Join Today

cuSchool.com

Annual Membership Per CU

$199.95

Visit http://www.cuSchool.com

Bank Secrecy Act Training DESIGNED FOR CREDIT UNIONS Today’s Facilitator Tom O’Neil, cu@cuSchool.com Anti-Money Laundering Program Part 748 of Rules & Regs (& USA Patriot Act) Bank Secrecy (BSA) USA Patriot (Patriot Act) Office of Foreign Assets Control (OFAC)   BSA BSA Background Enacted by Congress in 1970 Amended October 2001 by USA Patriot Act requiring CUs - To have a MIP (Member Identification Program) - To assist in identifying suspected criminals & terrorists NCUA Regs – Part 748 Provide system of control to assure compliance Independent testing for compliance Designate person responsible for monitoring Provide training to Board & staff NCUA Regs – Part 748 Recommended Action: - BSA Audit (annually or every 18 months) - BSA Assessment (annually) Operations Impacted New Accounts Teller Operations Deposits Wire Transfers Lending Accounting Data Processing Safety Deposit Trusts On-line Banking International Banking Discount Brokering Correspondent Banking Other, other, other Reporting & Recordkeeping • CTR (FinCEN Form 104) - File for deposits, withdrawals, transfers or other transactions involving cash in 1 business day totaling more than $10K (you don’t add W/Ds and deposits) - File CTR • Exempt Persons (FinCEN Form 110) - CUs can file exemptions CU Cash Orders are NOT Exempt In 2006 FinCEN ruled that CUs are not exempt when transferring operating cash to/from cash supplier (i.e. Corporate CU) CUs can complete FinCEN 104 for each applicable transaction or 1 FinCEN 110. Administrative Ruling CUs can contact IRS Detroit Reporting Center at 800-800-2877 for back filing rulings Refer to Corp CU CTR Obligations (FIN-2006-R004 August10,2006) for CU exemption ruling Monetary Instruments Purchased with Cash When a TC or MO is purchased with cash between $3K-10K (includes daily aggregate) the CU should record: - Purchaser’s Name - Date of Purchase - Type, serial #, Amount - Retain for 5 years - Information must be accessible Foreign Transactions File FinCEN Form 105 File IRS Form TD F 90-22.1 Funds Transfers Records When a CU originates a funds transfer exceeding $3K the following must be retained: - Name & address - Amount - Date - Payment Instructions - Receiving Institution • Also as many of the following that are received: - Beneficiary name & address - Beneficiary account # - Other Beneficiary Identifiers   SAR Suspicious Activity Report NCUA Form 2362 (SAR) Must be filed (without member knowledge) when: - Suspect an insider is involved in crime (any amt) - Suspect a crime involving $5K or more. - Suspect a crime occurred involving more than $25K New Standard for SAR Filings Effective May 22, 2009 Defines Suspicious Activity: "Observed behavior reasonably indicative of pre-operational planning related to terrorism or any other criminal activity." New Standard for SAR Suspicious activity that can be observed in 2 categories: 1> defined criminal activity with a potential link to terrorism, or 2> other criminal activity that requires additional support, documentation and observation. SARs & Wires CU is responsible for monitoring wires for SAR Examples of SAR: - Large amount from same source for no reason - Deposits of numerous sequentially numbered checks - Large cash deposits followed by wire-outs - Large deposits to a dormant account followed by similar sized wire-out - Deposits of numerous sequentially numbered TCs or MOs - Numerous TC deposits from other institutions - Checks for loan payments drawn on foreign institutions SAR Red Flags Insufficient information about transaction Efforts to avoid reporting Activity inconsistent with member business Changes in CU or CU practices SAR & Loans SAR also applies to lending activity 2009 saw large increase in loan fraud - faulty appraisals - unsupported income sources Some Red Flags: - Members who receive a loan and never one payment. - Members who recently had difficulty making payments and suddenly make 1 large payment. Aggregate Report Monitoring In addition to employee awareness, the CU should monitor currency transaction reporting, "structured" transactions, and suspicious activity transactions by reviewing an aggregate (over $3,000) report. If transactions are suspicious in nature, the CU should conduct further investigation to determine if SAR is warranted. The investigative work should be documented with dates and initials of reviewers. If suspicious pattern continues, a SAR filing is required every 90 days Completing a SAR Provide complete description SAR Forms available on-line FinCEN.gov/reg_bsaforms.htm File with IRS File within 30 calendar days (of detection) Retain SAR docs for 5 years Do not notify subject Report all SARs to Board Types of SARs Reported Top 5 categories of SAR filings (2003-08) Penalties Incomplete filing: $500 each Not filed on time: $10,000 (15 calendar days) Pattern of negligence: up to $50K Intentional Violation: $25K to 10 years in prison Common Violations Failure to