures at HSBC, Standard Chartered, etc.

14 Bulk Shipments of Currency
Incorporates 2014 CMIR Guidance on Common Carriers FIN-2014-G002 and Guidance on Armored Cars FIN-2013-R001 Common Carrier Definition Includes Armored Car Contractual Arrangements with Armored Cars should include BSA/AML Considerations Details Roles of Key Parties: Common Carrier, Shipper, Consignee, Currency Originator, Currency Recipient Emphasizes Need to File CTRs on Direct and Indirect Cash Shipments Indirect Cash Shipments – Go to Fed or Armored Car Vault

15 Bulk Shipments of Currency
Additional Risk Factors and Red Flags: Adds Remote Deposit Capture as means to repatriate smuggled cash Banks should have a clear understanding of the appropriate volumes of currency shipments that are commensurate with the currency originator’s or shipper’s profile (size, location, strategic focus, customer base, geographic footprint) and the economic activity that generates the cash. Structuring of currency deposits into an account in one geographic area, with the funds subsequently withdrawn in a different geographic region with little time elapsing between deposit and withdrawal. Additional Risk Mitigant: Ensure that shipments involving the foreign correspondent relationships are covered by the bank’s due diligence program for correspondent accounts for foreign financial institutions. Latest revision to FFIEC manual placed particular emphasis on making this distinction

16 Automated Clearing House Transactions
Updated for NACHA requirements for IATs: Effective March 14, 2014, a Gateway must identify within an inbound IAT entry: The ultimate foreign beneficiary of the funds transfer when the proceeds from a debit inbound IAT entry are “for further credit to” an ultimate foreign beneficiary that is other than the Originator of the debit IAT entry, or The foreign party funding a credit inbound IAT entry when that party is not the Originator of the credit IAT entry. Expanded discussion of role of Third Party Service Providers, Third Party Senders and Sending Points

17 Automated Clearing House Transactions
A third-party service provider (TPSP) is an entity other than an Originator, ODFI, or RDFI that performs any functions on behalf of the Originator, the ODFI, or the RDFI with respect to the processing of ACH entries Effective. A third-party sender is a type of service provider that acts on behalf of an Originator (i.e., an intermediary between the Originator and the ODFI). A sending point is defined as an entity that transmits entries to an ACH Operator on behalf of an ODFI. Definitions on TPSP, TPS, Sending Points

18 Prepaid Access Formerly Known as Electronic Cash - Entirely New Overview Section Acknowledges New Technologies in Addition to Prepaid Cards More Detailed Discussion of Prepaid Access Participants: Program Manager, Network, Distributor, Provider, Payment Processor, Issuing Bank, Seller/Retailer Criteria for MSB Status for Program Managers and Providers Expectation that Contractual Agreements include BSA Considerations Reference to Network Branded Prepaid Card Association for Additional Guidance Program Manager. Runs the program’s day-to-day operations. This entity may or may not also be the entity that creates the program and designs the features and characteristics of the prepaid product. May be a provider of prepaid access (Money Services Business (MSB)) under FinCEN’s rule.219 • Network. Any of the payment networks that clear, settle, and process transactions. • Distributor. An organization that markets and distributes prepaid products. • Provider of Prepaid Access. A participant within a prepaid program that agrees to serve as the principal conduit for access to information from its fellow program participants. The provider must register with FinCEN as an MSB and identify each prepaid program for which it is the provider of prepaid access. As an MSB, providers of prepaid access are subject to certain BSA/AML responsibilities. A bank that serves as a provider of prepaid access has no requirement to register with FinCEN. • Payment Processor. The entity that tracks and manages transactions and may be responsible for account set-up and activation; adding value to products; and fraud control and reporting. • Issuing Bank. A bank that offers network branded prepaid products to consumers and may serve as the holder of funds that have been prepaid and are awaiting instructions to be disbursed. • Seller or Retailer. A convenience store, drugstore, supermarket, or location where a consumer can buy a prepaid product.

19 Prepaid Access Additional Risk Factors – Particular Emphasis on Transparency and 3rd Party Relationships: Verification of cardholder identity may be done entirely remotely, relying on third-party program managers, processors or distributors. Data in underlying pooled accounts may be held or managed by third parties, separate from the issuing bank. Marketing of payment products, customer service, and onboarding of new customers (both consumer and business customers) may be handled primarily by third parties separate from the issuing bank. Source of payroll funding may come through an intermediary bank and may not be transparent.

