BANK SECRECY ACT. Kevin T. Kane, President Financial Regulatory Consulting, Inc. April 19, frcconsult.com 1

Transcription

1 BANK SECRECY ACT Kevin T. Kane, President Financial Regulatory Consulting, Inc. April 19, 2017 frcconsult.com 1

2 Five Pillars of BSA and the Board of Directors 1. Internal Policies, Procedures and Controls 2. Experienced and Well Trained BSA Officer 3. Adequate Independent Test 4. Training 5. Customer Due Diligence/Beneficial Ownership Rule (2018) frcconsult.com 2

3 Internal Policies, Procedures, and Controls The Board approves the Bank s BSA/Anti-Money Laundering Policies and Procedures on an annual basis. The Bank s system of internal controls should be delineated in the Bank s BSA Policies. The most important feature that board members should concentrate on when approving a Bank s BSA policy is the Bank s Customer Identification Program (CIP). CIP is the foundation of a Bank s BSA Program. If you think about it everything begins with CIP. The law is very generic (Name, Address, SS# and Date of Birth for Individuals and Name, Address and TIN for Businesses). frcconsult.com 3

4 Customer Identification Program (CIP) Individuals Name Address Date of Birth Social Security Number Verification of Identity Businesses Name Address TIN Verify Complying with CIP does not give a bank a lot of information - the next required step is the establishment of the Customer Due Diligence Program. frcconsult.com 4

5 Customer Due Diligence (CDD) Additional information on customer such as: Employment Income Job Position Use of account cash/checks, wires etc. The more specific a bank gets in terms of its CDD program and the types of information gathered the more consistent and useful the Bank s customer risk assessment program will be. frcconsult.com 5

6 Customer Risk Assessment Once CDD is complete and comprehensive then a Bank should be in a position to risk rate its customers based on the CIP and CDD gathered. The more comprehensive the CDD the more precise the Customer Risk Assessment. A Bank s Customer Risk Assessment determines the number of low, moderate, and high risk customers usually based on a numeric factor that is applied to each answer in the CDD. The number of high risk customers impacts the size of the Bank s BSA Department. Under BSA banks are required to develop Enhanced Due Diligence procedures for all high risk customers. In addition the results of customer risk assessments determines the number of low and moderate risk and review cycles for those customers. frcconsult.com 6

7 Enhanced Due Diligence (EDD) On the positive side the more robust a Bank s EDD program is including site visits etc., the stronger the Bank s customer profile. On the negative side is the time allocation required in terms of staffing for comprehensive EDD programs. EDD programs also involve more frequent monitoring. frcconsult.com 7

8 Monitoring Monitoring is the cornerstone of all BSA programs. There are basically two types of monitoring in BSA. One is transactional monitoring, i.e. structuring. The second is monitoring based on knowledge of the customer to determine consistency. The second is where the CIP, CDD, and EDD is essential. Effective monitoring leads to effective Suspicious Activity Reporting. frcconsult.com 8

9 Suspicious Activity Reporting As you can see from previous slides there is a direct link between the CIP, CDD, EDD, Monitoring and SAR reporting. The more SARS filed impacts the needed size and experience of a Bank s BSA Department. frcconsult.com 9

10 BSA Officer and Staff The Board approves the BSA Officer. The audit committee to the Board should interview the BSA Officer prior to hiring and ask about staffing needs. As a board you need to know whether staffing is sufficient. If somebody leaves - who is the back up? Does the Bank cross train or have some time of contingency plan? In many instances this is not the case and it leads to conspicuous gaps. The Board should pay particular attention to the Bank Wide Risk Assessment. This is a document that is given to the Board on an annual basis. Based on the risk designation the Board should staff accordingly. High risk - more robust department needed. frcconsult.com 10

11 Independent Test The Board has to approve the Independent Test. The Board has to be an active participant in looking at the scope and breath of the Independent Test. Two examples in NJ. One where Independent Test was deemed inadequate and another where Independent Test said bank was fine and bank failed on all four pillars. Ask questions! frcconsult.com 11

12 Training In order for a Bank to be able to develop adequate CIP/CDD/EDD/Monitoring capabilities it must have a robust training program. An evaluation of the Bank s training program should be delineated in the Bank s Independent Test. The Board of Directors must be trained on an annual basis. frcconsult.com 12

13 Customer Due Diligence/Beneficial Ownership Rule Overview On May 11, 2016 FinCEN issued a new customer due diligence rule requiring that covered financial institutions collect and verify information on beneficial owners of accounts opened in the name of a legal entity (CD Rule). Financial institutions have until May 18, 2018 to implement the rule and ensure compliance. Requirement Covered financial institutions will be required to identify and verify the identity of the beneficial owners of all legal entity customers at account opening. Thus, if a new account is opened in the name of a corporation, LLC, general partnership, etc., the covered financial institution must identify any beneficial owner who directly owns 25 percent or more of the equity interests of the entity or is a single individual who exercises control. frcconsult.com 13

14 Customer Due Diligence/Beneficial Ownership Rule (cont.) Methodology 1. Establish Written Procedures designed to identify and verify beneficial owners of each customer at the time of opening the account. These written procedures should be based on existing CIP, CDD, and EDD processes. 2. Implement Risk Based Procedures to Conduct on-going Monitoring The new risk-based procedures should cover, at a minimum, the following: Monitoring, testing, audit functions and reporting of beneficial ownership information Identification of person responsible for day-to-day compliance with CDD rule Implementation of training where necessary on identifying beneficial ownership information Establish appropriate Managerial and Board oversight Utilization of available resources to manage the process 3. Collect and Maintain Information About Beneficial Ownership Institutions must develop mechanisms to collect, maintain, and update information on beneficial ownership frcconsult.com 14

15 Questions? frcconsult.com 15