file CTR Inadequate system for aggregating large cash transactions Failure to search records for 314(a) purposes Failure to obtain minimum MIP information Failure to file timely SAR Insufficient identification of high risk members   USA Patriot USA Patriot Act United & Strengthening America by Providing Appropriate Tools Required to Intercept & Obstruct Terrorism Act of 2001 Enacted by Congress to target money laundering by terrorist Requirements: Anti-money laundering program, MIP (matching) & cooperation with the feds. Regs Impacting to CUs Section 326: Requires CUs to collect identity information Section 314(a): Requires matching names from agency lists to credit union member lists Section 314(b) Permits CUs to share information with each other Member ID Program (MIP/CIP) Written Board Approved Part of BSA Policy & Procedures Your MIP Should: Verify member identification Be recorded Include government listing comparison Provide match notice Display member notice MIP for New Accounts: Individuals - Name - Address (no P.O.s) - DOB - Official ID (For minors = SS#) • Businesses - Name - Location - Tax ID MIP: Verification of ID CUs must verify IDs using documentary or non-documentary methods. Documentary methods include:   For Individuals For Businesses Driver’s License Articles of Incorporation Passport Trust Instrument State ID Card Gov’t. issued business license MIP: Verification of ID Non-Documentary methods include: - Calling member - Credit Reports - Financial Statement • Non-Documentary methods are used when: - For elderly - CU is unfamiliar with docs presented - Account not opened in person MIP: Recordkeeping Maintain records for 5 years Records to include: - Identifying info provided by member - Description of verifying records used - How any discrepancies were resolved MIP: Matching Lists CUs must compare their member lists with: CUs are required to compare members’ names and addresses to known or suspected terrorists or terrorist organization lists circulated by the federal government. OFAC - FinCEN (section 314a) MIP: Matching Lists CUs should screen member records for data matches. This "screening" is generally conducted within 2 weeks from the transmission date of the request. Generally the requests are sent every 2 weeks. CUs should ensure all information is safeguarded and treated confidentially. Guidance from FinCEN Increased emphasis on member due diligence Safeguarding of documents Who are "controlling" individuals? Screening of all names associated with account - joint owners - co-signers - beneficiaries MIP: Member Notice CUs must post notice of its duty to comply with identification and verification laws. - In lobby - On website OFAC Office of Foreign Assets Control Enacted to impose sanctions against selected countries. OFAC requires CUs to: - Match members to OFAC list - Have procedures for blocked transactions - Report "hits" within 10 days - Conduct staff training   Office of Foreign Assets Control OFAC is designed to target Specially Designated Nationals, blocked persons or blocked countries conducting business in the U.S. Most of the transactions CUs conduct are covered by OFAC: New Accounts EFTs Wire Transfers ACHs Loans Check Cashing Investments TC/MOs Office of Foreign Assets Control   Program will cover: - Relationships - Transactions (TCs , MOs , Wires , Cashing On-Us Checks for non-members, VISA Advances, etc) OFAC Sanctioned Countries Balkans Belarus Burma Cote d’Ivoire (Ivory Coast) Cuba Democratic Republic of the Congo Iran Iraq Former Liberian Regime of Charles Taylor North Korth Somalia (NEW) Sudan Syria Zimbabwe CU’s Responsibility To check the OFAC List before completing transactions If match occurs go to OFAC website and follow instructions. Law prohibits doing business with a target Member Due Diligence Assessing Member Risk OFAC Instructions for HITs When should I call OFAC’s compliance "hotline"? Please take the following "due diligence" steps in determining a valid OFAC match. If you are calling about a wire transfer or other "live" transaction: 1. Is the "hit" or "match" against OFAC’s SDN list or targeted countries, or is it "hitting" for some other reason (i.e., "Control List" or "PEP," "CIA," "Non-Cooperative Countries and Territories," "Canadian Consolidated List (OSFI)," "World Bank Debarred Parties," "Blocked Officials File," or "government official of a designated country"), or can you not tell what the "hit" is?   