20 Prepaid Access Risk Mitigation Focuses on Four Areas:
Conducting appropriate due diligence on any third-party service provider. Conducting a risk assessment of the prepaid access product itself including product features and how it is distributed and loaded. Monitoring transactions conducted or attempted by, at or through the bank for unusual or suspicious activity. Product features and limits on usage. Print out copy of this guidance

21 Prepaid Access New Examination Procedures:
Review the due diligence undertaken by the bank regarding third-party service providers such as program managers, processors, marketers, merchants and distributors. Determine whether the bank’s prepaid access program is governed by an agreement or a contract describing each party’s responsibilities and other relationship details, such as the products and services provided. At a minimum, the contract should consider each party’s: BSA/AML and OFAC compliance requirements; customer base; due diligence procedures; and network obligations. Review the prepaid access product configuration(s), including features, how it is distributed, source of funds, and what BSA/AML risk mitigants apply. Print out copy of this guidance

22 Third Party Payment Processors
Overview updated to include FDIC, OCC and FinCEN Guidance on Payment Processors since 2010 FDIC Clarifying Supervisory Approach to Institutions Establishing Account Relationships with Third-Party Payment Processors, FDIC FIL , July 28, 2014; Payment Processor Relationships Revised Guidance, FDIC FIL , January 31, 2012 Risk Management Guidance: Third Party Relationships, OCC Bulletin , October 30, 2013 Risk Associated with Third-Party Payment Processors, FinCEN Advisory FIN-2012-A010, October 22, 2012 Regulators have been paying particular attention to the level of detail in Risk Assessments; Must have statistical data Must indentify countries of wire beneficiaries and originators BSA Expertise coming into question when entering new market or offering new products. Auditors – sufficient BSA expertise Proper work paper documentation Documentation of sample methodology Taking risk based approach to the audit

23 Third Party Payment Processors
New Risk Mitigants: Reviewing appropriate databases to ensure that the processor and its principal owners and operators have not been subject to law enforcement actions. Conduct periodic audits of payment processor customers, review merchant client lists and confirm contractual obligations to verify legitimacy of clients Contractual agreements should provide for timely response to inquiries NACHA and NMLS are recommended sources for initial due diligence on processor Regulators have been paying particular attention to the level of detail in Risk Assessments; Must have statistical data Must indentify countries of wire beneficiaries and originators BSA Expertise coming into question when entering new market or offering new products. Auditors – sufficient BSA expertise Proper work paper documentation Documentation of sample methodology Taking risk based approach to the audit

24 Third Party Payment Processors
Transaction Monitoring Should not be limited to review of unauthorized returns – should include other reasons such as insufficient funds Monitoring should include attempts to evade NACHA limitations on returned entries – resubmitting returned transaction with slight changes to amount or other information Be sure to include the term “Payment Processor” in SAR narratives and Subject Occupation fields Regulators have been paying particular attention to the level of detail in Risk Assessments; Must have statistical data Must indentify countries of wire beneficiaries and originators BSA Expertise coming into question when entering new market or offering new products. Auditors – sufficient BSA expertise Proper work paper documentation Documentation of sample methodology Taking risk based approach to the audit

25 Embassy, Foreign Consulate, and Foreign Mission Accounts
Added Discussion of Foreign Missions Updated to include Interagency Guidance on Accepting Accounts from Foreign Embassies, Consulates and Missions (March 24, 2011) Risk may be mitigated through contractual agreements on use of account and/or limited purpose accounts such as payroll Monitoring should ensure that actual activity is consistent with limitations on account

26 Non-Bank Financial Institutions
Updated Categories of NBFIs: Non-bank loan or finance companies per FinCEN Guidance FIN-2012-R005 Operators of Credit Card Systems MSB Definitions Updated to Include Prepaid Access Definitions and Exclusions; Foreign Located Persons Engaging in MSB Activity within US New Section Under MSBs for Administrators & Exchangers of Virtual Currency – Defined as Money Transmitters No Changes to Regulatory Expectations: Banks are not De Facto Regulators of MSBs Banks are not held responsible for MSBs BSA Program Banks are not expected to perform routine ongoing due diligence for “Low Risk” MSBs The exclusions include arrangements that: • Provide closed loop prepaid access to funds (e.g., such as store gift cards) in amounts not to exceed $2,000 maximum value per device on any day. • Provide prepaid access solely to funds provided by a government agency. • Provide prepaid access to funds for pre-tax flexible spending for health and dependent care, or from Health Reimbursement Arrangements for health care expenses. There are two types of prepaid access arrangements that have a qualified exclusion: • Open loop prepaid access that does not exceed $1,000 maximum value on any day. • Prepaid access to employment benefits, incentives, wages or salaries (payroll). These arrangements are not prepaid programs subject to BSA regulatory requirements unless they can: • Be used internationally. • Allow transfers of value from person to person within the arrangement, or • Be reloaded from a non-depository source.

27 What Wasn’t Updated? Risk Assessment Culture of Compliance Guidance
Customer Risk Rating Methodology OCC Model Risk Management Guidance Marijuana Businesses Many Operation Choke Point Target Industries

28 Questions? Contact Information: Rory Flynn, CCBCO, CBAP, AAP


Download ppt "Agenda Overview Updates to the Manual Sections Not Updated"

Similar presentations


Ads by Google