If it’s hitting against OFAC’s SDN list or targeted countries, continue to 2 below. If it’s hitting for some other reason, you should contact the "keeper" of whichever other list the match is hitting against. For questions about: The Denied Persons List and the Entities List, please contact the Bureau of Industry and Security at the U.S. Department of Commerce at 202-482-4811. The FBI’s Most Wanted List or any other FBI-issued watch list, please contact the Federal Bureau of Investigation (http://www.fbi.gov/contact/fo/fo.htm). The Debarred Parties list, please contact the Office of Defense Trade Controls at the U.S. Department of State, 202-663-2700. The Bank Secrecy Act and the USA PATRIOT Act, please contact the Financial Crimes Enforcement Network (FinCEN), 1-800-949-2732. If you are unsure whom to contact, please contact your interdict software provider which told you there was a "hit." If you can’t tell what the "hit" is, you should contact your interdict software provider which told you there was a "hit." 2. Now that you’ve established that the hit is against OFAC’s SDN list or targeted countries, you must evaluate the quality of the hit. Compare the name in your transactions with the name on the SDN list. Is the name in your transaction an individual while the name on the SDN list is a vessel, organization or company (or vice-versa)? If yes, you do not have a valid match.* If no, please continue to 3 below. 3. How much of the SDN’s name is matching against the name in your transaction? Is just one of two or more names matching (i.e., just the last name)? If yes, you do not have a valid match.* If no, please continue to 4 below. 4. Compare the complete SDN entry with all of the information you have on the matching name in your transaction. An SDN entry often will have, for example, a full name, address, nationality, passport, tax ID or cedula number, place of birth, date of birth, former names and aliases. Are you missing a lot of this information for the name in your transaction? If yes, go back and get more information and then compare your complete information against the SDN entry. If no, please continue to 5 below. 5. Are there a number of similarities or exact matches? If yes, please call the hotline at 1-800-540-6322 or use OFAC's e-hotline. If no, you do not have a valid match.* If you are calling about an account: 1. Is the "hit" or "match" against OFAC’s SDN list or targeted countries, or is it "hitting" for some other reason (i.e., "Control List" or "PEP," "CIA," "Non-Cooperative Countries and Territories," "Canadian Consolidated List (OSFI)," "World Bank Debarred Parties," or "government official of a designated country"), or can you not tell what the "hit" is? If it’s hitting against OFAC’s SDN list or targeted countries, continue to 2 below. If it’s hitting for some other reason, you should contact the "keeper" of whichever other list the match is hitting gainst. For questions about: The Denied Persons List and the Entities List, please contact the Bureau of Industry and Security at the U.S. Department of Commerce at 202-482-4811. The FBI’s Most Wanted List or any other FBI-issued watch list, please contact the Federal Bureau of Investigation (http://www.fbi.gov/contact/fo/fo.htm). The Debarred Parties list, please contact the Office of Defense Trade Controls at the U.S. Department of State, 202-663-2700. The Bank Secrecy Act and the USA PATRIOT Act, please contact the Financial Crimes Enforcement Network (FinCEN), 1-800-949-2732. If you are unsure whom to contact, you should contact your interdict software provider which told you there was a "hit." If you can’t tell what the "hit" is, you should contact your interdict software provider which told you there was a "hit." 2. Now that you’ve established that the hit is against OFAC’s SDN list or targeted countries, you must evaluate the quality of the hit. Compare the name of your accountholder with the name on the SDN list. Is the name of your accountholder an individual while the name on the SDN list is a vessel, organization or company (or vice-versa)? If yes, you do not have a valid match.* If no, please continue to 3 below. 3. How much of the SDN’s name is matching against the name of your accountholder? Is just one of two or more names matching (i.e., just the last name)? If yes, you do not have a valid match.* If no, please continue to 4 below. 4. Compare the complete SDN entry with all of the information you have on the matching name of your accountholder. An SDN entry often will have, for example, a full name, address, nationality, passport, tax ID or cedula number, place of birth, date of birth, former names and aliases. Are you missing a lot of this information for the name of your accountholder? If yes, go back and get more information and then compare your complete information against the SDN entry. If no, please continue to 5 below. 5. Are there a number of similarities or exact matches? If yes, please call the hotline at 1-800-540-6322. If no, you do not have a valid match.*   * If you have reason to know or believe that processing this transfer or operating this account would violate any of the Regulations, you must call the hotline and explain this knowledge or belief. BSA Issues Ahead Standardized Testing for Employees and Volunteers Mandate electronic filing of blocked and rejected transaction reports Conclusion Beware of BSA, USA Patriot, OFAC Have Proper Training Practice should match policy Evaluate Risk – While not required, CUs may want to evaluate FOM, products, environment, and employee turnover to determine potential risk.